Project Access Management Controls

[wdprice]

Need to implement a solution for managing access to a project (team) within taas-app.

Option 1 (low effort) - add a link to Connect to perform team management functions inside Connect.

Option 2 (higher effort) - Update TaaS App Team Details page with controls to add users to the team, similar to Connect project control. TaaS app would only implement "topcoder" and "team" - topcoder members on a taas team will not be added in this interface.

[maxceem]

Roles mapping between Topcoder and Connect roles:

[maxceem]

Details of this task:

• We would use Projects Service API to manage invitations ​/projects​/{projectId}​/invites and members /projects/{projectId}/members.
• To add a user to the TaaS Team, such user should be invited by hanlde or email.
• We should list invited users together with members. Invited users should be somehow marked as invited.
• We should be able to remove invitations.
• We would invite all the users as customer to the project no matter what Topcoder role it has.
• After user is invited, such user should get email with Accept and Decline links which should lead to the TaaS App. (Need Project Service and TC Notifications services updates, together with creating template in sendgrid)
• By following these links user would be lead to the TaaS App, and the invitation would be automatically accepted or declined.
• We should be able to remove members.
• Users should be able to leave team.
• User should see the teams they are invited to as listed in the teams page.
• When opening a project they are invited too, the popup with buttons to accept/reject invitation should be shown. Once click accept they should be added to the project and project shown. Once clicked decline invitation should be declined and they should be redirected to the teams listing page.

Project Service + TC Notifications Service changes

• When inviting members we should be able to indicate which app initiated invitation, which should end up in another email template to be sent to the user depend on the initiative application (Connect or TaaS).

Questions

1. Should users who can see all the teams like bookingmanars be able to join teams directly without an invitation? This is how it's done in Connect. I guess we don't need it, as bookingmanars already can do anything inside teams. But in case we need it for some tracking of assigned managers.

   

[wdprice]

Lets keep the option to "Join Project" because if we choose to add a feature similar to "My Projects" in Connect then it would make filtering easier for those super users.

[maxceem]

@wdprice users who is invited to the project should have some UI to accept/decline invitation not only using links from email.

I suggest implementing similar UI like we have in Connect App

Project List (optional)

• actually, we can skip this way and just show some invited label. So user would have to click the project, to open it, and when user navigates to the project they would see popup which you can see in the Project Details section below.

Project Details

If user happen to open project by the link where they are invited but not yet join they don' have access to the project (team). So we show prompt to accept or decline an invitation:

From Email

When user click links in the email, they should be redirected to the Project Details (Tema Details) page with the same dialog, but button should be pressed automatically and loading process should be shown until the accept / reject operation completes.

Could you please, confirm if all of this is desired.

[wdprice]

@maxceem - I'd like to keep it as simple as possible. Do we need to support the invitation workflow or can we just consider it automatically accepted when added?

[maxceem]

@wdprice only Topcoder Admins can add members directly or accept invites for other users. So we can only do so, if we restrict this functionality to Topcoder Admins.

Another way to achieve this is to create new endpoints in TaaS API which would create members directly bypassing the invitation process. TaaS API can call Projects API using M2M token which can also add members directly bypassing the invitation process.

• Creating such endpoints in TaaS API could be easier than supporting the whole invitation workflow in the short term. But in long term, we would have to support these new endpoints in TaaS API, while otherwise, we would just use Projects API.
• Another concern I have, is that such API would give the possibility to bypass the invitation process to any user. I. e. in Projects API by following business requirements we've implemented this invitation workflow when users have to confirm, and here we would create an endpoint that would bypass their confirmation. As a result, any new user which creates an account on Topcoder could create a team, and add there any other Topcoder members without their confirmation. Not sure if it fine or not.
• One more drawback of direct adding. We could not invite users by email who is not yet registered on Topcoder. While at the moment the current invitations workflow supports inviting non-registered users by email and they would get an email with a registration link.

Let me know if you would like to go this way.

If we stick to reusing the API we have in Projects API, then we cannot bypass the invitation process, though we can simplify a bit one moment. We don't have to implement functionality to accept/decline invites on the project listing page (case 1 in #14 (comment)) and only have to implement accept/decline invitation inside the team and from the invitation email (cases 2 and 3 in comment #14 (comment)).

[wdprice]

I'm having a discussion more broadly w/ the Product group on this. Should get an update later today.

[wdprice]

@maxceem Go ahead with the M2M workaround. We will need to add some text to explain they can only add topcoder users. We're still discussing if the invitations are the way we want things long term.

[maxceem]

@wdprice there are a couple more things if we go with direct member adding

• Just realized that even more easier way would be to update Projects API, so it allows adding members directly not only for Topcoder Admins but for other users also (trivial change). Then we even don't have to create new endpoints in TaaS API.
  • but Projects API only supports adding member by "handle" so if we would like to support emails, then we would still have to create TaaS API endpoints or update endpoints in Projects API to support emails
  • anyway, if generally, it's fine for Topcoder to allow adding members directly it would be easier to update Projects API to support it, as there are already endpoints implemented
• There is one small drawback of not supporting the inviting process in TaaS App. At the moment users who are invited but not yet accepted invite can see projects (teams) in the list, but cannot access project (team) details. So if some user is invited but not yet accepted, they would see this team on the list, but once user clicks on it, they would see an error, because they don't have access.

