Introduction
The purpose of this document is to provide design rationale for closing teams to new membership requests. The need for this arose due to challenge teams receiving membership requests after the challenge has been complete, causing unnecessary email traffic for the team managers.
Scenarios
Background
Alice is a team manager and Bob is a researcher interested in joining Alice's team. All scenarios assume people cannot join the team without manager authorization.
| Scenario | Outcome |
|---|---|
| Alice has closed the team to new membership requests. No invites/requests for Bob to join exist. Bob sends a request to join the team (through the API). | Bob receives an error stating the team is closed for new membership requests. |
| Alice sends an invite to Bob to join the team. Alice then proceeds to close the team to new membership requests. | Bob can still accept the membership invite and join the team. |
| Bob sends a request to join the team. Alice then proceeds to close the team to new membership requests. | Alice can still accept Bob's membership request to add him to the team. |
| Alice has closed the team to new membership requests. Alice invites Bob to join the team. | Bob can accept Alice's membership invite and join the team. |
Proposal
| Existing Model (modified) |
|---|
| Team |
id name description icon canPublicJoin etag createdOn modifiedOn createdBy modifiedBy canRequestMembership |
Related Services
| URI | Description | Modification | Access Check Performed | Method | Request Parameters | Request Body | Response Body |
|---|---|---|---|---|---|---|---|
| /team | Updates the Team metadata for the specified team. | No modification would be needed to update canRequestMembership boolean. Performing an UPDATE access check is acceptable. Need to throw an exception when canPublicJoin is true and canRequestMembership is set to false. | UPDATE | PUT | -- | Team | Team |
| /team/{id}/member/{principalId} | Add a member to the Team. If the one making the request is the user to be added, then the user must have an open invitation from the Team. If the one making the request is an administrator on the Team, then there must be a pending request from the user to the Team, asking to be added. | No change required. This service checks that a pending invite/request exists already before adding the user. This allows the user to join the team regardless of the status of canRequestMembership. | TEAM_MEMBERSHIP_UPDATE | PUT | -- | - | - |
| /teamMember | Add a member to the Team. Note: The request is authenticated by a hash message authentication code in the request body, generated by Synapse. The intended use of this service is by the portal, completing a round trip with a 'one-click join-team' link provided to the user by Synapse via email. | No change required. This service checks that a pending invite/request exists already before adding the user. This allows the user to join the team regardless of the status of canRequestMembership. | TEAM_MEMBERSHIP_UPDATE | PUT | portalEndpoint | NewUser | -- |
| /membershipInvitation | Create a membership invitation and send an email notification to the invitee. The team must be specified. Also, either an inviteeId or an inviteeEmail must be specified. Optionally, the creator may include an invitation message and/or expiration date for the invitation. If no expiration date is specified then the invitation never expires. | No change required. Team managers will always be able to invite users to the team. | CREATE | POST | acceptInvitationEndpoint notificationUnsubscribeEndpoint | MembershipInvitation | MembershipInvitation |
| /membershipRequest | Create a membership request and send an email notification to the administrators of the team. The Team must be specified. Optionally, the creator may include a message and/or expiration date for the request. If no expiration date is specified then the request never expires. | Must check canRequestMembership. If false, a 403 Forbidden status code will be returned stating the team is closed for membership requests. | -- | POST | acceptInvitationEndpoint notificationUnsubscribeEndpoint | MembershipRequest | MembershipRequest |
Related JIRA issues
PLFM-7425 - Getting issue details... STATUS
PLFM-7330 - Getting issue details... STATUS