Description
📋 Summary
Introduce Public Workspaces—a new, shareable workspace type that anyone in the org can view and opt into—modeled on Group Workspaces but with distinct roles and visibility rules.
🎯 Goals
- Empower designated users to create and manage workspaces that are visible to the entire tenant without requiring membership.
- Reuse existing functions_documents.py
- APIs follow same structure as groups
- Integrate Public Workspaces into the chat/document selector alongside Personal and Group workspaces.
🔍 Background
- Group Workspaces today require the “Create Groups” app role; members must be explicitly added before they can see or join.
- Public Workspaces should be:
- Created only by users with a new Create Public Workspaces app role.
- Visible to everyone (no “User” role, since there’s no need to join).
- Managed via Owner, Admin, and Document Manager roles (no “User”).
🛠 Requirements
1. Authorization & Roles
- New App Role:
CreatePublicWorkspacesthis is similar to how theCreateGroupsrole works with gating who can create groups except that it is always on this is not something that can be disabled - Workspace-level Roles (for each Public Workspace):
- Owner (full control)
- Admin (manage roles, settings)
- Document Manager (upload/manage docs & prompts)
- No “User” role: everyone can view once it exists.
2. Data Model
Using similar data models that exist for groups
public_documentssimilar togroup_documentspublic_promptssimilar togroup_promptspublic_workspacessimilar togroups
3. Backend APIs
- Use similar API model as groups
- reuse document processing APIs and functions, they need to be updated to support public_workspaces but they already do everything how we want.
4. UI Components
A. My Public Workspaces
- Location: In the My Account menu in base.html (visible only if user has CreatePublicWorkspaces role)
- Similar to the My Groups html, layout pagination, all of it should be similar
- Features:
- List of all Public Workspaces the user manages
- “New Public Workspace” button
- Click into workspace to assign roles (Owner/Admin/DocMgr)
- USERS CANNOT SEARCH FOR OR JOIN EXISTING public workspace
B. Administrate Public Workspace
NOTE: Is there a better title or name for this?
- Location: clicking on the admin button for a public workspace in My Public Workspaces
- Similar to the Manage Groups html, all of it should be similar
- Features identical to Group Workspace manage view:
- Manage public workspace name
- manage public workspace description
- add a member with their role
- THERE IS NOT PENDING REQEUSTS THOUGH, USERS CANNOT SEARCH FOR OR JOIN EXISTING public workspace
C. Manage Public Workspace
- Location: clicking on the manage button for a public workspace in My Public Workspaces
- Similar to the Group Workspace html, all of it should be similar
- Features identical to Group Workspace view
- Owner, Admins, Document Managers can upload/edit metadata/extract metadata/delete documents
- Owner, Admins, Document Managers can create/edit/delete
- Change active public workspace or click on My Public Workspaces
D. Public Workspaces Directory
- Location: New top-level menu or tab “Public Workspaces”
- Features:
- Accordion/list of all Public Workspaces
- Each entry shows (when expanded):
- Description
- Counts: # docs, # prompts
- Role holders: Owner, Admin, Document Manager
- Toggle switch to “Enable/Disable” for your chat context
5. Chat Integration
- In chat’s workspace selector dropdown, add Public category alongside Personal & Group.
- When “Public” selected:
- Option to choose “All Public Documents” or a specific Public Workspace’s documents.
