feat: root roles from groups

[sighphyre]

What

This allows the option setting a root role on a group (only Editor or Admin). Any user that enters that group will receive the permissions from that root role but will not have their base root role changed. This property is allowed to be undefined so that we have a little layer of backwards compatibility and the db migration shouldn't impact the code flow whether or not the feature is enabled.

Relevant Decisions

• Users entering a group with a root role take on that role without needing to be added to a project directly
• On the backbone of the above, groups with root roles cannot be added directly to a project, this is to prevent confusion
• The base role of users is unaffected by entering a group with a root role - they will still reflect as Viewer/Editor/Admin in the user information screen, but they will have the permissions from the group root role

Screens

Modifications to group add/edit screen

Displaying relevant properties on the group. Each group is tagged with a root role description if present. Groups with root roles will not display "not used".

Changes to add user/group to project - if a group has a root role it can't be added directly to a project

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
unleash-monorepo-frontend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 20, 2023 9:29am

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
unleash-docs	⬜️ Ignored (Inspect)	Visit Preview		Apr 20, 2023 9:29am

[nunogois]

Amazing job with this, left a few optional comments.

I'm a bit confused with the feature if I'm completely honest. If you're adding to the documentation I wouldn't mind having a look as well just to see if I get a better understanding of it.

It also makes me feel like we urgently need some kind of permission matrix or similar system to easily see all the permissions each user has access to. I imagine it can be very confusing for a user to have higher access but to see it on the users page as Viewer and not understanding exactly where that access is coming from.

[sighphyre]

Amazing job with this, left a few optional comments.

I'm a bit confused with the feature if I'm completely honest. If you're adding to the documentation I wouldn't mind having a look as well just to see if I get a better understanding of it.

It also makes me feel like we urgently need some kind of permission matrix or similar system to easily see all the permissions each user has access to. I imagine it can be very confusing for a user to have higher access but to see it on the users page as Viewer and not understanding exactly where that access is coming from.

Appreciate the feedback sir! Docs are en route, but haven't been done yet. Happy to chat before then though because I do agree, we have a ton of ways that a user can have a permissions modified and it's getting hella confusing at this point. I think we need these changes to serve some of our users with large sets of users that are painful to manage but this is definitely adding fuel to an already burning fire. It'd be nice if we head that off at the pass before we start getting bombarded with help requests because people don't understand why permissions are behaving the way they are

[chriswk]

Nice changes

[sighphyre]

Related to #3539