- Updated permission-related schemas and validation functions to replace legacy field names with more descriptive ones, such as changing `email` to `userEmail` and `role` to `assignableRole`.
- Enhanced the `validatePrivilegeChangeOperation` function to accept multiple actions, improving flexibility in permission checks.
- Streamlined error handling in project membership factories to provide clearer feedback on permission issues, ensuring consistent validation across member, identity, and group actions.
- Updated documentation to reflect the new permission field names and conditions, improving clarity for developers.
- Added `AssignRole` action to the permission system, replacing the legacy `GrantPrivileges` action for group management.
- Updated validation logic to prevent conflicts between legacy and new actions, ensuring clearer permission handling.
- Enhanced condition schemas and frontend components to utilize new grant privilege conditions for groups, improving role filtering and user feedback.
- Refined error handling and messaging for group-related permission actions to enhance clarity and user experience.
- Introduced `AssignRole` and `AssignAdditionalPrivileges` actions to improve role management for project members.
- Updated permission validation logic to prevent conflicts between legacy and new privilege actions.
- Enhanced documentation to reflect new actions and their conditions for better clarity in permission management.
- Use existing Approval Requests (Read) for listing secret approval requests
- Remove SecretApprovalRequest permission; mask diff view by default with eye toggle
- Hide Review button for non-approvers; skip permissions with no actions in form
Co-authored-by: Cursor <cursoragent@cursor.com>
- Backend: add connectionId to SecretSync/SecretRotation subject types and condition schemas
- Backend: pass connectionId in all secret-sync and secret-rotation-v2 permission checks
- Frontend: add Connection ID condition option for Secret Syncs and Secret Rotation in role permissions
- Docs: document connectionId condition for secret-syncs and secret-rotation in project-permissions.mdx
- Add unit tests for schema validation and CASL can() with connectionId condition
Co-authored-by: Cursor <cursoragent@cursor.com>
