Introduce an "owner" role, and prevent it from being administered

to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
This commit is contained in:
Mike Dalessio
2025-11-29 13:17:59 -05:00
parent 156a23f1f5
commit edf6b53469
20 changed files with 166 additions and 36 deletions
+2 -2
View File
@@ -68,7 +68,7 @@ Fizzy uses **URL path-based multi-tenancy**:
**Passwordless magic link authentication**:
- Global `Identity` (email-based) can have `Users` in multiple Accounts
- Users belong to an Account and have roles: admin, member, system
- Users belong to an Account and have roles: owner, admin, member, system
- Sessions managed via signed cookies
- Board-level access control via `Access` records
@@ -84,7 +84,7 @@ Fizzy uses **URL path-based multi-tenancy**:
**User** → Account membership
- Belongs to Account and Identity
- Has role (admin/member/system)
- Has role (owner/admin/member/system)
- Board access via explicit `Access` records
**Board** → Primary organizational unit