[maxceem]

Updated requirements.

Add members instead of invite

When we open this dialog https://marvelapp.com/prototype/921gg0f/screen/75391358/handoff instead of calling endpoint to invite members we have to call API to add these users directly as members.

1. Rename dialog to "Add more people" and rename the button "Invite" to "Add".
2. After success response, we have to add a member to the list, not an invite.
3. Remove the logic for adding invites from the source code.
4. Show existent invites on the list, but remove button for deleting invites and related logic. We would not remove invites anymore as we cannot add them but we would still show existent invites.

QA Guidelines

1. It should allow adding users by handles and by emails like it's done in Connect, see screenshot.

2. We also have to allow adding users by handles even if the handle is not listed in suggestions. This is because of 2 reasons:

   1. Some members might be not returned in suggestions due to data inconsistency.
   2. Some users don't have permission to get suggestions. For example, pshah_customer/topcoder123. This user would not get any suggestions. Please, check that in such case everything works good and we can still add members by handles and emails. Note, that this user can access just a few teams, so use one of these teams https://platform.topcoder-dev.com/taas/myteams (can see after login with pshah_customer).

3. If we try to add a member by the handle which is already on the list, we have to show validation error immediately like on screenshot: "Member(s) cannot be added again. Please, remove them from the field.".

   1. The same if we try to invite member by email who is already on the list.

4. If there were an error while inviting some of the members, then the server would return the list of successful and the list of failed members:

   1. don't close popup in such case,
   2. show the list of errors under the field like in Connect App.
   3. show members which were successfully added on the list (under the popup), and remove handles/email of successfully added members from the field,
   4. keep failed handles/emails on the field so we can try to add them again, see video.

[sandhiyakavi]

@maxceem Below are some issues found.

1. Booking Manager was not able to access the "Manage Access" page .Getting error " You do not have permissions to perform this action" but able to access the project and all its features. Booking Manager is able to access "Manage access" page only when added as member.
   credential used: bookingmanager/Appirio123

2. In success message the count is displayed twice.

3. Suggestions are not displayed for users with only "Topcoder user" role. It's showing "Create" text before every handle/email id. Suggestions are displayed for users like tonyj ,TCConManager etc.

4. If the member tries to leave by himself, the message shown in pop up is mentioning like removing some other user. Is it possible to show something similar to Connect?

[maxceem]

@sandhiyakavi thanks for reviewing.

1. Booking Manager was not able to access the "Manage Access" page .Getting error " You do not have permissions to perform this action" but able to access the project and all its features. Booking Manager is able to access "Manage access" page only when added as member.
   credential used: bookingmanager/Appirio123

I cannot reproduce this issue, could you please try one more time. And if you still can reproduce it, maybe there any other details which might help me to reproduce it too.

2. In success message the count is displayed twice.

Fixed, could you please check it.

3. Suggestions are not displayed for users with only "Topcoder user" role. It's showing "Create" text before every handle/email id. Suggestions are displayed for users like tonyj ,TCConManager etc.

This is expected behavior, same in Connect. Regular users don't have permissions to request suggestions.

4. If the member tries to leave by himself, the message shown in pop up is mentioning like removing some other user. Is it possible to show something similar to Connect?

Done.

[maxceem]

1. Booking Manager was not able to access the "Manage Access" page .Getting error " You do not have permissions to perform this action" but able to access the project and all its features. Booking Manager is able to access "Manage access" page only when added as member.
   credential used: bookingmanager/Appirio123

@sandhiyakavi we DO have permission issues for BokingManager users who is not a member of the project and who doesn't have Connect Manager role. I've logged a separate issue for this, as this it would take some time to fix #111

[sandhiyakavi]

@maxceem Another issue I found while testing is for some users (Not for all) ,we are able to add them through handle but not through email id. Getting error message : " User doesn't exist"

Users: TCConnCopilot/[email protected], TopConnCustomer/[email protected], TCConCopilotMgr/[email protected], TCConAccountMgr/[email protected], TCConManager/[email protected]

Also the email id is getting removed from the field for these users if failure happens.

2. The issues mentioned before are working as expected.

[maxceem]

@maxceem Another issue I found while testing is for some users (Not for all) ,we are able to add them through handle but not through email id. Getting error message : " User doesn't exist"

Users: TCConnCopilot/[email protected], TopConnCustomer/[email protected], TCConCopilotMgr/[email protected], TCConAccountMgr/[email protected], TCConManager/[email protected]

Also the email id is getting removed from the field for these users if failure happens.

@sandhiyakavi all of this has been fixed and ready for testing on DEV.

[sandhiyakavi]

Verified on Dev env. Working as expected.

bandicam.2021-02-25.17-43-04-906.mp4

[sandhiyakavi]

Fixed: 🆗 in Production via milestone v1.5

User already added.

If invited through connect

If member removed

If multiple members added