Skip to content

feat: properly implement staff/superuser listing and filtering in assignments API #347

Description

@mariajgrimaldi

Context

AssignmentsAPIView previously returned staff/superuser entries (SuperAdminAssignmentData) alongside regular role assignments, these entries bypassed all org/scope/role filters because they are not Casbin-backed so they were fetched in a separate call.

PR #345 removed them from the list endpoint as a short-term fix to unblock a release.

What needs to be done

Design and implement proper listing and filtering behavior for staff/superuser entries in the assignments list endpoint:

  • Define what it means to filter a SuperAdminAssignmentData by org, scope, and role (these entries have no Casbin policy behind them).
  • Ensure superadmin entries are either included or excluded consistently with whatever filter is active, without bypassing the filter logic.
  • Ensure users can only review scopes they have access to.
  • Add or restore test coverage for the filtering behavior.

Current state

  • SuperAdminAssignmentData and get_superadmin_assignments() still exist and are used by TeamMemberAssignmentsAPIView.
  • The list endpoint returns only RoleAssignmentData entries.
  • Serializer support for SuperAdminAssignmentData (role, org, scope, is_superadmin fields) is still in place.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions