feat: add team member role for team-level permission control#1021
Merged
feat: add team member role for team-level permission control#1021
Conversation
…ontrol
- Add `role` field to TeamMember entity/model (owner or member, default member)
- Team creator is auto-added as team owner
- Team write operations (add/remove members, manage packages, delete team) now require team owner, org owner, or admin
- Add private API `GET /-/team/:org/:team/member` returning [{user, role}]
- Keep npm compatible `GET /-/team/:org/:team/user` returning string array unchanged
- `PUT /-/team/:org/:team/user` accepts optional `role` field (private extension)
- `GET /-/user/:username/team?org=` now returns role info
- Update docs to distinguish npm compatible vs private endpoints
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Member
|
@codex review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces a 'role' field to team members, enabling an 'owner' role for teams. It includes updates to the database schema, core services, and controllers to support this new role, including auto-assigning the creator as a team owner and allowing team owners to manage their teams. The reviewer suggests validating the role values in the service layer and centralizing the role definition to ensure consistency across the application.
… member role Private API for promoting/demoting team members (owner <-> member). Required since npm CLI cannot pass role when adding members. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…amMember - Remove GET /-/user/:username/team (duplicate of GET /-/org/:orgName/member/:username/team) - Remove role field from PUT /-/team/:org/:team/user (role changes only via PATCH) - Update docs and tests accordingly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cover all endpoints with 401/403/404/422 cases, permission path combinations (admin, org owner, team owner, member), allowScopes org operations, and idempotency checks. 75 tests total. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- org-team.md: Chinese version (consistent with other docs) - org-team.en.md: English version Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.77.0 SQL files are already released, must not be modified. The role column is added only via the 3.81.0 incremental migration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 3.x #1021 +/- ##
==========================================
+ Coverage 96.06% 96.22% +0.15%
==========================================
Files 208 208
Lines 20902 21018 +116
Branches 2793 2852 +59
==========================================
+ Hits 20079 20224 +145
+ Misses 823 794 -29 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Cover the 404 path when a non-allowScopes org is not found in write operations (line 74 of TeamController.ts). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fengmk2
approved these changes
Apr 2, 2026
github-merge-queue
Bot
removed this pull request from the merge queue due to no response for status checks
fengmk2
pushed a commit
that referenced
this pull request
Apr 2, 2026
|
🎉 This PR is included in version 3.81.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
elrrrrrrr
added a commit
that referenced
this pull request
Apr 2, 2026
…ontrol Cherry-pick from PR #1021 (feat/user-team-api branch). - Add `role` field to TeamMember entity/model (owner or member, default member) - Team creator is auto-added as team owner - Team write operations now require team owner, org owner, or admin - Add private API `GET /-/team/:org/:team/member` returning [{user, role}] - Add private API `PATCH /-/team/:org/:team/member/:username` for role updates - Keep npm compatible endpoints unchanged - Update docs (Chinese + English) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
elrrrrrrr
added a commit
that referenced
this pull request
Apr 8, 2026
## Summary Cherry-pick from #1021 (`feat/user-team-api` branch). - Add `role` field (`owner` / `member`) to `TeamMember`, enabling team-level permission control - Team creator is auto-added as team owner; team write operations now require **team owner**, org owner, or admin - Add private API `GET /-/team/:org/:team/member` returning `[{user, role}]` - Add private API `PATCH /-/team/:org/:team/member/:username` for updating member role - Keep npm compatible endpoints unchanged - Update docs (Chinese + English) - SQL migration: `4.32.0.sql` adds `role` column to `team_members` ## Test plan - [x] Run `npm run test:local test/port/controller/TeamController/index.test.ts` - [x] Run full test suite - [x] Verify npm CLI commands still work unchanged 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Team members can now have assignable roles (owner or member) controlling team permissions * New API endpoints to view team member roles and update member permissions * Team creators automatically receive team owner status upon team creation * **Documentation** * Added comprehensive guide to organization, team, and package permission models with API endpoint reference <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fengmk2
pushed a commit
that referenced
this pull request
Apr 8, 2026
[skip ci] ## 4.32.0 (2026-04-08) * feat: add team member role for team-level permission control (#1023) ([d2fd3c5](d2fd3c5)), closes [#1023](#1023) [#1021](#1021) * chore(deps): update dependency oxfmt to ^0.44.0 (#1025) ([2d5df34](2d5df34)), closes [#1025](#1025) * chore(deps): update dependency oxlint-tsgolint to ^0.20.0 (#1024) ([407d659](407d659)), closes [#1024](#1024)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
rolefield (owner/member) toTeamMember, enabling team-level permission controlGET /-/team/:org/:team/memberreturning[{user, role}]; npm compatibleGET .../userstill returns string arrayPUT /-/team/:org/:team/useraccepts optionalrolefield as private extension (npm CLI unaffected)Changes
TeamMember.tsentity + model — addrolefieldTeamService—addMembersupports role,createTeamauto-adds creator as ownerOrgService— set role oncreateOrgandaddMemberTeamController— newrequireTeamWriteAccesswith team owner check, new/memberendpointOrgController— adapt to updatedlistTeamsByUserIdAndOrgIdreturn typeTeamRepository—listTeamsByUserIdAndOrgIdreturns{team, role},addMembersupports update3.81.0.sqlmigration for MySQL + PostgreSQLdocs/org-team.md— protocol compatibility section, npm vs private API tableTest plan
egg-bin test test/port/controller/TeamController/index.test.ts)npm team ls/create/destroy,npm access grant/revoke) still work unchangedGET /-/team/:org/:team/memberreturns role info🤖 Generated with Claude Code