Skip to content

[Improvement] Role assignment wizard shows unmanageable scopes in "Where It Applies" step #350

Description

@bra-i-am

Current

When a user opens the role assignment wizard and selects a course role, the "Where It Applies" step lists all courses regardless of whether the user has MANAGE_COURSE_TEAM permission on each one.

This means a user who has course_admin on Course A and course_staff on Course B can:

  • Select a course role in step 1 — because the MANAGE_COURSE_TEAM check is global (not scoped), having it on any course enables course roles in the wizard.
  • See Course B listed in step 2 alongside Course A.
  • Select Course B and reach the submission step.

The backend then rejects the request and the user sees a "You do not have permission to perform this assignment." error toast.

Expected

The "Where It Applies" step must only list scopes where the authenticated user actually has permission to manage the team for the selected role type.

  • If the user has MANAGE_COURSE_TEAM on Course A but not on Course B, only Course A must appear when a course role is selected in step 1.
  • If the user has MANAGE_LIBRARY_TEAM on Library A but not on Library B, only Library A must appear when a library role is selected in step 1.

Users must not be able to reach the submission step for a scope they cannot manage.

US

As a user assigning roles to others,
I want to see only the scopes where I have permission to manage the team,
So that I do not attempt to assign roles to scopes I cannot manage and encounter a confusing backend error.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions