[Connect 2.5] Workstreams - Work adding permissions

[maxceem]

We should determine which Project Template is for pre-packed and which one for taas project so we know if we should let customers add works or no.

The best solution here would be to reuse permissions from Project Service model WorkManagementPermission which suppose to control permissions for creating works for particular templates. But so far we don't have yet API endpoints implemented for them. Also, so far we don't have yet a good and comfortable way to define them for Project Templates (no API to manage them).

So for the first release, we can go with a simpler way, which could later be evaluated to use WorkManagementPermission model instead.

1. We should define inside planConfigs, workstreamsConfig permission rule for creating works inside workstreams.

   {
   "workstreamsConfig": {
   
    "addWorkPermission": {
       "projectRoles": ['manager'],
       "topcoderRoles": ['administrator']
    },     
   
   // other workstreamsConfig properties as per https://github.com/appirio-tech/connect-app/issues/3240
   }

2. During project creation with such a workstreamsConfig, we should copy this permission addWorkPermission into project's

   details.settings.workstreams = {
   "addWorkPermission": {
       "projectRoles": ['manager'],
       "topcoderRoles": ['administrator']
    },   
   }

So after inside Connect we can determine if the user has permission to add works to the project.

@vikasrohit do you think would ok for the first release?

[vikasrohit]

@maxceem my intention with introduction of WorkManagementPermission is was exactly for this use case, without this use case being fulfilled, I think we won't have any utility of WorkManagementPermission. So, I would prefer to use this model instead. And I think we do have a direct link with the project template for the work management permissions model. I think your concern is about deciding the work management permissions on front end because it is easy to do that on backend by simply query on that permission model. I think for resolving the front end issue, we can quickly get an endpoint implemented in backend to get the permissions for the project template in use.

[maxceem]

As now we are controlling permissions to manage works by WorkManagementPermission.

Should we add some default permission if no permissions records are found? For now, if we don't set permissions for template explicitly, nobody could manage work.

So should we define some default rule which would be applied if no permissions records found? Or we would always explicitly add permissions for every project template?

[maxceem]

For the template 219 on DEV, I've defined all the permissions. Can see them by URL https://api.topcoder-dev.com/v4/projects/metadata/workManagementPermission?filter=projectTemplateId=219 using admin user.

[vikasrohit]

I think we have discussed it earlier some where @maxceem. 😬 I think it should not be difficult for us to add explicit permission for each template which supports delivery management with works instead of phases. In fact it seems to be a good feature to me to keep old way (phases) and the new way (work) separate but still supported in the same release. Is it possible for us to detect on front end if user has permissions on the chosen template to use work management? If yes what we can do is:

1. If no user has permission for the work management for the template, we can show the old way of adding phases
2. If there exists at leas one permission for work management for the template, we can keep the work management stuff disabled for the user.

I think with the above approach would require us to expose all permissions of the template to all users to detect the condition mentioned in 1. So, if that is really the case, I guess we can just keep work management feature disabled always if the template does not allow the user to manage the work. Users can ask support in such cases, and we can add the appropriate permission for the template.

[maxceem]

I think we have discussed it earlier some where @maxceem. 😬

Yep, but because of new context and new details I re-raise it to confirm.

Is it possible for us to detect on front end if user has permissions on the chosen template to use work management?

I guess you mean if it's possible to detect that ANY user has permissions to use work management. No, it's not possible expect user is admin and can call CRUD endpoints. Other users may get only their permissions.

So as the result of above I guess we cannot support phases based on permissions. But there is another way to support phases if you like. If ProjectTemplate.phases/PlanConfig.config doesn't have workstreamsConfig then for such project templates we can keep ability to create phases instead. So this way we can use phases and workstreams in parallel for some time. And only when we directly define workstreamsConfig for ProjectTemplate we would enable workstreams for new projects with that template. This approach looks logical for me as if we don't have workstreamsConfig then no workstreams would be created for the project, which will end up in the situation when user cannot neither phases nor works. We've discussed it before here and you didn't like such approach, maybe you would like to reconsider it.

[vikasrohit]

Yep, I made that decision based on urgency of delivery at that time but as now we have kind of pause for the release, we can rethink. Further, in the referenced comment, I said we won't create phases by default any more no matter if we have workstreamConfig/phaseConfig or not. However, here I am more concerned about having backward compatibility for the existing projects so that they still keep on managing their phases. So, in summary, if you think it is easily possible for us to support the phase management with work management with the way of detection you mentioned, I am good with that and if that seems to take some time, lets skip the phase support for now and take care of it once you are back.