search

Aidbox / Issues

Issue tracker for Aidbox FHIR backend by Health Samurai
7 stars 0 forks source link

Boxes Management Permissions in Multibox #521

Open ginrod opened 2 years ago

ginrod commented 2 years ago

Problem I need to solve

We need to have more than one box's owner or have an owner and allow him to add admins with full control. This other admins should be able to add new collaborators to the box, remove collaborators and delete the box (all the write permissions that the owner has). But, if the original owner is not able to grant full control to other participant (maybe he is no longer in the company), we will need a way to force an ownership or full control transfer to another person.

IMPORTANT: In our case we want all our multibox collaborators to sign in with github. Therefore, create users in each box as is explained in the following link: https://docs.aidbox.app/tutorials/creating-user-and-set-up-full-user-access is not an alternative to us

Solution I see

Create a simple UI option/button when adding a new collaborator to a certain box to grant him full control over the box.

Alternatives I've considered, but they don't work

We try connecting to the aibdoxdb's pod via kubectl exec, connect to aidbox database inside the pod and update the table box.

See the example below:

UPDATE box b
   SET txid = nextval('transaction_id_seq'),
       resource = '{
        "fhirVersion": "fhir-4.0.1",
        "participant": [
            {
                "role": "owner",
                "user": {
                    "id": "<original owner id>",
                    "resourceType": "User"
                }
            },
            {
                "role": "owner",
                "user": {
                    "id": "<second owner id>",
                    "resourceType": "User"
                }
            },
            {
                "role": "admin",
                "user": {
                    "id": "<collaborator id>",
                    "resourceType": "User"
                }
            }
        ]
    }'::jsonb
WHERE b.Id = '<box id>';

The second owner display with owner label in box's participants and could not be deleted anymore by original owner, but he could not add/delete new collaborators nor delete the box.

Additional context

We would like something like this: (is only an idea) example