Group Access

[jSylvestre]

For Groups, add ability to add at least the person manager role.

Two basic ways to go with this:

1. Push and add missing person admins to child teams.
2. Re-write security permissions so it looks at the group permissions. There would be a lot of possible issues doing it this way, including a way for them to choose the team they want to work in.

[jSylvestre]

Initial Plan:

• Add a nullable foreign key or some other indicator to the team permissions table to indicate that the team permission is controlled by the group
• Add a group team permissions table (note there is a groupPermissions table already, don't use that)
• Add a UI to the group page to allow users to be added to the group as injectable
• On create, go through all the group's teams and add that user as a person manager (maybe have it be able to do other roles)
• If the user is already there with a null foreign key to the group for that role, either delete it and add again with the FK or update the FK
• If the user is there with a different FK, just report that they can't be added because another group already did
• Add/reactivate them in the person table if they are not there (look into how it is done at the team level)
• On the team side, block deleting the team permission if it has a group FK (Probably show the group info to them somewhere)
• On Delete in the group, go through all the teams permissions and remove the role if it is a matching user/group
• Have an update button on the group that will go through all the team's permissions and add/delete in case the above actions didn't work.

[jSylvestre]

Questions:

• We need to add them to the team person table as well. If they are removed, should we delete the person as well? Assuming there are no assigned assets.
• Should the FK just be to the group? Or should there also be a FK between the 2 permissions (group and team)?
• Do we need a search on the team picker page if there people will have access to a large number of teams?