Update group: handle approval requirement changes

[smadbe]

Motivations

The current update group service lets the user change the approval as he wants, but in practice, you should not be able to change the rules while some member has approved them already.

Subtasks

• [x] require_lock_membership_approval_until should be nullable (it should be able to re-set this value to null when not null)
• [x] if there is at least one participant (user or team) in the group and one of the approval rule is strengthened:
  • [x] if approval_change_action is not given, fail (403?)
  • [x] if approval_change_action is "empty", remove all the participant from group
  • [x] update membership_changes table as well !
  • [x] also reject all pending join requests
  • [x] if approval_change_action is "reinvite", remove all the participant from group and invite them to join the group
  • [x] also reject all pending join requests
• [x] if no approval rule is strengthened, approval_change_action must not be given
• [x] require_lock_membership_approval_until is strengthened if the new value is >NOW and either:
  • [x] the previous value was null, or
  • [x] the previous value < the new value
• [x] require_watch_approval is strengthened if was false and becomes true
• [x] require_personal_info_access_approval is strengthened if was none and become sread or edit, or if was read and becomes edit
• [x] require_lock_membership_approval_until is strengthened, reject all existing pending leave request (which, by definition, cannot be valid anymore)

[GeoffreyHuck]

Do we put the same action in the group_membership_changes table (schema here: https://franceioi-algorea.s3.eu-west-3.amazonaws.com/dbdoc/tables/group_membership_changes.html) when:

• The member is kicked out because of approval_change_action=empty
• The member is kicked out because of approval_change_action=reinvite ?

[smadbe]

This group_membership_changes has become just a log. So we could use removed (as the membership has been removed by a manager) but if the goal is to be able to understand why a member is not member anymore probably an entry such as removed_due_to_approval_change may help.

[GeoffreyHuck]

What happens if the group in question have subgroups and a field is strengthtened?

• Do we remove the subgroups?
• Do we remove the users in the subgroups?

[smadbe]

What happens if the group in question have subgroups and a field is strengthtened?

* Do we remove the subgroups?

No

* Do we remove the users in the subgroups?

No

Subgroups would be to difficult to manager, for instance if you add the group in another parent group, you would get a set of new approval rules, you would have to re-invite everybody, ...

[smadbe]

I have added (in the task description subtasks) 3 lines related with join/leave requests that may also be dropped if rules change (as the user approves the rules when creating the request)