Content
View differences
Updated by Marc Alcobé almost 3 years ago
# User problem
### User
* Project manager
* Team lead
* Project member
* Customer
* Supplier
### User problem and their pain
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Problem: What problem or job does the user have?</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Pain: What is the primary workaround that users perform that we could remove or replace? Why is it painful?</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Users don't have access to the work packages that they need for the project team to work efficiently.</p></td><td class="op-uc-table--cell"><p class="op-uc-p">The communication is done by email or chat. There is no single source of truth anymore.</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Users have access to confidential data that they should not know. </p></td><td class="op-uc-table--cell"><p class="op-uc-p">Adding too many users to a project violates the need-to-know-principle. People then don't put relevant information into the work packages because they are afraid this might leak to the wrong users. </p></td></tr></tbody></table></figure>
### Impact
* It removes the need to duplicate information. It increases transparency and avoids extra effort and chaos.
# User flow
This user flow is available in the [Figma file](https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841) where the linked mockups are also clickable.
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/51966/content">
# Solution and acceptance criteria
### Entry points
* In the toolbar of a work package full screen there is button that open a share modal. (Visual: [_0\_0\_00 - Â Full screen - Share button_](https://community.openproject.org/api/v3/attachments/51967/content)).
* This can also be triggered using the share button in the action bar of the work package split screen view (Visual: [_1\_0\_00 - Split\_screen - Share button_](https://community.openproject.org/api/v3/attachments/51971/content)).
* There is a possibility that the user doesn't have permissions to share this work package. If that's the case an error toast will appear on top of the screen when the entry point button is clicked. (Visual: [_0\_1\_00 - Full\_screen - No share permissions_](https://community.openproject.org/api/v3/attachments/51983/content)).
### Share modal
* The action opens a modal in the center of the screen with the following information:
* **Modal title:** "\[Share icon\] + Share + \[Work package type\] + \[#ID\]".
* **User search area:** Search field (for users and emails) with the default text _"Name, group or email address"_ + Permissions dropdown with _"View"_ by default + Add button (this button performs the call to the backend therefore there is no confirmation action on the modal action bar). bar)
* Possible **\[open\]** Is it possible to select project members to share with? This might be helpful if the user and permissions cases listed bellow. should be generally allowed to see all work packages but only edit a selected few.
* **Users list:** list of users that the work package is shared with in the format "\[Avatar\] + Name or email". There is multiple possibilities here:
* **Existing user (not in the project):** user known by the instance with an avatar associated but not inside the project and therefore doesn't have a project role associated.
* **Existing user (in the project):** user known in the instance with an avatar associated that is already member of the project where this work package resides. The project role overrides the share permissions and is shown next to the name.
* Not **\[open\]** Does that mean that all project members are listed, listed in the 'Users list'? Or would that list only the contain users which the work package has proactively been shared with.
* The permissions system for this users is not an EXCLUDE system but rather an ADD system. For example:
1. The work package is shared to with? As a concrete example, would a user with project "reader" role with permissions "comment". This user will now have all the permissions for "reader" and for this work package "comment" permissions.
2. The work package is shared to with who is also a user member be listed with the role granted? If all project "admin" members are listed, the list would become quite long.
* **\[open\]** Does the project role with also override the permissions "view". This granted. E.g. a user will still might only have all the permissions permission to see work packages by their member role but is granted edit permission on this the work package because package. What would be the "view" are adding permissions that resulting permission the user already have due to being "admin". has on the work package?
* **Locked user:** the user will be displayed with a lock icon instead of an avatar. _(to be designed)_
* **Existing group:** group of users known in the instance with an avatar associated. The users of this group are not individually added or displayed in the list.
* If **\[clarification\]** if a user is both in part of a role already shared group and with is granted an individual shared, both the group and the sharing, will that user will be listed and the individual permission will override the group one. listed?
