search

numerique-gouv / people

Teams management application
MIT License
13 stars 1 forks source link

User invitation #25

Open lebaudantoine opened 9 months ago

lebaudantoine commented 9 months ago

Feature Request

Describe the solution you'd like

Allow user invitation and enhance group management by implementing a streamlined process:

  1. User Invitation:

    • Create an endpoint for inviting users to Desk based on provided email addresses.
    • Generate pending identities for invited users.
    • Email invited users with group and issuer info.

  2. First-time Connection:

    • Check for pending identities when a user connects for the first time.
    • Update/Link user identity if a pending identity exists.

  3. Efficient Management:

    • Allow adding pending identities to groups without re-entering email.
    • Enable search among pending identities and those linked to active users.
mjeammet commented 9 months ago

Sounds great ! A few extra questions :

1) What's the model behind pending identity ? It could be an Identity with an is_active field, but that would mean creating Identities with unknown/blank/null sub field, which messes with it's unicity/mandatory constraint. Plus you would have to update the sub upon first connexion.

Also, in addition to the invited email, we need to save pending group infos (group, role, date of addition, etc). Should we use the TeamAccess model, with an inactive User ?

2) If you search for one of my adresses that I don't use with the SSO, it would be nice to be suggested an existing identity. I wonder if it wouldn't already be the case with the TrigramSimilarity research and email adresses almost always following the same pattern. I wonder if there's also a GDPR-related legal concern to have here.

lebaudantoine commented 9 months ago
  1. Brainsto: Might be cool to introduce an invitation model? It would include:
    • FK to the sender (User)
    • FK to the group
    • Email of the recipient
    • Date of invitation

I see several issues with my proposition of data modeling. Afterthought, it might not be the right way of doing it.

  1. I guess the Trigram Similarity would show emails that contain your first name and last name. The current search feature would need to be improved in the longer run, agree with you
sampaccoud commented 9 months ago

+1 for a separate invitation model. Separation of concerns?

sampaccoud commented 9 months ago

Generate pending identities for invited users.

This does not need to be done. You invite the users by sending them an email. When they click in the email, they must start by logging in to Desk... this is when their identity is automatically created. We then see that there is a pending invitation for this email address and can add the user to the group as indicated in the invitation... Don't forget to delete or archive the invitation.

The advantage of this pattern is that the invitation is completely generic and does not require any token.

mjeammet commented 9 months ago

I don't quite remember what we said the other day during the standup : there should be a CRUD for this model, right ? Numerous uses : Create ✅ upon creation Read ✅ upon listing group members, I want to see pending invitations Read details ❓ Update ❓ to update role after first invite ? Delete ✅ if I want to cancel an invite