- Prompts work the same as groups
# example of groups in cosmos
{
"id": "f3d0f94c-4842-49a2-b732-5f9ce31e93ca",
"name": "AWE Team",
"description": "Atmospheric Weather Eval team.",
"owner": {
"id": "07e60000-0000-0000-0000-0000000984a",
"email": "paullizer@retroburn.cloud",
"displayName": "Paul"
},
"admins": [
"60cf0000-0000-0000-0000-0000000c81b"
],
"documentManagers": [
"5f4d0000-0000-0000-0000-0000000ac33"
],
"users": [
{
"userId": "07e60000-0000-0000-0000-0000000984a",
"email": "paullizer@retroburn.cloud",
"displayName": "Paul"
},
{
"userId": "60cf0000-0000-0000-0000-0000000c81b",
"email": "tuxedo@retroburn.cloud",
"displayName": "Tuxedo (Paul Test)"
},
{
"userId": "5f4d0000-0000-0000-0000-0000000ac33",
"email": "adam@retroburn.cloud",
"displayName": "Adam"
}
],
"pendingUsers": [
{
"userId": "1d630000-0000-0000-0000-00000006f78",
"email": "paisley@retroburn.cloud",
"displayName": "Paisley (Paul Test)"
}
],
"createdDate": "2025-03-03T18:33:41.641949",
"modifiedDate": "2025-05-27T17:29:30.575103",
"_rid": "i7AdANIcPscCAAAAAAAAAA==",
"_self": "dbs/i7AdAA==/colls/i7AdANIcPsc=/docs/i7AdANIcPscCAAAAAAAAAA==/",
"_etag": "\"20007db4-0000-0100-0000-6835f67a0000\"",
"_attachments": "attachments/",
"_ts": 1748366970
}
# example of groups prompts in cosmos
{
"id": "7bd01c1c-7471-4d2a-96e4-4ec5c4a16ad2",
"group_id": "5e0e7057-bd47-482d-a19c-4dd71ebcc28e",
"uploaded_by_user_id": "07e60000-0000-0000-0000-0000000984a",
"name": "more",
"content": "more teting",
"type": "group_prompt",
"created_at": "2025-03-17T23:49:48Z",
"updated_at": "2025-03-17T23:49:48Z",
"_rid": "i7AdAPp94O4BAAAAAAAAAA==",
"_self": "dbs/i7AdAA==/colls/i7AdAPp94O4=/docs/i7AdAPp94O4BAAAAAAAAAA==/",
"_etag": "\"9600d2b4-0000-0100-0000-67d8b51c0000\"",
"_attachments": "attachments/",
"_ts": 1742255388
}
# example of groups documents in cosmos
{
"id": "84fe0c32-4846-46da-b5ad-a365d765c664",
"file_name": "NIST.SP.800-171r3.pdf",
"num_chunks": 0,
"number_of_pages": 120,
"current_file_chunk": 120,
"num_file_chunks": 1,
"upload_date": "2025-04-23T15:06:13Z",
"last_updated": "2025-04-23T15:10:11Z",
"version": 1,
"status": "Processing complete",
"percentage_complete": 100,
"document_classification": "Pending",
"type": "document_metadata",
"group_id": "d0b926b8-3142-44c7-b0cb-97eedd48c15e",
"_rid": "i7AdANAlgTwfAAAAAAAAAA==",
"_self": "dbs/i7AdAA==/colls/i7AdANAlgTw=/docs/i7AdANAlgTwfAAAAAAAAAA==/",
"_etag": "\"0f0059fd-0000-0100-0000-680902d30000\"",
"_attachments": "attachments/",
"document_id": "84fe0c32-4846-46da-b5ad-a365d765c664",
"user_id": "07e60000-0000-0000-0000-0000000984a",
"title": "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations",
"authors": [
"Ron Ross",
"Victoria Pillitteri"
],
"abstract": "The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides federal agencies with recommended security requirements for protecting the confidentiality of CUI when the information is resident in nonfederal systems and organizations. The requirements apply to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components. The security requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. This publication can be used in conjunction with its companion publication, NIST Special Publication 800-171A, which provides a comprehensive set of procedures to assess the security requirements.",
"keywords": [
"Controlled Unclassified Information",
"Executive Order 13556",
"FIPS Publication 199",
"FIPS Publication 200",
"FISMA",
"NIST Special Publication 800-53",
"nonfederal organizations",
"nonfederal systems",
"organization-defined parameter",
"security assessment",
"security control",
"security requirement"
],
"enhanced_citations": true,
"organization": "National Institute of Standards and Technology (NIST)",
"publication_date": "05/2024",
"_ts": 1745421011
}