Root Users are not given full list of organizations

[gwright99]

Background

An individual identified as a root user in Tower has full edit/view permissions for Organizations, Workspaces, Users, and Teams via the Tower console.

This level of access does not appear to be the case when using the CLI. When a root user runs tw -o json organizations list, the response provided appears to be populated only by those Organizations which the user is directly affiliated with (as an Owner/Member).

How to reproduce

1. Stand up a blank Tower instance.
2. Create two users:
   1. UserA is a root user
   2. UserB is a non-root user
3. Create three organizations:
   1. OrganizationX
   2. OrganizatinoY
   3. OrganizationZ
4. Assignments:
   1. Make UserA an Owner of OrganizationX
   2. Make UserA an Owner of OrganizationY
   3. Make UserB an Owner of OrganizationZ
5. Configure tw access for UserA
6. As UserA, run tw -o json organizations list. You'll note OrganizationZ does not appear.

Hypothesis & Suggestions

I believe root user API calls run through a different set of APIs than the general organizations / members / workspaces / teams commands. Assuming I'm correct, tw should either:

1. Offer a root-user centric menu option; OR
2. Offer an additional flag to identify the activity is being run with a root-user persona rather than general Tower user; OR
3. The target Tower API logic should be modified to check if the caller is a root-user and structure their responses appropriately.

[tcrespog]

The command works as expected (not a bug): tw organizations list returns those organizations where the requester user is a member in a similar vein to browsing to the "Organizations" screen on the web GUI.

Currently, the root API, which consists of a different set of (hidden/non-public) endpoints, is not supported by the CLI and I don't know if there are plans to support it.