* **New user (email address):** user not known by the instance and shared via the email address that displayed in the list. In case the user hasn't accepted the invitation email there is a "Resend invitation" link next to the email address. As the user is external a "email" avatar is displayed
* **\[open\]** The list might become quite long if the work package is shared with a lot of users, e.g. for a milestone central to the whole company. What are the means to find a user the work package is shared with in order to revoke that sharing.
* **Action bar:** The modal action bar containing a single button to "Close" the modal.
* In the share modal the user should be able to:
1. Add an existing user with a specific permission
2. Add an existing group with a specific permission
3. Invite a new user with a specific permission via email address
4. Understand the invitation status
5. Modify the permissions related to already invited users
6. Revoke invitations and remove access to the work package
1. **\[open\]** will the user, whose invitation is revoked, still be able to log into the application? Denying this would require the revoking user to have the permission to delete users.
7. Resend email invitations for users who hasn't accepted yet the invitation
* The modal UI cases are specified in the visuals and the user flow have mockups linked in the [Figma file](https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841). file](https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841) (General visual: [_2\_4\_00 - Share modal - With all cases_](https://community.openproject.org/api/v3/attachments/51991/content)).
* If the user tries to share the work package with a user that has been already shared with:
* Already shared with a existing user or group (Visual: [2\_2\_03 - Share modal - User error](https://community.openproject.org/api/v3/attachments/51976/content))
* Already shared with a new user via email address (Visual: [2\_1\_04 - Share modal - Email sharing error](https://community.openproject.org/api/v3/attachments/51987/content))
* If a **New user** or a **Existing user (not in the project)** is added afterwards to the project as member their status in all the shared work packages will be updated with their role in the project.
* If the work package is shared with an **Existing user** who is inside of a **Group** already in the list of shared users, the individual permissions set will always override the group permissions.
* Placeholder users are not selectable for sharing work packages.
### Invite Email/Notification
* **For existing users:**
* An email is sent to the user (using their email address) that has been invited to the work package with the information of who has shared the work package with him/her/they, which is the role and permissions that they have and the basic information of the work package (Visual: [_3\_1\_00 - Shared user - Existing user_](https://community.openproject.org/api/v3/attachments/51982/content)).
* In case the invitation is to a group, all group members will receive an email with the information saying that that they have been invited as part of a group (Visual: [_3\_2\_00 - Shared user - Group_](https://community.openproject.org/api/v3/attachments/51981/content)).
* In addition to the email, the user will receive a notification in their notification centre for each work package they have been added to. This should also trigger an activity entry. _(to be designed)_
* **For new users:**
* Newly invited users receive an email with a access-token that allows the user to create a user account following the steps specified in [#46285](https://community.openproject.org/work_packages/46285).
* The invited user creates a user account with a password, name and surname. This allows the user to access all work packages that are shared with this user. It also allows the user to change its notification settings.
### Filter "Share with user"
* In order to filter the work packages inside and outside of a specific project depending on their share status a new filter type should be created (Visual: [4\_0\_00 - Shared with users filter](https://community.openproject.org/api/v3/attachments/51992/content)).
* This filter is part of the common filters and has the name "Share with user". This will contain four different options:
* Is
* Is not
* Any
* None
* This filter will be added as a default view in the global work packages module (outside of any project). This case is specified bellow.
* **\[open\]** Should every user be able to see this column? For watchers, there is a specific permission.
### Trigger notifications
* Shared users as they have a linked account can be mentioned and added as watchers.
* Shared users should be able to receive relevant notifications in their notification centre when mentioned or there is changes in work packages they are watching.
* A **\[open\]** Does this entail any rework on the notification settings will be needed due settings, e.g. on the per project settings? This might necessitate the project of shared with work packages to this. There will be a new "Participating" notification role with "Shared with". _(to be designed)_ included in the project list so that the user can choose the project for individual settings.
