Add Feature: Teams/Organizations similar to Trello

[xet7]

From @aegrey on December 18, 2016 1:53

Feature Description

Similar to Trello, an administrator would be able to create a Organization/Team/User. Any boards created under this team would be accessible to all members of the team. Very high level of changes would be:

• Organizations: Add/Modify/Delete in Admin Panel.
• Teams: Add/Modify/Delete in Admin Panel.
• Board overview page would be available for the team, similar to the users, but with additional controls to manage the team members.
• Teams: Privacy: Private/Public. With Private option, making board public is not allowed.
• Users: Modify in Admin Panel, change password.
• Users: Add in Admin Panel.
• Users: Add user to Organization or Team.
• Users: When adding, also save fullname.
• Users: Remove in Admin Panel. There is Error after deleting a user Error after deleting a user #1289
• LDAP: Subgroups LDAP Data synchronisation problem ldap#58
• LDAP: map unlimited Wekan profile items to LDAP fields. If profile is changed in Wekan, should Wekan have ability to save data back to LDAP? Or should Wekan be able to override LDAP settings? LDAP Data synchronisation problem ldap#58
• LDAP: Map Wekan Roles to LDAP Roles LDAP Data synchronisation problem ldap#58
• LDAP: Check that only Admin LDAP subgroup gets Wekan Admin permissions LDAP Data synchronisation problem ldap#58 (comment)
• LDAP: Check that LDAP filter works correctly. Is it possible to simplify filter settings? Disabled users are allowed to login, make ldap filter configurable univention#5

Discussion Requests

https://discourse.wekan.io/t/teams-and-permissions/77 (somewhat similar)
https://discourse.wekan.io/t/any-progress-on-users-being-able-to-see-and-interact-all-boards-immediately-upon-registration-suggestion-groups/206

I currently don't know of any code bases that would assist in implementation of this feature, but this is the main reason why I'm still using Trello for my team, so I'd like to contribute. I did not see any pull request for it in the main repo. I know this would be a fairly heavy lift with database restructuring necessary.

If this isn't something someone currently has on their radar, I have forked this repo and will plan on documenting the technical requirements to implement this feature, and then communicate this and possibly start implementation of the feature as time allows.

Copied from original issue: wefork#52

[xet7]

@aegrey

This is related to other Wekan issues in this way:

#13 Has some code for admin interface, but probably does not include teams

For making Wekan programmable, AFAIK there is no code for these yet:

#43 API

#42 Using Email with API

#49 Auto add user name to a moved card

There is currently not much technical documentation of Wekan, only some related to using it at:
https://github.com/wekan/wekan/wiki/FAQ
https://github.com/wekan/wekan/wiki/Install-and-Update#install-manually-from-source

Wekan code is mostly Javascript, templates, CSS and some YAML. It uses Meteor Javascript framework, Node.js for serverside, and MongoDB database that also is Javascript-based.

On codebase, there is check for environment variable, is it running:

1. Wekan standalone version, when it has multiboard features, login etc etc although disabling login on Close Board  #13 is not implemented yet.
2. Running on Sandstorm, then only one board is in use and is set to public, because Sandstorm provides authentication, sandboxing in grains etc.

Wefork code is quite logically divided to subfolders. I recommend that after cloning that repo to your computer:

1. You don't add Node.js modules or Meteor framework to there
2. Read the code and make notes

If possible, it would be nice to have additional MongoDB database collections (or "tables" as in SQL database terms) for additional information added, that would make upgrading from previous versions of Wefork easier. Some users have a lot of data. So in new version if collection does not exists, then create it.

Planning and documenting technical requirements would be a good way to start. This would also prevent duplicate work when Team/Organization admin is different than the simple previous #13 implementation.

Currently Wekan team is quite small, so having some new technical documentation of code structure would also help newcomers to get familiar with it.

[aegrey]

Thanks @xet7 - I've been looking over the code and am halfway through some tech specs for this, I've been busy but I'll post something when I put together something more solid if someone else doesn't take it on first. :)

[xet7]

@aegrey

Thanks! It's very nice to get tech specs for this.

Since your previous post to this issue Wekan has gained many more features, I will also add there recent ability to change email address.

[killua-eu]

Added a bounty on this issue. Please see https://www.bountysource.com/issues/41780380-add-feature-teams-organizations-similar-to-trello

[xet7]

Moved to here from #1220

Feature request by @DukeW

It would be nice to be able as an admin to take "ownership" of boards. I have a Wekan instance running for 30 people, and some people don't archive there boards when there done. I would like to be able to take ownership of these old boards and archive them my self. Also sometimes a board creator is not present and new people need to be added to a board, right now I don't have a way of doing this.

Reply by @xet7

It's possible to change you as board admin at MongoDB database, that link is mentioned at Platforms page. There is no Web UI for it yet. I have not tried can it be done with REST API.

[xet7]

@aegrey

Can you add your in-progress tech specs to this issue?

