How can a group admin (without user admin rights) add someone to his closed group?

[NotSpecial]

Situation:

• Pablo is admin of the superspecial group, but he is no Vorstand or anything, so he doesn't have admin rights on users (because that would show him all user data)
• Now Pablito is interested in Pablo's Team and talks to him. Pablo agrees to add Pablito to his group.

About their knowledge:

• Pablito is just a little AMIV member who knows nothing of the backend etc. He logged in to the Website, but thats it
• Pablo has used the Admintools to organize his group.

Now we have the following problem:

• Pablo needs Pablito's id to add him to the group. But since he is no user admin, he can't find it.
• Pablito has no Idea what an id even is used for in amiv

How can this be solved? I can think of three ways on top of my head but I'm unsure about each of them

1. We display the id on the amivwebsite along with text like this number will be needed if someone wants to add you to a team
2. Pablo tells Pablito to use a rest client or the Admin tool to find out his id
3. We modify either the user resource so that everyone can query by nethz to get only the id or the group resource so people can be added by nethz

The first two solutions are kind of unnecessary complicated. What do you think about the third? Or are there other solutions?

[hermannsblum]

We are already able to get the NETHZ from the name itself with the people search of ETH

So actually in my opinion it would be reasonable if we allow to search people by id, nethz or name and display these 3 for all users that are logged in via LDAP.

A problem are external members who are admin of a group, as that would mean we go further than the LDAP access rights.

[NotSpecial]

Your first point makes sense. We should do that.

A problem are external members who are admin of a group, as that would mean we go further than the LDAP access rights.

Can you clarify this? Basically all member search functions for admins/groupadmins go further than LDAP access rights, regardless if they are external or not, so I'm not sure what you want to say here.

[hermannsblum]

Consider your problem from above. Now consider Pablo not beeing ETH member because he is an external AMIV member. Therefore, by ETH policy, he is not allowed to search for student's names or nethz or anything. So if we implement our own search we

a) don't differentiate between ETH and external members and open up name-search further then LDAP access rights by ETH. But Pablo will easily be able to add Pablito b) we differentiate between ETH and external members. Therefore, Pablo is not able to search for _Pablito_s id.

[NotSpecial]

Ah, I see your point now but I don't think thats a problem.

All we need is the nethz and id. So in order to cover the missing functionality we do not need full name search.

I think for basic funtionality it's enough to be able to search for nethz and get the id back. (no extra data)

Adding full name search might be a bonus feature we could discuss separately.

[Tar-Tarus]

Seems to have been resolved. Peace out ✌(◕‿-)✌