[ocis] Space admin can't edit space when not a member

[JammingBen]

User Story

• as a space Admin i want to edit basic properties of the space to help building an understandable and meaningful org structure

Value

• Bring order to chaos :smile

Acceptance criteria

• New Manage Properties permission

  • name
  • subtitle

• New Enable / Disable a space permission

• These permissions should be added to the "Space Admin" Role

• Check the 2 new permissions in the DecomposedFS

Definition of ready

[ ] everybody needs to understand the value written in the user story
[ ] acceptance criteria has to be defined
[ ] all dependencies of the user story need to be identified
[ ] feature should be seen from an end user perspective
[ ] user story has to be estimated
[ ] story points need to be less then 20

Definition of done

• Functional requirements
  [ ] functionality described in the user story works
  [ ] acceptance criteria are fulfilled
• Quality
  [ ] code review happened
  [ ] CI is green
  [ ] critical code received unit tests by the developer
  [ ] automated tests passed (if automated tests are not available, this test needs to be created and passed
• Non-functional requirements
  [ ] no sonar cloud issues

[JammingBen]

@micbar fyi we noticed this with the new implementation of space management in Web.

[micbar]

good question. IMO needs to be discussed.

[kulmann]

good question. IMO needs to be discussed.

The spaces section in the admin-settings app is pointless if I can't modify spaces where the I'm not a member. 😉

[ScharfViktor]

admin also cannot edit another user's space if he is not a member. he can increase the quota and disable/delete spaces.

The space admin was the user who could create the space. Now he is more than a creator of space, he want to manage other spaces. There will be few such users i think, less than those who only can create space. won't this be a problem in the future?

[JammingBen]

Can this be closed as https://jira.owncloud.com/browse/OCIS-3278 is marked as "done"?

[JammingBen]

There still seem to be some issues with a space admin's default permissions:

• A space admin can't update name and description of a space when they are not a member
• A space admin can't enable a space when they are not a member
• A space admin has the permission list-all-spaces.all, which seems to give them the ability to deactivate and delete spaces. Shouldn't this be handled by the permission delete-all-spaces.all? Because that one is missing.

cc @micbar

[kobergj]

@JammingBen is this fixed? I couldn't reproduce on current master

Regarding last question: There is a specific permission for enabling/disabling spaces. It's called Drive.ReadWriteEnabled (follows new naming scheme already)

[JammingBen]

@JammingBen is this fixed? I couldn't reproduce on current master

Seems to be fixed on current master, thx!

Regarding last question: There is a specific permission for enabling/disabling spaces. It's called Drive.ReadWriteEnabled (follows new naming scheme already)

So Drive.ReadWriteEnabled also includes deleting spaces? Or which permission is handling that?

[kobergj]

No. Delete Spaces has also its own two permissions: delete-all-spaces and delete-all-home-spaces

[JammingBen]

Okay, but that's the part I don't get. Because as space admin, I can delete spaces without having either of these permissions.

[kobergj]

True! I missed that one even though I implemented it myself 😄

You are absolutely right. Drive.ReadWriteEnabled also allows you to delete project spaces. Sorry for confusion.

[JammingBen]

Okay, thanks for the clarification! Then we can close here I guess 🙂