[xet7]

@thuanpq is working on this.

@thuanpq , please accept invitation to Wekan GitHub Organization so I can assign you to this issue.

[Emile840]

Hello,

As shown in the gif image below, I just fixed the bug of adding an organization, I haven't done yet a pull request for this change because I'm still working on updating and deleting an organization and a team. But before continuing, I would like to ask you a few questions to see if I have correctly understood the Team and Organization aspects, below are my questions:

• A team contains several users (a user can be found in several teams)?
• An organization contains several teams (a team can be found in several organizations)?
• If I understood correctly, there is not yet an interface to assign authenticated users to a team or to assign a team to an organization?
• If my understanding is correct, two collections are missing in the database, one to store the users assigned to teams and another to store the teams assigned to organizations?

Adding an organization is fixed:

[xet7]

@Emile840

1. A team contains several users (a user can be found in several teams)?
2. An organization contains several teams (a team can be found in several organizations)?

Some alternatives:

a) Previously at #802 (comment) @jrsupplee suggested that users table should have additional columns like org and team, both of them would have list of organizations etc that user belogs to, they would work like members https://github.com/wekan/wekan/blob/master/models/boards.js#L160-L180 . This way, when making database query for user, one query would include also details about organizations and teams, and there would be no need for additional queries.

b) Another, but not so good, alternative would be to try to keep similar database structure like Trello, but Trello database structure naming is kind of confusing. Currently it's kind of this:

• Wekan Organization = Trello Enterprise
• Wekan Team = Trello Organization

c) There is also existing https://github.com/wekan/wekan/blob/master/models/orgUser.js but I think it's not so simple like a)

d) At some OAuth2/LDAP/SAML identity providers there could be some kind of organization structure mapping, I don't know would those affect some way what database structure would make most sense also in Wekan. For example, at OAuth2 Auth0 login there is some mapping of fields to Wekan fields https://github.com/wekan/wekan/wiki/OAuth2#auth0

3. If I understood correctly, there is not yet an interface to assign authenticated users to a team or to assign a team to an organization?

That's correct, I would presume that would be done in Admin Panel / People / People but if there are some better suggestions I'm all ears.

4. If my understanding is correct, two collections are missing in the database, one to store the users assigned to teams and another to store the teams assigned to organizations?

Yes, if for database structure this would be selected https://github.com/wekan/wekan/blob/master/models/orgUser.js

In general, you can add these with whatever way seems to make most sense for you. You can look at existing Wekan UI components and use similar code they have.

Yes, all community help with pull requests is very welcome and speeds up progress, I have a very long todo list with Wekan features, fixes, maintenance etc.

[xet7]

Alternatively:

e) org table, add column teams (similar to members) where would be possible to add those teams that belong to organization. And, team table, add column users (similar to members) where would be possible to add those userIds that belong to organization. That would maybe be more easily editable, than adding even more to Admin Panel / People / People.

[xet7]

@Emile840

Please send your current code, where saving Organizations and Teams works, as pull request. It is much easier to review and merge small pull requests, than one big pull request. It is already much better because saving works.

[Emile840]

I think that before deleting an organization or team, we have to make sure that there isn't any user who belongs to it, right ?

[xet7]

@Emile840

No, it's not necessary:

• If Organization does not exist, Organization name is not shown
• If deleted Organization is added back with same name, it becomes visible again, with same members. It's like undo.

[Emile840]

But in user collection ('orgs' column) we will still had deleted organization ? if there is no problem to display a warning message to tell user that he can't delete that organization or team because there is at least one user belongs to it, i can work on it

[xet7]

@Emile840

Well, maybe there should be some way to remove user from organization. I think you are right.

What is remaining from this Teams/Organization feature, is:

1. Add to database boards collection, also similar org and team columns like at Users table

2. Add to All Boards page Tabs like these:

• https://github.com/wekan/wekan/blob/master/client/components/sidebar/sidebarArchives.jade#L3
• https://github.com/wekan/wekan/blob/master/client/components/sidebar/sidebarArchives.js

There could be tabs like these, for showing boards of organizations and teams:

My Boards | Organization name 1 | Organization name 2 | Team name 1 | Team name 2

And when some tab is shows, below is boards that belong to it.

3. At board Sidebar, above Members, add Organizations and Teams:

Organizations
[+]

Teams
[+]

Members
[+]

When some Organization or Team is added to board, board is visible to all of their members. It is not necessary to add members separately.

If someone has better ideas to this, it's all welcome.

[Emile840]

@Emile840

Well, maybe there should be some way to remove user from organization. I think you are right.

What is remaining from this Teams/Organization feature, is:

1. Add to database boards collection, also similar org and team columns like at Users table
2. Add to All Boards page Tabs like these:

• https://github.com/wekan/wekan/blob/master/client/components/sidebar/sidebarArchives.jade#L3
• https://github.com/wekan/wekan/blob/master/client/components/sidebar/sidebarArchives.js

There could be tabs like these, for showing boards of organizations and teams:

My Boards | Organization name 1 | Organization name 2 | Team name 1 | Team name 2

And when some tab is shows, below is boards that belong to it.

