(User) Add / edit user within managed group

Registered by Lars Helge Øverland on 2014-12-22

Introduce new authority and user management logic for adding / editing user within a managed user group. This includes 1) a new association between user groups called "managedGroups", 2) an new authority called "F_USER_ADD_WITHIN_MANAGED_GROUP" and 3) new logic for access control related to adding and editing users.

1) Introduce an association from UserGroup to UserGroup called managedGroups. Introduce an association from UserGroup to UserGroup called managedByGroups, which is the inverse of the former and mapped to the same database table.

2) Introduce an authority called "F_USER_ADD_WITHIN_MANAGED_GROUP". This is a weaker alternative to "F_USER_ADD".

3) Introduce new logic for access control related to managed groups.

The term "A can manage user B" implies that a user B is a member of a user group that can be managed by a user group which user A is a member of.

When granted "F_USER_ADD_WITHIN_MANAGED_GROUP", a user can create a new user only if it is shared immediately with a user group that can be managed by a user group which the creator is a member of.

A user can edit or delete users which she can manage (when granted the "F_USER_ADD_WITHIN_MANAGED_GROUP" authority).

A user can add a user to a group which she can manage, even if she has read-only access to that group. A user can only add or remove users to a group which she can manage, not change the name, if she has read-only access to that group.

Blueprint information

Status:
Complete
Approver:
Lars Helge Øverland
Priority:
Undefined
Drafter:
Lars Helge Øverland
Direction:
Needs approval
Assignee:
Jim Grace
Definition:
New
Series goal:
Accepted for trunk
Implementation:
Implemented
Milestone target:
milestone icon 2.18
Started by
Lars Helge Øverland on 2015-01-15
Completed by
Lars Helge Øverland on 2015-01-15

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.