[STORY] As an admin I want to delegate team mailbox management to a user

[chibenwa]

User story

Team mailbox manager

As an admin I can promote 0-n team mailbox members as manager (using webadmin).

Technically those team mailbox members are identified via the right a.

All team mailbox members can see other members

As a team mailbox member in team mailbox properties, I can see the list of other users that can access the team mailbox.

Note that all members sees if other members are managers or not.

Team mailbox managers rights

A team mailbox manager can add/remove regular members.

In a V1 of team mailbox management, team mailbox mamager cannot promote/unpromote other team mailbox manager / himself (forbidden to touch right a.

Technically:

• Webadmin modification to give write a to new users

  curl -XPUT http://ip:port/domains/domain.tld/team-mailboxes/marketing/members/bob@domain.tld?role=manager

  Would add bob@domain.tld as a member and give him right a

• Webadmin modification to show roles:

curl -XGET http://ip:port/domains/domain.tld/team-mailboxes/marketting/members

[
  {
     "username": "bob@domain.tld",
     "role": "manager"
  },
  {
     "username": "alice@domain.tld",
     "role": "member"
  },
...
]

• Webadmin modification to promote an existing user as a team mailbox manager

curl -XPUT http://ip:port/domains/domain.tld/team-mailboxes/marketing/members/bob@domain.tld?role=manager

(Same as create member)

• Webadmin modification to un-promote an existing manager

curl -XPUT http://ip:port/domains/domain.tld/team-mailboxes/marketing/members/bob@domain.tld?role=member

(Same as create member)

• JMAP extention to get team mailbox members

[
    "Members/get",
    {
        "accountId": "xyz",
        "ids": ["id-of-any-mailbox-belonging-to-the-team-mailbox"]
    },
    "#0
]    

=> 
[
    "Members/get",
    {
        "list": [{
            "id": "id-of-any-mailbox-belonging-to-the-team-mailbox",
            "members": {
                "bob@domain.tld": {"role":"manager"},
                "alice@domain.tld": {"role":"member"}
             }
         }]
    },
    "#0
}

• Adding a member:

[
    "Members/set",
    {
        "accountId": "xyz",
        "update": {
            "id-of-any-mailbox-belonging-to-the-team-mailbox"; {
                "member/cedric@domain.tld": {"role":"member"},
                "member/alice@domain.tld": null
            }
        }
    }
    "#0
]    

=> 

[
    "Members/set",
    {
        "updated": {
            "id-of-any-mailbox-belonging-to-the-team-mailbox": null
        }
    },
    "#0
}

Feedback: @dieptran88 @hoangdat @Arsnael

@dieptran88 could you create a user story for listing members of a team mailbox, and for manager to add/remove members on tmail-flutter side?

@Arsnael Good intern topic?

[Arsnael]

@chibenwa looks good to me. This kind of topic looks good as an intern topic indeed

[Arsnael]

The way I would see it, nothing too big:

• ADR => QUAN

• POJO TeamMember => Username + MemberRole. MemberRole is determined by the fact that member has or not the right a on the team mailbox. Refactor the code to use TeamMember pojo instead of Username for members in TeamMailbox code (addMember, listMembers, removeMember, ...). Need MemberRole POJO too likely... enum? 2 roles with predefined set of rights on a mailbox? (difference being the a right between manager and normal member) => QUAN

• webadmin refactoring => add a query param on add member route so that an admin can promote/unpromote a manager. Get the list of members via webadmin should show a list of objects with username and role (manager, member) belonging to the team mailbox RENE

• JMAP specs TeamMembers custom extension => QUAN

• TeamMembers/get method (managers and normal members should be able to call) RENE

• TeamMembers/set update : partial update, allows to add/remove normal members. A manager can't promote/unpromote members to be managers for now (only admin via webadmin). Manager can't remove an other manager as well from the list. Should we allow full reset as well? RENE

[vttranlina]

Should we allow full reset as well?

what is "full reset"?

[quantranhong1999]

what is "full reset"?

set (fully) update (not partial update) I think

[hungphan227]

no full reset for now => complicated with case cannot promote/unpromote managers

[hungphan227]

How can we resolve the "teamMailboxId" e.g. "id": "id-of-any-mailbox-belonging-to-the-team-mailbox" to the actual team maibox name? Given that today our TeamMailboxRepository relies on TeamMailbox name.

Can we use the team mailbox name as the id? Otherwise likely we would need to do some refactoring or introduce some table mapping id -> team mailbox name?

[Arsnael]

Thoughts: do we need a new capability for this jmap extension?

[quantranhong1999]

Thoughts: do we need a new capability for this jmap extension?

Likely yes IMO. That would help mobile team to know if it is TMail server with the team mailbox feature or just a normal JMAP server.