1. At board Sidebar, above Members, add Organizations and Teams:

Organizations
[+]

Teams
[+]

Members
[+]

When some Organization or Team is added to board, board is visible to all of their members. It is not necessary to add members separately.

If someone has better ideas to this, it's all welcome.

Is there any one who can help me with this below issue:

I modified boards collection to add org and team columns (similar to what i did to Users collection). i'm working on adding teams and organizations at board Sidebar, above Members (see image below)

When user clik that + button (see above image), i want to display a pop-up with dropdown list to choose an organization, but i have a problem of getting organization list from database. I'm trying to do that by using Org object in sidebar.js file (see image below) but it gives me an error : "Method 'org' not found [404]\n at Connection._livedata_result ..."

[xet7]

@Emile840

You can add user table/collection fields org and team to users publication, that is published from serverside, so that user can add those organizations and teams that user is member of:
https://github.com/wekan/wekan/blob/master/server/publications/users.js

Then similarly, like showing org at Admin Panel, subscribe to user-miniprofile publication at sidebar.js to above orgsDatas() in your Template.addBoardOrgPopup.helpers :
https://github.com/wekan/wekan/blob/master/client/components/settings/peopleBody.js#L31

But you should not modify this org publication, because only Admin can see all organizations:
https://github.com/wekan/wekan/blob/master/server/publications/org.js#L10

[xet7]

Maybe this is better example of subscribing:
https://github.com/wekan/wekan/blob/master/client/components/main/header.js#L3

Meteor.subscribe('user-miniprofile');

[Emile840]

@Emile840

You can add user table/collection fields org and team to users publication, that is published from serverside, so that user can add those organizations and teams that user is member of:
https://github.com/wekan/wekan/blob/master/server/publications/users.js

Then similarly, like showing org at Admin Panel, subscribe to user-miniprofile publication at sidebar.js to above orgsDatas() in your Template.addBoardOrgPopup.helpers :
https://github.com/wekan/wekan/blob/master/client/components/settings/peopleBody.js#L31

But you should not modify this org publication, because only Admin can see all organizations:
https://github.com/wekan/wekan/blob/master/server/publications/org.js#L10

Thanks @xet7, i used Meteor.subscribe similarly to what was done to Admin Panel and it's working.

[adelphi-company]

As I don't see it on your task list: Do you plan to create Wekan Teams out of LDAP Groups? That would be quite useful for LDAP environments.

[xet7]

@adelphi-company

From AD groups yes, but I have not yet looked at AD code. LDAP could be using same or different way to list groups.

Any help like code examples would be very welcome, how to list groups of AD, LDAP, SAML etc. WeKan LDAP etc code is at wekan/packages/

Also coming is adding some domain members automatically to some team or organization when user of that domain logins.

Hmm, maybe also limiting logins only to allowed domains on Standalone WeKan. Currenly only Sandstorm WeKan has that feature that is actually Sandstorm Admin Panel feature, not WeKan feature.

[adelphi-company]

From AD groups yes, but I have not yet looked at AD code. LDAP could be using same or different way to list groups.
Any help like code examples would be very welcome, how to list groups of AD, LDAP, SAML etc. WeKan LDAP etc code is at wekan/packages/

We are using AD and all our other (>10) web tools with LDAP integration are able to read groups and groups memberships easily, even nested ones. So I assume there is no big difference.

IMHO it's pretty similar to getting users but instead of querying (objectClass=user) you query for (objectclass=group) in a given SearchBase (see https://ldapwiki.com/wiki/Active%20Directory%20Group%20Related%20Searches). Search base can be different to the one for users, so its alsways useful to offer seperate settings . You can apply similar LDAP filters and in the end you get a list of all groups that need to be created as Wekan Teams.

Also, if you query for (objectClass=user), you can use attribute "memberOf" to see which groups are assigned to a user and make him member of the appropriate Wekan Team(s).

Nested groups are detected via "1.2.840.113556.1.4.1941" in a "memberOf" query, e.g.
(memberOf:1.2.840.113556.1.4.1941:=CN=Admins,OU=Groups,OU=Ressources,DC=domain,DC=de)

If you need some suggestions:
A very good (and more advanced) LDAP group implementation can be found in the Nextcloud docs, : https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
Other good LDAP implementations with groups:
TeamPasswordManager: https://teampasswordmanager.com/docs/ldap-sync/#ldap_groups
CheckMK: https://docs.checkmk.com/latest/en/ldap.html
Moodle: https://docs.moodle.org/310/en/LDAP_authentication#Assign_system_roles

Also coming is adding some domain members automatically to some team or organization when user of that domain logins.

Great. This would be very useful too.

Hmm, maybe also limiting logins only to allowed domains

For us not important and I think with appropriate LDAP filter attributes this can be achieved already, or not?