The "groups" in the LDAP directory should include the hierarchical structure of roles

[SergioArbarviro]

Current state

In the current state, when a user has a given role, it belongs to the LDAP group corresponding to that role, which is right. However, the roles in the Cooperative bear a hierarchical structure:

• all "Cooperators", "Candidates" and "SanctionedCooperators" are also "Ordinary Members of the Community" (the opposite is false = many members of the Community are neither Cooperators, Candidates or SanctionedCooperators);
• all "members of the Board" are also "Cooperators" (and hence also "Ordinary Members of the Community"),
• etc.

The applications using the LDAP data do not natively include such a hierarchical structure (this is in particular the case of NextCloud). This is why it should be the purpose of the LDAP directory to implement that hierarchical structure.

Desired state

• All users having succesfully completed the registration process, by the "Ordinary Member" or the "Cooperator" path, should be members of the group "ordinaryMembersGroup";
• All users of the groups "boardMembersGroup" or "mediationArbitrationCouncilGroup" should be part of "cooperatorsGroup".

• When a member of the "boardMembersGroup" (respectively: of the "mediationArbitrationCouncilGroup") becomes member of one of the following groups:

  • candidatesMissingYearContribGroup;
  • sanctionedGroup;
  • sanctionedMissingYearContribGroup;

  then AlirPunkto should also remove him/her from the "boardMembersGroup" (respecively: from the "mediationArbitrationCouncilGroup"), until the member recovers his/her statute as member of "cooperatorsGroup".