feat: enforce user roles

enforces user admin role requirement for
- creating / deleting / setting role for organization users
- creating / deleting / setting role for project users
- updating project name
- deleting project

hides action elements based on role for
- admin console
- team settings if team is only visible through project membership
- add project tile if not team admin
- project name text editor if not team / project admin
- add redirect from team page if settings only visible through project
  membership
- add redirect from admin console if not org admin

role enforcement is handled on the api side through a custom GraphQL
directive `hasRole`. on the client side, role information is fetched in
the TopNavbar's `me` query and stored in the `UserContext`.

there is a custom hook, `useCurrentUser`, that provides a user object
with two functions, `isVisibile` & `isAdmin` which is used to check
roles in order to render/hide relevant UI elements.

frontend/src/shared/graphql/findProject.ts

@@ -2,9 +2,12 @@ import gql from 'graphql-tag';
 import TASK_FRAGMENT from './fragments/task';
 
 const FIND_PROJECT_QUERY = gql`
-query findProject($projectId: String!) {
-  findProject(input: { projectId: $projectId }) {
+query findProject($projectID: UUID!) {
+  findProject(input: { projectID: $projectID }) {
     name
+    team {
+      id
+    }
     members {
       id
       fullName

frontend/src/shared/graphql/me.graphqls

@@ -1,11 +1,21 @@
 query me {
   me {
-    id
-    fullName
-    profileIcon {
-      initials
-      bgColor
-      url
+    user {
+      id
+      fullName
+      profileIcon {
+        initials
+        bgColor
+        url
+      }
+    }
+    teamRoles {
+      teamID
+      roleCode
+    }
+    projectRoles {
+      projectID
+      roleCode
     }
   }
 }

frontend/src/shared/graphql/project/setProjectOwner.ts

@@ -1,25 +0,0 @@
-import gql from 'graphql-tag';
-
-export const SET_PROJECT_OWNER_MUTATION = gql`
-  mutation setProjectOwner($projectID: UUID!, $ownerID: UUID!) {
-    setProjectOwner(input: { projectID: $projectID, ownerID: $ownerID }) {
-      ok
-      newOwner {
-        id
-        role {
-          code
-          name
-        }
-      }
-      prevOwner {
-        id
-        role {
-          code
-          name
-        }
-      }
-    }
-  }
-`;
-
-export default SET_PROJECT_OWNER_MUTATION;

frontend/src/shared/graphql/team/updateTeamMemberRole.ts

@@ -0,0 +1,18 @@
+import gql from 'graphql-tag';
+
+export const UPDATE_TEAM_MEMBER_ROLE_MUTATION = gql`
+  mutation updateTeamMemberRole($teamID: UUID!, $userID: UUID!, $roleCode: RoleCode!) {
+    updateTeamMemberRole(input: { teamID: $teamID, userID: $userID, roleCode: $roleCode }) {
+      member {
+        id
+        role {
+          code
+          name
+        }
+      }
+      teamID
+    }
+  }
+`;
+
+export default UPDATE_TEAM_MEMBER_ROLE_MUTATION;