Skip to content

feat: Introduce route to change group permission#4847

Open
zatteo wants to merge 1 commit into
masterfrom
feat/update-sharing
Open

feat: Introduce route to change group permission#4847
zatteo wants to merge 1 commit into
masterfrom
feat/update-sharing

Conversation

@zatteo

@zatteo zatteo commented Jul 7, 2026

Copy link
Copy Markdown
Member

We want to be able to change a group permission in a sharing. New routes are similar to routes to change member permission.

Behavior

On existing member or group add, it is forbidden to add a member or a group that contains a member with a different permissions than an existing member. So if you have User 1 as readwrite and you try to add Group A that includes User 1 as readonly it is currently blocked by the stack.

I kept this behavior when changing permissions to avoid any secondary effects and complications.

In the long term, we want to be able to set different permission per members and per groups and compute for members the highest permission. But it requires a new attribute to track the initial permission of a member for the following scenario:

  • we add User 1 as readwrite
  • we add Group A that includes User 1 as readwrite
  • User becomes readwrite
  • we downgrade Group A to readonly
    => should we set User 1 to readwrite or readonly?

Related: linagora/cozy-client#1696

Usecase tested manually

One team

  • Alice creates “Dossier 1”
  • Alice adds “Équipe A” as reader
    • Bob read access + can’t change permissions
    • Carol read access + can’t change permissions
  • Alice updates “Équipe A” as writer
    • Bob write access + can change permissions
    • Carol write access + can change permissions
  • Bob updates “Équipe A” as reader
    • Bob read access + can’t change permissions
    • Carol read access + can’t change permissions

Two team

  • Alice creates “Dossier 2”
  • Alice adds “Équipe B” as reader
    • Bob read access + can’t change permissions
  • Alice adds “Équipe B” as writer
    • raises error
  • Alice adds “Équipe A” as reader
    • Bob read access + can’t change permissions
    • Carol read access + can’t change permissions
  • Alice updates “Équipe A” as writer
    • raises error
  • Alice updates “Équipe B” as writer
    • raises error
  • Alice removes “Équipe B”
    • Bob read access + can’t change permissions

One team + one member

  • Alice creates “Dossier 3”
  • Alice adds “Équipe A” as editor
    • Bob write access + can change permission
    • Alice write access + can change permission
  • Alice adds Bob as write
    • raise error
  • Alice adds Bob as editor
    • does nothing

At the end here, Bob’s "only_in_groups" attribute is true (existing behavior).

One member + one team

  • Alice creates “Dossier 4”
  • Alice adds Bob as editor
    • Bob write access + can change permission
  • Alice adds “Équipe A” as editor
    • Bob write access + can change permission
    • Alice write access + can change permission
  • Alice, Bob and Carol can not update Bob or “Équipe A” permission

At the end here, Bob’s "only_in_groups" attribute is false (existing behavior).

Similar to route to change member permission.

On existing member or group add, it is forbidden to add a member or a
group that contains a member with a different permissions than an
existing member. I kept this behavior when changing permissions to
avoid any secondary effect.
@zatteo zatteo force-pushed the feat/update-sharing branch from 3ffe388 to 49ae8e4 Compare July 8, 2026 05:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant