The groups to which the user is susceptible to belong should be managed as dynamic groups

[SergioArbarviro]

The applications using the LDAP directory managed by AlirPunkto allocate rights according to the group to which the user belongs.

I propose that AlirPunkto manage groups that contain all users belonging to one group as defined by the connected applications, in the form of dynamic groups. These groups should be, in increasing order of rights:

• ActiveUsers = users that have started, but not yet completed, their registration process + all "Ordinary Members";
• OrdinaryMembers = users that have completed their registration as "Ordinary Members" + former "Cooperators" that were sanctioned and are temporarily deprived of their voting rights by the administrator (as per issue #58) or, in the longer term, by a member of the Mediation and Arbitration Council (as per issue #56) + all "Cooperators";
• Cooperators = users that have completed their registration as "Cooperators" + former "Ordinary Members" that have performed the full procedure to verify their identity + former "Ordinary Members" whose Identity data is valid and were promoted back to "Cooperator" status at the end of their sanction period by the administrator (as per issue #58) or, in the longer term, by a member of the Mediation and Arbitration Council (as per issue #56) + all members of the "Board" + members of the "Mediation and Arbitration Council";
• Board = Cooperators that were promoted to members of the Board by the administrator (as per issue #58) or, in the longer term, by the members of the Mediation and Arbitration Council (as per issue #57) at the start of their term in office and not yet demoted back to Cooperator at its end;
• MediationArbitrationCouncil = Cooperators that were promoted to members of the Mediation and Arbitration Council by the administrator (as per issue #58) or, in the longer term, by the members of the Board (as per issue #57) at the start of their term in office and not yet demoted back to Cooperator at its end.

There is no need for a group of all users present in the directory (= i.e. including those Cooperators that have resigned, are no longer active, but whose Identity data - names, surnames and date of birth - are kept during the Quarantine period to avoid immediate re-registration following the deterioration of their reputation), because their very presence implies that they belong to it.

[SergioArbarviro]

Done in alirpunkto/init.py