### Global access to shared work packages
* The Inside of the global index pages for work packages will look module (outside of any project) there is two new menu entries:
* **Shared with me:** A default view with the same filter "Shared with" with a value of "is" and the user added as the current implementation. unique filter value. (Visual: [_5\_1\_00 - Shared with me_](https://community.openproject.org/api/v3/attachments/51995/content))
* **Shared with users:** A default view with the filter "Shared with" in the value "any". (Visual: [_5\_1\_01 - Shared with users_](https://community.openproject.org/api/v3/attachments/51997/content))
* For users that only have access to single work packages because they are not invited to any project in the instance the view in the global work packages module will be limited to (Visual: [_5\_0\_00 - Shared with me - New user_](https://community.openproject.org/api/v3/attachments/51994/content)):
* Access only to the menu entry "Shared with me"
* **\[open\]** Implementation of this feature will require considerable effort. Having the full list of default views will not reveal any information.
* They will have access only to the information related to the work packages they have been invited to.
* Inside of the table view the columns will be:
* ID
* Subject
* Type
* Assignee
* Shared with
* Project
* They should be able to group and filter the work packages that are shard with them.
* They will not be able to access the project views, other users, other work packages lists or any other page not related to the work packages shared with them.
* The shared users will be able to see the name of the project of the work packages shared in the project drop downs and selections. shared. In case this are inside of a sub-project, they will only can see the sub-project (current implementation if a user is full member complete hierarchy of parent project and sub-project.
* **\[open\]** Does this include the project showing up in a sub-project). all project select dropdowns?
* The **\[open\]** This will mean that the user can then access the project but within it would only find the work package module enabled with the work packages shared listed. listed, correct?
* **\[open\]** Displaying the full hierarchy in case of a work package shared in a sub project will be quite complicated. We also don't do this currently if a user is full member in a sub-project.
### Work package table column "Shared with user"
* Showing the first user that has been shared with. with
* As an exception of the current implementation this **\[open\]** This requires a user with whom a work package is shared to be able to see potentially all other members of the project. Currently, the application limits the users viewable to only those the user for which is queried is in the same project with.
* Indicate with a badge if there are more than one user shared
* Clicking on the cell opens the share modal
* No sorting or grouping for this column
### Members administration page
* When a user is fully removed from an instance, in the confirmation modal should include the information that all work packages shares will be also eliminated.
* **\[open\]** Does this statement reference the user administration page or the member administration page? It would make sense to state, upon removal of a membership, that the user still has individual work packages shared with them, if that is the case.
### Copying a project
* Copying a project will copy the shares of its work packages.
* This will trigger **\[open\]** Will notifications be sent for the shares that are copied if the user copying has checked the notification setting activated. "Sent notifications" checkbox? Assumption is that this should be the case.
### Permissions
* There is an additional setting that activates the sharing with external guest users. So organisations can ensure that only users that are authenticated against the connected identity provider have access to OpenProject.
* Separate permissions are required for project roles to share work packages for both internal (**Existing user** or **Groups**) with project-external users (**New user**).
* **\[open\]** There is the risk of privilege escalation here. A user with only the permission to view work packages and share them should not have the permission to grant sharing on an edit level. So the permissions the user administrating the sharing should limit the sharing levels: Only a user having the `edit_work_packages` permission should be able to add edit-level sharings.
* **\[open\]** For sharing with new users, the user would also need the `create_user` permission, correct?
* There are three permission levels to share work packages with **New user, Groups** or **Existing users (not in the project)**
* Edit
* Comment
* View
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Comment</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View</p></th></tr></thead><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Become assignee</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Log time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View logged time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View own logged time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">See version</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Assign versions</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit work package attributes</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Add comment</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit relations</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View attachments</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Upload attachments</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Nextcloud links (if the user has NC account)</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Manage watchers (add and delete)</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Watch work package</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View watchers list</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Show GitHub content</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Export</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Change project</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">See costs and budgets</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Copy work package</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr></tbody></table></figure>
* The **\[open\]** Should there be a limitation on changing the parent of the work package? Oftentimes, the users with Edit permissions will not be able allowed to change and create relations (including see the parent work packages) but they will only see displayed package since that is not shared with them.
* **\[open\]** For a user able to edit, additional resources in the work packages where they have access or project need to become visible:
* all member users
* all member groups
* all categories
* all versions in case there is a version custom field the user should be allowed to edit rights.
* Copying **\[open\]** Will the shared with work package be available to create a relation with? Assumption - yes.
* **\[open\]** When copying a shared with work package, will only be possible with Edit permissions. To avoid duplicates what is the list of projects to copy to? At least when copying a single work packages, only copy package, there currently is no project selection. When copying in bulk, there is a project selection.
* **\[open\]** Should the "Change project" permission that needs to other projects will be available. added also become a permission assignable to members? If so, how would that permission distributed when seeding new instances and how is it introduced into existing instances?
# Visuals available in Figma
https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841
#### NOTE: Non of the current UI is using Primer components. The designs are not definitive and need to be updated!
#### <img class="op-uc-image op-uc-image_inline">
# Out of scope
* Share work packages with other projects
* Private comments
* Additional permissions for work package attributes and custom fields
* Sharing work packages with the project hierarchy (e.g. milestones that are shared with sub-projects)
* Change of the auto completer for users
* Change of the behaviour of filter option and values. Currently the available filters and their values are determined by the project filtered in. This is an limitation that already exists for sub-projects or included projects.
* Access tokens for individual work packages so users don't need to create a user account.
* Boards: Not possible to have a column for shared with user on assignee board
* Team planner: Not possible to have a row for shared with user on team planner
* Inside of the global work packages module (outside of any project) there is two new menu entries:
* **Shared with me:** A default view with the filter "Shared with" with a value of "is" and the user added as the unique filter value.
* **Shared with users:** A default view with the filter "Shared with" in the value "any".
# Open topics
### Naming
* Is share a good naming for this if users can access the work package without creating an account? Should we maybe use something like "Invite" or "Manage access"?
### Entry points
* Do we display the entry points (buttons) for share if the user doesn't have permissions.
### Capabilities of shared with user
* Confirm that shared users shouldn't be able to see Costs or Budgets
### Column in the work package table
* Is it a business requirement to have this column? Will it be really used?
* Assumption - showing shared to users in table is used sporadically
* Apply pattern used for related work packages to not decrease performance on all work package list requests
* Requires endpoint to get all shares based on filter
* Showing the first user that has been shared with means that users will have access to all the users that the work package is shared with, is there any data problem with this?
* Should every user be able to see this column? For watchers, there is a specific permission.
### Revoked users
Will revoked users (whose invitation is revoked) still be able to log into the application? Denying this would require the revoking user to have the permission to delete users.
### Members administration page
* When a user is fully removed from an instance (admin user level) do we want all its shared WP should be also revoked? Or they keep access to those WPs?
* When a user is only removed from a project (member level) can they can preserve the individual WP shared access?
### Permissions
* There is the risk of privilege escalation here. A user with only the permission to view work packages and share them should not have the permission to grant sharing on an edit level. So the permissions the user administrating the sharing should limit the sharing levels: Only a user having the `edit_work_packages` permission should be able to add edit-level sharing.
* For sharing with new users, the user would also need the `create_user` permission, correct?
* For the edit permissions, additional resources in the project need to become visible:
* all member users
* all member groups
* all categories
* all versions in case there is a version custom field the user should be allowed to edit
* Should the "Change or copy to other project" permission needs to be added also become a permission assignable to members? If so, how would that permission distributed when seeding new instances and how is it introduced into existing instances?
### User
* Project manager
* Team lead
* Project member
* Customer
* Supplier
### User problem and their pain
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Problem: What problem or job does the user have?</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Pain: What is the primary workaround that users perform that we could remove or replace? Why is it painful?</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Users don't have access to the work packages that they need for the project team to work efficiently.</p></td><td class="op-uc-table--cell"><p class="op-uc-p">The communication is done by email or chat. There is no single source of truth anymore.</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Users have access to confidential data that they should not know. </p></td><td class="op-uc-table--cell"><p class="op-uc-p">Adding too many users to a project violates the need-to-know-principle. People then don't put relevant information into the work packages because they are afraid this might leak to the wrong users. </p></td></tr></tbody></table></figure>
### Impact
* It removes the need to duplicate information. It increases transparency and avoids extra effort and chaos.
