Content
View differences
Updated by Oliver Günther 6 months ago
When using the template functionality, users able to copy or instantiate a template need to have the copy projects permission in the template project. As this is a regular membership, it prevails after a copy unless copying _all_ members are explicitly unselected during instantation. It would be nice to be able to differentiate access to the template project, vs templated memberships to be copied
### **Acceptance criteria**
* (Project) administrators have a way to define roles that are not copied on template instantiation
### **Technical notes**
There are multiple possible ways to implement this:
<br>
##### Option 1: Add a template\_role flag to ProjectRole
* Add a boolean column (e.g., template\_only) to the roles table
* Roles marked as template\_only: true would be excluded during project copying in MembersDependentService
* Add validation to prevent assigning template roles to non-template projects
**Pros:**
* A role is easily identifiable as templated, so you could show it in all global and project views
* Implementation and contracting should be simple for the Role creation service and the member creation service
**Cons:**
* Needs admins to set this up, less flexibility in each template
* I could see this lead to creating duplicate roles (e.g., "Editor" and "Template Editor") with same permissions, that are hard to understand.
##### Option 2: Global setting for roles excluded from template copy
<br>
* Add a global setting like template\_excluded\_role\_ids (array of ints) in Settings::Definition
* During copy, filter out roles whose IDs are in this list
**Pros:**
* Easiest to implement, as this is just applied on template copy
* Single place to manage this behavior
* Works with existing role structure
**Cons:**
* Hard for project admins to find out which roles are affected
* Need an admin to change this
<br>
##### Option 3: Per-template setting for excluded roles
<br>
* Add a store\_attribute :settings, :excluded\_role\_ids\_on\_copy, :array to Project (for templates only)
* During copy in MembersDependentService, check if the source project has this setting and filter accordingly
**Pros:**
* Most flexible, each template can have its own excluded roles
* Doesn't require changes and migrations to roles
**Cons:**
* You need to configure it per template
* Same role can be copied from one template but not another, which might be confusing
<br>
##### Option 4: Per-template setting for included/excluded members
* Select users or groups in the template that you want to include or exclude
### **Acceptance criteria**
* (Project) administrators have a way to define roles that are not copied on template instantiation
### **Technical notes**
There are multiple possible ways to implement this:
<br>
##### Option 1: Add a template\_role flag to ProjectRole
* Add a boolean column (e.g., template\_only) to the roles table
* Roles marked as template\_only: true would be excluded during project copying in MembersDependentService
* Add validation to prevent assigning template roles to non-template projects
**Pros:**
* A role is easily identifiable as templated, so you could show it in all global and project views
* Implementation and contracting should be simple for the Role creation service and the member creation service
**Cons:**
* Needs admins to set this up, less flexibility in each template
* I could see this lead to creating duplicate roles (e.g., "Editor" and "Template Editor") with same permissions, that are hard to understand.
##### Option 2: Global setting for roles excluded from template copy
<br>
* Add a global setting like template\_excluded\_role\_ids (array of ints) in Settings::Definition
* During copy, filter out roles whose IDs are in this list
**Pros:**
* Easiest to implement, as this is just applied on template copy
* Single place to manage this behavior
* Works with existing role structure
**Cons:**
* Hard for project admins to find out which roles are affected
* Need an admin to change this
<br>
##### Option 3: Per-template setting for excluded roles
<br>
* Add a store\_attribute :settings, :excluded\_role\_ids\_on\_copy, :array to Project (for templates only)
* During copy in MembersDependentService, check if the source project has this setting and filter accordingly
**Pros:**
* Most flexible, each template can have its own excluded roles
* Doesn't require changes and migrations to roles
**Cons:**
* You need to configure it per template
* Same role can be copied from one template but not another, which might be confusing
<br>
##### Option 4: Per-template setting for included/excluded members
* Select users or groups in the template that you want to include or exclude