Suggestion: Move users between groups

[thiagoalcav]

Context

I recently did an installation of anuko time tracker where we used a parent group with several child subgroups, each with their specific user and activities.

At a given moment, a user was relocated from a subgroup to another subgroup, but the system did not allow the user to be registered in the new location because his login already existed in the previous subgroup.

Possible solution

It would be nice to have an option that allows you to move the user between subgroups.

Doubts

• Would it be a viable option to allow registering duplicate logins as long as the user has only one active user? Or would that mess up the user table over time?
• If the option is to move the user, would there be any way to keep the entries in the old group just for reporting purposes?

[anuko]

Logins are unique by design for users, which is enforced by this index on tt_users table:

# Create an index that guarantees unique active and inactive logins.
create unique index login_idx on tt_users(login, status);

This approach is consistent with some other tables in the database. NULL status entries (deleted entries) allow for duplicates, inactive entries do not, but keep showing up.

Subgroups are pretty much independent entities. At the moment they only share a parent group id. It is probably best to change the login for an inactive user to something different manually, then create a new user with the old login in another subgroup.

As for "moving user": because groups are independent with their own everything (propjects, tasks, etc.) you can't really move activity log as there is no mapping. One could probably move user details such as password, email, and other minor details, but again you need to decide what to do with the old login. I don't see a nice solution here.

[thiagoalcav]

It is probably best to change the login for an inactive user to something different manually, then create a new user with the old login in another subgroup.

So the idea is:

1. Turn the user inactive in the source group
2. Change the login to something different
3. Insert the new user with the correct login into the new group.

This apparently solves the problem!

As for "moving user": because groups are independent with their own everything (propjects, tasks, etc.) you can't really move activity log as there is no mapping.

Considering the independence of groups, the solution proposed above also resolves legacy report emissions on old groups, with the inactivated user if it's necessary!

I see only one "usability problem" on this process. When trying to register a user for which there is already a login in another group, the system only displays the message: "There is already a user with this login.", but does not display where it is...

This becomes even more complicated for the user, to perform maintenance on installations that contain many groups, as it will require navigating between all groups to identify where the user to be inactivated is.

Would there be any way to improve the duplication message by adding the information of where the user is? I believe that this would be a simply solution to this case.

[anuko]

I don't see a problem with adding the info where the duplicate login resides, assuming it belongs to the same organization (same org_id). If the duplicate belongs to a different organization then it is a security leak and the message should be generic, without details. Something like this:

'error.user_exists_in_org' => 'User with this login already exists in %s.',
'error.user_exists_in_other_org' => 'User with this login already exists in another organization.',

Feel free to write code and submit a pull request if you have time and motivation to do it.