Skip to content

[Backend] Implement team member role management — ADMIN role support #420

Open
Open
[Backend] Implement team member role management — ADMIN role support#420
@Pcmhacker-piro

Description

@Pcmhacker-piro
Pcmhacker-piro
opened on May 30, 2026

Summary

Enables tiered permissions within teams by activating the unused ADMIN role so team owners can delegate member management.

Contexts

The Prisma schema defines TeamRole enum with OWNER, ADMIN, MEMBER but ADMIN is never assigned or checked anywhere. Only the owner can invite/remove members, which doesn't scale. ADMINs should manage members while the owner retains exclusive control over deletion and ownership transfer.

Tasks

  • Add PATCH /api/teams/:slug/members/:userId/role endpoint (owner-only) to promote/demote between ADMIN and MEMBER
  • Update POST /api/teams/:slug/members (invite) to allow ADMINs to invite
  • Update DELETE /api/teams/:slug/members/:userId to allow ADMINs to remove members
  • Keep DELETE /api/teams/:slug owner-only
  • Add role validation schema in team.validation.ts
  • Update tests in team.test.ts

Acceptance Criteria

  • Owner can promote a member to ADMIN
  • Owner can demote an ADMIN to MEMBER
  • ADMIN can invite new members
  • ADMIN can remove MEMBER role users (but not other ADMINs or OWNER)
  • Only OWNER can delete the team
  • Tests cover all role transitions and permission checks

Area

backend

Difficulty

Medium

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions