search

GovReady / govready-q

An open source, self-service GRC tool to automate security assessments and compliance.
https://q.govready.com
Other
179 stars 55 forks source link

(0.9.0) Can't "invite someone new" to portfolio #752

Open peterkaminski opened 4 years ago

peterkaminski commented 4 years ago

What I did: On http://localhost:8000/portfolios/1/projects, the green + Grant access to member button pops up an invite dialog. Under Select user to invite, I can select "Invite someone new...", which changes the dialog so that it is meant to allow me to invite someone new.

What happened: On that dialog, there is no way to specify someone new.

What should happen: Either I should not be offered a path to invite someone new, or I should be able to specify someone new (presumably by email address?).

Conditions tested in which issue occurs (maybe database should be more populated?):

Source code template involved: govready-q/templates/portfolios/detail.html

Running ver v0.9.0.dev46+devel, branch 0.9.9.dev, hash e5a1d1508901388a87ac3ca2586ef8f8a775b4ed.

Screenshot of dialog:

peterkaminski_Portfolio_-_GovReady-Q

gregelin commented 4 years ago

Working on fixing this issue by restoring code from 0.8.6 that allowed inviting individuals who did not have accounts by their email address.

See commit 7db3c110301c68afcab43dc29b0661950679686a in branch 0.9.0.rc-005

Notes from that commit are below for convenience...

[WIP] Adding back in invite-by-email to non-account-holders

This is work in progress.

Adding back in code from 0.8.6 to allow for the invite modal to properly invite individuals who do not yet have accounts by email invitation.

This is an important workflow in enterprise enviroments with Single Sign On where risk team wants to invite a new individual to an assessment.

This is a work in progress because 0.9.0 introduced Portfolios and Guardian Permission model. Need to be able to invite to Portfolio and also make sure permissions correctly assigned.

This commit gets the basic functionality of inviting someone new via the modal working.

Adding a person who is not a member to the a portfolio by email invitation does not currently work. The invitation to be invited to a portfolio (instead of a project) does not yet exist. The invite goes out, but there is no link to accept the portfolio.

TODO

  • Invite processing is no longer displaying response in Javascript popup even though invite is going out. Look further at javascript.
  • User invited to a project by email and accepting invite to an existing project and signing up as a new user is not getting a portfolio created in their name. It could be the sign up form is incorrect and missing the portfolio field? Or could be permissions issue?
  • Get invite to portfolio by email working
  • Make feature determined by install setting in database
  • Eventually, use autocomplete for finding users instead of select list. Select list will be too long for hundreds of users