fix(api,user-ui): protect organization administrator role by markwylde · Pull Request #155 · puzed/darkauth

markwylde · 2026-06-02T20:51:58Z

Summary

Enforce organization administrator invariants in the API when removing a member role.
Add a permission-based check so removing a role that grants darkauth.org:manage cannot leave an organization without any administrator.
Extend organization role/member payloads with grantsOrgManage metadata for UI enforcement.
Update the organization detail UI to prevent unsafe removals (role removal and member removal states), and wire role-add/remove state handling consistently.
Add API test coverage to validate the last administrator role cannot be removed.

markwylde added 2 commits June 2, 2026 21:51

fix(api): enforce organization administrator role guard

7f1d2b8

fix(user-ui): prevent removing last organization administrator role

cc2185a

markwylde merged commit 0794b14 into main Jun 2, 2026
18 checks passed

markwylde deleted the codex/fix-organization-admin-role-guard branch June 2, 2026 21:00