Organization

[Nadil-K]

Migration Checklist

• Find all the tables that have hyvor_user_id and add a new nullable int organization_id column to it
• env changes
  • Add DEPLOYMENT env variable.
  • Remove AUTH_METHOD
  • Change HYVOR_PRIVATE_INSTANCE to http://hyvor.internal
• CloudContext must be used. Org switch must be handled
• Resource creation must be updated to use ResourceCreator HDS component
• AuthInterface now have me() instead of check(). It returns user and organization both in an object.
• Init calls in the Console must be updated to get the correct data needed for CloudContext
• Resources comms
  • ResourceCreated event when created
• adding members
  • change all "owners" to "admins", who have full access to the resource #462
  • update UI to use OrganizationMembersSearch
  • update API endpoint
    • to verify that the given user is part of the organization
    • to directly add the user to the resource
    • remove user inviting logic
• Create the migration command (see below)
• Send emails to first admin
• Billing section
  • Org role-based access
    • Disable button
    • Redirect on URL access
  • Usage updates
• Comms Events
  • MemberRemoved (remove the user from all resources of the organization)
  • UserDeleted (remove the user from all the resources)
  • LicenseChanged (optional, clear cache or something)
• Console Authorization Updates
  • Must check that the current resource's organization = user's current organization
  • Also check that the user's current organization as seen by the frontend, is the same in the backend. In case of a mismatch, fully redirect the user (location.href) to /console
• Design lib has to be updated 2.0.3
• Manual testing (test with a newly signed up user, not the seeded one):
  • creating a new resource when there is no active organization
  • creating a new organization from the bar
  • switching between organizations while in the console
    • at /new
    • at /console
    • at /console/{resource}
  • cannot access resources of other organizations (redirects to /console)

[supun-io]

• Rename UserLevelEndpoint to OrganizationLevelEndpoint
• send X-Organization-Id from the frontend for those routes and the ConsoleAuthorization listener should verify the user's current organization = the organization sent from the frontend

[supun-io]

design 2.0.5 exports this. Use it

[supun-io]

upgrade to 2.0.5

[supun-io]

remove if and its content

[supun-io]

also set the organization attribute from here (no need to set it in two different places below). null is okay

[supun-io]

set this above

[supun-io]

add a new test with no current organization for the user

[supun-io]

can get ResolvedLicense from design system types

[supun-io]

test should also make sure the organization_id was updated to the correct value (need the return of that rand())

[supun-io]

DISTINCT user_id
or, filter user_ids below to be unique

[supun-io]

just a trick:

$userIds = array_map('intval', $userIds);