# User flow
This user flow is available in the [Figma file](https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841) where the linked mockups are also clickable.
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/51966/content">
# Solution and acceptance criteria
### Entry points
* In the toolbar of a work package full screen there is button that open a share modal. (Visual: [_0\_0\_00 - Â Full screen - Share button_](https://community.openproject.org/api/v3/attachments/51967/content)).
* This can also be triggered using the share button in the action bar of the work package split screen view (Visual: [_1\_0\_00 - Split\_screen - Share button_](https://community.openproject.org/api/v3/attachments/51971/content)).
* There is a possibility that the user doesn't have permissions to share this work package. If that's the case an error toast will appear on top of the screen when the entry point button is clicked. (Visual: [_0\_1\_00 - Full\_screen - No share permissions_](https://community.openproject.org/api/v3/attachments/51983/content)).
### Share modal
* The action opens a modal in the center of the screen with the following information:
* **Modal title:** "\[Share icon\] + Share + \[Work package type\] + \[#ID\]".
* **User search area:** Search field (for users and emails) with the default text _"Name, group or email address"_ + Permissions dropdown with _"View"_ by default + Add button (this button performs the call to the backend therefore there is no confirmation action on the modal action bar).
* Possible
* **Users list:** list of users that the work package is shared with in the format "\[Avatar\] + Name or email". There is multiple possibilities here:
* **Existing user (not in the project):** user known by the instance with an avatar associated but not inside the project and therefore doesn't have a project role associated.
* **Existing user (in the project):** user known in the instance with an avatar associated that is already member of the project where this work package resides. The project role overrides the share permissions and is shown next to the name.
* Not
* The permissions system for this users is not an EXCLUDE system but rather an ADD system. For example:
1. The work package is shared to
2. The work package is shared to
* **\[open\]** Does the project
* **Locked user:** the user will be displayed with a lock icon instead of an avatar. _(to be designed)_
* **Existing group:** group of users known in the instance with an avatar associated. The users of this group are not individually added or displayed in the list.
* If
* **New user (email address):** user not known by the instance and shared via the email address that displayed in the list. In case the user hasn't accepted the invitation email there is a "Resend invitation" link next to the email address. As the user is external a "email" avatar is displayed
* **\[open\]** The list might become quite long if the work package is shared with a lot of users, e.g. for a milestone central to the whole company. What are the means to find a user the work package is shared with in order to revoke that sharing.
* **Action bar:** The modal action bar containing a single button to "Close" the modal.
* In the share modal the user should be able to:
1. Add an existing user with a specific permission
2. Add an existing group with a specific permission
3. Invite a new user with a specific permission via email address
4. Understand the invitation status
5. Modify the permissions related to already invited users
6. Revoke invitations and remove access to the work package
1. **\[open\]** will the user, whose invitation is revoked, still be able to log into the application? Denying this would require the revoking user to have the permission to delete users.
7. Resend email invitations for users who hasn't accepted yet the invitation
* The modal UI cases are specified in the visuals and the user flow have mockups linked in the [Figma file](https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841).
* If the user tries to share the work package with a user that has been already shared with:
* Already shared with a existing user or group (Visual: [2\_2\_03 - Share modal - User error](https://community.openproject.org/api/v3/attachments/51976/content))
* Already shared with a new user via email address (Visual: [2\_1\_04 - Share modal - Email sharing error](https://community.openproject.org/api/v3/attachments/51987/content))
* If a **New user** or a **Existing user (not in the project)** is added afterwards to the project as member their status in all the shared work packages will be updated with their role in the project.
* If the work package is shared with an **Existing user** who is inside of a **Group** already in the list of shared users, the individual permissions set will always override the group permissions.
* Placeholder users are not selectable for sharing work packages.
