Add policies layer in between roles and permissions

[jdorn]

Features and Changes

Add a "policies" layer in between roles and permissions.

TODO:

• Default Role -> Policy -> Permission mappings
• Use this new mapping in the existing permissions code
• Support for custom organization roles (data model only, no API support or UI yet)

[mknowlton89]

I think we'll want to add one more check - to prevent deleting a role that is the org's default.

  // Make sure the id isn't the org's default
  if (org.settings?.defaultRole?.role === id) {
    throw new Error(
      "Cannot delete role. This role is set as the organization's default role."
    );
  }

[mknowlton89]

I've added this in this PR here, so we don't need to do it here - https://github.com/growthbook/growthbook/pull/2512/files#diff-d577f6ec2e9cc31ebc7af8b716ca1deeffe215e114c4ad0f8f98eef0dde9d404

[mknowlton89]

I've been testing this alongside the UI PR here and it's working great.

In the PR above I made two small tweaks.

• I added some logic within the getOrganization to ensure we're passing the org's customRoles to the frontend context so when we call getDefaultRole - the org object we pass in contains the org's customRoles.
• I also added some logic to the deleteCustomRole endpoint so if the role was being used as the org's default, we block deletion.

[github-actions]

Your preview environment pr-2495-bttf has been deployed.

Preview environment endpoints are available at:

• https://growthbook-3000-pr-2495-bttf.growthbook.okteto.dev
• https://growthbook-3100-pr-2495-bttf.growthbook.okteto.dev

[jdorn]

I can't approve since I made the PR, but this looks good to me.