Closing a Team to New Membership Requests
- Peter Harvey (Unlicensed)
Introduction
The purpose of this document is to provide design rationale for closing teams to new membership requests. The need for this arose due to challenge teams receiving membership requests after the challenge has been complete, causing unnecessary email traffic for the team managers.
Scenarios
Background
Alice is a team manager and Bob is a researcher interested in joining Alice's team. All scenarios assume people cannot join the team without manager authorization.
| Scenario | Outcome |
|---|---|
| Alice has closed the team to new membership requests. No invites/requests for Bob to join exist. Bob sends a request to join the team (through the API). | Bob receives an error stating the team is closed for new membership requests. |
| Alice sends an invite to Bob to join the team. Alice then proceeds to close the team to new membership requests. | Bob can still accept the membership invite and join the team. |
| Bob sends a request to join the team. Alice then proceeds to close the team to new membership requests. | Alice can still accept Bob's membership request to add him to the team. |
| Alice has closed the team to new membership requests. Alice invites Bob to join the team. | Bob can accept Alice's membership invite and join the team. |
Proposal
| Existing Model (modified) |
|---|
| Team |
id name description icon canPublicJoin etag createdOn modifiedOn createdBy modifiedBy canRequestMembership (boolean) |
Related APIs
| URI | Method | Description | Access Check Performed | Request Parameters | Request Body | Response Body | Notes |
|---|---|---|---|---|---|---|---|
| /team | PUT | Updates the Team metadata for the specified team. | UPDATE | -- | Team | Team | No modification would be needed to update canRequestMembership boolean. Performing an UPDATE access check is acceptable. |
| /membershipRequest | POST | Create a membership request and send an email notification to the administrators of the team. The Team must be specified. Optionally, the creator may include a message and/or expiration date for the request. If no expiration date is specified then the request never expires. | - | acceptInvitationEndpoint notificationUnsubscribeEndpoint | MembershipRequest | MembershipRequest | Must check canRequestMembership. If false, a 400 bad request status code will be returned stating the team is closed for membership requests. |
| /membershipInvitation | POST | Create a membership invitation and send an email notification to the invitee. The team must be specified. Also, either an inviteeId or an inviteeEmail must be specified. Optionally, the creator may include an invitation message and/or expiration date for the invitation. If no expiration date is specified then the invitation never expires. | CREATE | acceptInvitationEndpoint notificationUnsubscribeEndpoint | MembershipInvitation | MembershipInvitation | No change required. Team managers will always be able to invite users to the team. |
| /team/{id}/member/{principalId} | PUT | Add a member to the Team. If the one making the request is the user to be added, then the user must have an open invitation from the Team. If the one making the request is an administrator on the Team, then there must be a pending request from the user to the Team, asking to be added. | TEAM_MEMBERSHIP_UPDATE | - | - | - | No change required. This service checks that a pending invite/request exists already before adding the user. This allows the user to join the team regardless of the status of canRequestMembership. |
| /teamMember | PUT | Add a member to the Team. Note: The request is authenticated by a hash message authentication code in the request body, generated by Synapse. The intended use of this service is by the portal, completing a round trip with a 'one-click join-team' link provided to the user by Synapse via email. | TEAM_MEMBERSHIP_UPDATE | portalEndpoint | NewUser | - | No change required. This service checks that a pending invite/request exists already before adding the user. This allows the user to join the team regardless of the status of canRequestMembership. |
Behavior with canPublicJoin
canRequestMembership | |||
| True | False | ||
| canPublicJoin | True | User can join team without membership request. | User can join team without membership request. |
| False | User must submit membership request to join team. | No user can request membership. | |
Related JIRA issues
PLFM-7425 - Getting issue details... STATUS
PLFM-7330 - Getting issue details... STATUS