### Invite Email/Notification
* **For existing users:**
* An email is sent to the user (using their email address) that has been invited to the work package with the information of who has shared the work package with him/her/they, which is the role and permissions that they have and the basic information of the work package (Visual: [_3\_1\_00 - Shared user - Existing user_](https://community.openproject.org/api/v3/attachments/51982/content)).
* In case the invitation is to a group, all group members will receive an email with the information saying that that they have been invited as part of a group (Visual: [_3\_2\_00 - Shared user - Group_](https://community.openproject.org/api/v3/attachments/51981/content)).
* In addition to the email, the user will receive a notification in their notification centre for each work package they have been added to. This should also trigger an activity entry. _(to be designed)_
* **For new users:**
* Newly invited users receive an email with a access-token that allows the user to create a user account following the steps specified in [#46285](https://community.openproject.org/work_packages/46285).
* The invited user creates a user account with a password, name and surname. This allows the user to access all work packages that are shared with this user. It also allows the user to change its notification settings.
### Filter "Share with user"
* In order to filter the work packages inside and outside of a specific project depending on their share status a new filter type should be created (Visual: [4\_0\_00 - Shared with users filter](https://community.openproject.org/api/v3/attachments/51992/content)).
* This filter is part of the common filters and has the name "Share with user". This will contain four different options:
* Is
* Is not
* Any
* None
* This filter will be added as a default view in the global work packages module (outside of any project). This case is specified bellow.
* **\[open\]** Should every user be able to see this column? For watchers, there is a specific permission.
### Trigger notifications
* Shared users as they have a linked account can be mentioned and added as watchers.
* Shared users should be able to receive relevant notifications in their notification centre when mentioned or there is changes in work packages they are watching.
### Global access to shared work packages
* The
* **Shared with me:** A default view with
* **Shared with users:** A default view with the filter "Shared with" in the value "any". (Visual: [_5\_1\_01 - Shared with users_](https://community.openproject.org/api/v3/attachments/51997/content))
*
* Access only to the menu entry "Shared with me"
* **\[open\]** Implementation of this feature will require considerable effort. Having the full list of default views will not reveal any information.
* They will have access only to the information related to the work packages they have been invited to.
* Inside of the table view the columns will be:
* ID
* Subject
* Type
* Assignee
* Shared with
* Project
* They should be able to group and filter the work packages that are shard with them.
* They will not be able to access the project views, other users, other work packages lists or any other page not related to the work packages shared with them.
*
* **\[open\]** Does this include the project showing up
* The
* **\[open\]** Displaying the full hierarchy in case of a work package shared in a sub project will be quite complicated. We also don't do this currently if a user is full member in a sub-project.
### Work package table column "Shared with user"
* Showing the first user that has been shared with.
* As an exception of the current implementation this
* Indicate with a badge if there are more than one user shared
* Clicking on the cell opens the share modal
* No sorting or grouping for this column
###
* When a user is fully removed from an instance, in the confirmation modal should include the information that all work packages shares will be also eliminated.
* **\[open\]** Does this statement reference the user administration page or the member administration page? It would make sense to state, upon removal of a membership, that the user still has individual work packages shared with them, if that is the case.
###
* Copying a project will copy the shares of its work packages.
* This will trigger
### Permissions
* There is an additional setting that activates the sharing with external guest users. So organisations can ensure that only users that are authenticated against the connected identity provider have access to OpenProject.
* Separate permissions are required for project roles to share work packages for both internal (**Existing user** or **Groups**) with project-external users (**New user**).
* **\[open\]** There is the risk of privilege escalation here. A user with only the permission to view work packages and share them should not have the permission to grant sharing on an edit level. So the permissions the user administrating the sharing should limit the sharing levels: Only a user having the `edit_work_packages` permission should be able to add edit-level sharings.
* **\[open\]** For sharing with new users, the user would also need the `create_user` permission, correct?
