Content
View differences
Updated by Marcello Rocha Pereira over 2 years ago
# **Automatically Managed Project Folders on Sharepoint/OneDrive**
## **First steps**
There are a couple of prerequisites to use this feature on Sharepoint:
A new Document Library needs to be created.
The permission inheritance needs to be broken for that Document Library.
All non-owner permissions need to be removed to guarantee that only the correct users have access to it.
On the Azure Application, an `Application` permission of `Files.ReadWrite.All` needs to be added.
## **OpenProject considerations**
Since `AMPF` will operate over a specific document library, there will be a File Storage per said Document Library
There will be need of adjustments to the UI for registering an `AMPF` storage
The `client_credential` token used to authenticate the `Application` has a lifetime of 1 hour, non-renewable, so we can:
recreate the token at every interaction or
cache this information with a lifetime of 1 hour and re-request if a 401 error happens (similar to the current request with refresh process)
## **Technical Mumblings**
When a `Permission` is added by an `administrator`, it becomes a `Grant` rather than a `Sharing Link`. This allows fine grained control of who has access to the `DriveItem`. The downside is the amount of work that is managing those permissions.
To alleviate this burden we will do the synchronization between **OpenProject** and **Sharepoint** with a background job, similar to what we have for _Nextcloud_.
In other words we need:
A way to handle the `client_credential` authentication method
An `AddUsersCommand` -> it can handle adding multiple at the same time
A `RemoveUserCommand` -> this is done user by user as the grant needs to be revoked.
A `SyncJob` that does all the shenanigans.
## **First steps**
There are a couple of prerequisites to use this feature on Sharepoint:
A new Document Library needs to be created.
The permission inheritance needs to be broken for that Document Library.
All non-owner permissions need to be removed to guarantee that only the correct users have access to it.
On the Azure Application, an `Application` permission of `Files.ReadWrite.All` needs to be added.
## **OpenProject considerations**
Since `AMPF` will operate over a specific document library, there will be a File Storage per said Document Library
There will be need of adjustments to the UI for registering an `AMPF` storage
The `client_credential` token used to authenticate the `Application` has a lifetime of 1 hour, non-renewable, so we can:
recreate the token at every interaction or
cache this information with a lifetime of 1 hour and re-request if a 401 error happens (similar to the current request with refresh process)
## **Technical Mumblings**
When a `Permission` is added by an `administrator`, it becomes a `Grant` rather than a `Sharing Link`. This allows fine grained control of who has access to the `DriveItem`. The downside is the amount of work that is managing those permissions.
To alleviate this burden we will do the synchronization between **OpenProject** and **Sharepoint** with a background job, similar to what we have for _Nextcloud_.
In other words we need:
A way to handle the `client_credential` authentication method
An `AddUsersCommand` -> it can handle adding multiple at the same time
A `RemoveUserCommand` -> this is done user by user as the grant needs to be revoked.
A `SyncJob` that does all the shenanigans.