OrgViewerContext

Overview

OrgViewerContext is a TypeScript interface that defines the effective permissions and role context for a user viewing a specific organization. It serves as the single source of truth for authorization within organization detail pages.

Interface Definition

export interface OrgViewerContext {
  isPlatformAdmin: boolean;
  orgRole: "owner" | "admin" | "member" | "staff" | null;
  canManageMembers: boolean;
  canManageSettings: boolean;
  canDelete: boolean;
}

Field Descriptions

  • isPlatformAdmin: (boolean) Indicates if the current user is a global platform administrator. If true, the user generally has unrestricted access to the organization, regardless of their orgRole.
  • orgRole: ('owner' | 'admin' | 'member' | 'staff' | null) The user’s explicit role within this specific organization. This will be null if the user is a Platform Admin who is not explicitly a member of the organization.
  • canManageMembers: (boolean) A derived flag indicating if the user has permission to add, remove, or modify roles of other members within this organization.
  • canManageSettings: (boolean) A derived flag indicating if the user has permission to modify core organization settings (like name, slug, or logo).
  • canDelete: (boolean) A derived flag indicating if the user has permission to permanently delete or suspend the organization.

Authorization Matrix

The capability flags (canManageMembers, canManageSettings, canDelete) are calculated by the OrgAccessRoute based on the following matrix:
User TypeisPlatformAdminorgRolecanManageMemberscanManageSettingscanDelete
Platform Admintruenull (or any)truetruetrue
Org Ownerfalse'owner'truetruefalse
Org Adminfalse'admin'truefalsefalse
Org Memberfalse'member'falsefalsefalse

Extension Guide

When introducing new features or tabs that require specific permissions, follow these steps to extend the OrgViewerContext:
  1. Add a Flag: Add a new boolean flag to the OrgViewerContext interface (e.g., canViewBilling).
  2. Update Calculation Logic: Modify the OrgAccessRoute to calculate the new flag based on isPlatformAdmin and the orgRole. 
    // In OrgAccessRoute.tsx
setContext({
  // ... existing flags
  canViewBilling: isPlatformAdmin || role === "owner" || role === "admin",
});
  3. Consume in Components: Use the new flag in UI components to conditionally render the feature. 
    <Show when={context().canViewBilling}>
  <BillingTab />
</Show>
By centralizing permission flags in this context, the UI remains decoupled from complex role-checking logic, ensuring consistency and maintainability.
  • apps/panel/src/routes/admin/OrgAccessRoute.tsx