* There are three permission levels to share work packages with **New user, Groups** or **Existing users (not in the project)**
* Edit
* Comment
* View
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Comment</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View</p></th></tr></thead><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Become assignee</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Log time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View logged time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View own logged time</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">See version</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Assign versions</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit work package attributes</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Add comment</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Edit relations</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View attachments</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Upload attachments</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Nextcloud links (if the user has NC account)</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Manage watchers (add and delete)</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Watch work package</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">View watchers list</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Show GitHub content</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Export</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Change project</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"> </span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">See costs and budgets</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Copy work package</p></th><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled" checked="checked"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td><td class="op-uc-table--cell"><ul class="todo-list op-uc-list_task-list op-uc-list"><li class="op-uc-list--item"><label class="todo-list__label"><input type="checkbox" disabled="disabled"><span class="todo-list__label__description"></span></label></li></ul></td></tr></tbody></table></figure>
* The
* **\[open\]** For a user able to edit, additional resources in
* all member users
* all member groups
* all categories
* all versions in case there is a version custom field the user should be allowed to
* Copying
* **\[open\]** When copying a
* **\[open\]** Should the "Change project" permission that needs
# Visuals available in Figma
https://www.figma.com/file/PlN4AmkwHNabNiT1Z7nZAA/Share-Work-Packages?node-id=53%3A7841
#### NOTE: Non of the current UI is using Primer components. The designs are not definitive and need to be updated!
#### <img class="op-uc-image op-uc-image_inline">
# Out of scope
* Share work packages with other projects
* Private comments
* Additional permissions for work package attributes and custom fields
* Sharing work packages with the project hierarchy (e.g. milestones that are shared with sub-projects)
* Change of the auto completer for users
* Change of the behaviour of filter option and values. Currently the available filters and their values are determined by the project filtered in. This is an limitation that already exists for sub-projects or included projects.
* Access tokens for individual work packages so users don't need to create a user account.
* Boards: Not possible to have a column for shared with user on assignee board
* Team planner: Not possible to have a row for shared with user on team planner
* Inside of the global work packages module (outside of any project) there is two new menu entries:
* **Shared with me:** A default view with the filter "Shared with" with a value of "is" and the user added as the unique filter value.
* **Shared with users:** A default view with the filter "Shared with" in the value "any".
# Open topics
### Naming
* Is share a good naming for this if users can access the work package without creating an account? Should we maybe use something like "Invite" or "Manage access"?
### Entry points
* Do we display the entry points (buttons) for share if the user doesn't have permissions.
### Capabilities of shared with user
* Confirm that shared users shouldn't be able to see Costs or Budgets
### Column in the work package table
* Is it a business requirement to have this column? Will it be really used?
* Assumption - showing shared to users in table is used sporadically
* Apply pattern used for related work packages to not decrease performance on all work package list requests
* Requires endpoint to get all shares based on filter
* Showing the first user that has been shared with means that users will have access to all the users that the work package is shared with, is there any data problem with this?
* Should every user be able to see this column? For watchers, there is a specific permission.
### Revoked users
Will revoked users (whose invitation is revoked) still be able to log into the application? Denying this would require the revoking user to have the permission to delete users.
### Members administration page
* When a user is fully removed from an instance (admin user level) do we want all its shared WP should be also revoked? Or they keep access to those WPs?
* When a user is only removed from a project (member level) can they can preserve the individual WP shared access?
### Permissions
* There is the risk of privilege escalation here. A user with only the permission to view work packages and share them should not have the permission to grant sharing on an edit level. So the permissions the user administrating the sharing should limit the sharing levels: Only a user having the `edit_work_packages` permission should be able to add edit-level sharing.
* For sharing with new users, the user would also need the `create_user` permission, correct?
* For the edit permissions, additional resources in the project need to become visible:
* all member users
* all member groups
* all categories
* all versions in case there is a version custom field the user should be allowed to edit
* Should the "Change or copy to other project" permission needs to be added also become a permission assignable to members? If so, how would that permission distributed when seeding new instances and how is it introduced into existing instances?