Permission inconsistency in Admin panel for Organization Admins #207
Description
Summary
Organization Admins experience inconsistent permission behavior in the Admin panel: they receive "Administrator privileges required" errors on the Dashboard and Organizations tabs, but have unrestricted access to view and manage all users globally in the User Management tab.
Environment
- URL: https://dev.lamb-project.org/admin
- LAMB Version: v0.4
- User Role: Admin (Organization Admin)
- Organization: lamb-demos
Steps to Reproduce
- Create a user with Admin role assigned to a specific organization (e.g., "lamb-demos")
- Log in as that user
- Navigate to Admin → Dashboard
- Result: Error message "Admin privileges required to view system statistics."
- Navigate to Admin → Organizations
- Result: Error message "Administrator privileges required"
- Navigate to Admin → User Management
- Result: User can see all 24 users across all organizations (LAMB System Organization, dif, test, Teem Demo, etc.)
Expected Behavior
One of the following (depending on intended design):
Option A: Restrict Organization Admins to their own organization
- Dashboard: Hide tab or show only org-specific statistics
- Organizations: Hide tab entirely
- User Management: Show only users belonging to the admin's organization (lamb-demos)
Option B: Grant Organization Admins broader read access
- Dashboard: Show system statistics (read-only)
- Organizations: Show organizations list (read-only)
- User Management: Keep current behavior
Actual Behavior
- Dashboard: ❌ Permission denied
- Organizations: ❌ Permission denied
- User Management: ✅ Full access to ALL users globally (not scoped to organization)
Screenshots
