To allow Begin of the deletion users orEnd of the deletion groups Begin of the insertionand usersEnd of the insertion to be added to Begin of the deletion singleEnd of the deletion work Begin of the insertionpackages,End of the insertion Begin of the deletion packages as contributors,End of the deletion we Begin of the insertioncan extend the existingEnd of the insertion Begin of the deletion need to establish a new membership system that allows this. The currentEnd of the deletion `members` Begin of the insertionsystem to notEnd of the insertion Begin of the deletion tableEnd of the deletion only Begin of the insertionallow linkingEnd of the insertion Begin of the deletion supports adding usersEnd of the deletion to Begin of the insertiona project, but also to a specific work package.End of the insertion Begin of the deletion whole projects.End of the deletion

* Begin of the insertionThe relation should be mutually exclusive (a membership can either be toEnd of the insertion Begin of the deletion [ ] CreateEnd of the deletion a Begin of the insertionproject or to a work package, never both).
End of the insertion Begin of the deletion new table that links WorkPackages with users and allows assigning **one** role for that member
End of the deletion * Begin of the insertionFor this we can either makeEnd of the insertion Begin of the deletion [ ] ChangeEnd of the deletion the Begin of the insertionrelationship between members and project/work package into a polymorphic relationship. This would make `JOIN` queries more complicated, but would simplify the modelingEnd of the insertion Begin of the deletion `visible` scopeEnd of the deletion of Begin of the insertionthe relation
* Another option would be,End of the insertion Begin of the deletion WorkPackagesEnd of the deletion to Begin of the insertionadd a `work_package_id` field toEnd of the insertion Begin of the deletion also include those, whereEnd of the deletion the Begin of the insertion`members` table, and then adding a CONSTRAINT in the database, that prevents both columnsEnd of the insertion Begin of the deletion requested user is either ableEnd of the deletion to Begin of the insertionbe filled. Additionally we can add a rails validation. The CONSTRAINT onEnd of the insertion Begin of the deletion viewEnd of the deletion the Begin of the insertionDB level would be benefitial in my eyes,End of the insertion Begin of the deletion WPEnd of the deletion because Begin of the insertionwe do writeEnd of the insertion Begin of the deletion of projectEnd of the deletion membership Begin of the insertionqueries directly toEnd of the insertion Begin of the deletion or direct WP membership

~~ExtendingEnd of the deletion the Begin of the insertionDB,End of the insertion Begin of the deletion current~~ `~~members~~` ~~relation is not really an option, as it does not support polymorphismEnd of the deletion and Begin of the insertionthus weEnd of the insertion Begin of the deletion changing thatEnd of the deletion would Begin of the insertionneed another security layer instead of only relying on AR:

```sql
ALTER TABLE members
ADD CONSTRAINT either_member_of_work_package_or_project CHECK (num_nulls(work_package_id, project_id) >= 1);
```

* The current permission checking system only works on `project` level. The `user.allowed_to?` method needs toEnd of the insertion be Begin of the insertionextended to allow passing inEnd of the insertion a Begin of the insertionproject or a work package. 
* When a work package permission is requested, the code needsEnd of the insertion Begin of the deletion really big data model change. Also, it supports assigning multiple rolesEnd of the deletion to Begin of the insertioncheck if the permission is granted either through the project or directly on the work package. As work package permissions might elevate the users permissions onEnd of the insertion a Begin of the insertionspecific work package, we always have to check both paths.
* When a projectEnd of the insertion Begin of the deletion membership, thatEnd of the deletion is Begin of the insertiongiven, the test should stay as itEnd of the insertion Begin of the deletion something thatEnd of the deletion is Begin of the insertionright now.
* Copying a work package, or copyingEnd of the insertion Begin of the deletion not needed forEnd of the deletion the Begin of the insertionentire project should ensure that all memberships are correctly copied overEnd of the insertion Begin of the deletion WP memberships~~End of the deletion