🛂(dimail) simplify interop with dimail
In this commit, we stop creating /users and /allows in dimail for our dbs to be in sync. People with stop impersonating users in dimail and will create mailboxes using its own credentials.
This commit is contained in:
Marie PUPO JEAMMET
committed by
Marie
Marie
parent
6721328b2d
commit
056a4bd7ac
@@ -2,20 +2,45 @@
|
||||
|
||||
## What is dimail ?
|
||||
|
||||
The mailing solution provided in La Suite is [Open-XChange](https://www.open-xchange.com/) (OX).
|
||||
OX not having a provisioning API, 'dimail-api' or 'dimail' was created to allow mail-provisioning through People.
|
||||
The mailing solution provided in La Suite is [La Messagerie](https://webmail.numerique.gouv.fr/), using [Open-XChange](https://www.open-xchange.com/) (OX). OX not having a provisioning API, 'dimail-api' or 'dimail' was created to allow mail-provisioning through People.
|
||||
|
||||
API and its documentation can be found [here](https://api.dev.ox.numerique.gouv.fr/docs#/).
|
||||
|
||||
## Architectural links of dimail
|
||||
## Use of dimail container
|
||||
|
||||
As dimail's primary goal is to act as an interface between People and OX, its architecture is similar to that of People. A series of requests are sent from People to dimail upon creating domains, users, permissions and mailboxes.
|
||||
To ease local development, dimail provides a container that we embark in our docker-compose. In "FAKE" mode, it simulates all responses from Open Exchange.
|
||||
|
||||
Bootstraping with command `make bootstrap` creates a container and initializes its database.
|
||||
|
||||
Additional commands :
|
||||
- Reset the database by recreating the container with `dimail-recreate-container`.
|
||||
- Populate the database with all the content of your People database with `dimail-setup-db`
|
||||
|
||||
## Architecture
|
||||
|
||||
### Domains
|
||||
|
||||
Upon creating a domain on People, the same domain is created on dimail and will undergo a series of checks. When all checks have passed, the domain is considered enabled.
|
||||
|
||||
Domains in OX have a field called "context". Context is a shared space between domains, allowing users to discover users not only on their domain but on their entire context.
|
||||
Domains in OX have a field called "context". "Contexts" are shared spaces between domains, allowing users to discover users not only on their domain but on their entire context.
|
||||
> [!NOTE]
|
||||
> Contexts are only implemented in La Messagerie and are not currently in use in People. Domains created via People are in their own context.
|
||||
|
||||
People users can have 3 levels of permissions on a domain:
|
||||
- Viewers can
|
||||
- see the domain's information
|
||||
- list its mailboxes and managers
|
||||
- Administrators can
|
||||
- create mailboxes
|
||||
- invite collaborators to manage domain
|
||||
- change role of a viewer to administrators
|
||||
- all of viewers permissions
|
||||
- Owners can
|
||||
- promote administrators owners and demote owners
|
||||
- all of viewers and administrators' permissions
|
||||
> [!NOTE]
|
||||
> Contexts are only implemented in La Messagerie and are not currently in use in People. Domains created via People are in their own context.
|
||||
|
||||
|
||||
### Mailboxes
|
||||
|
||||
@@ -24,22 +49,3 @@ Mailboxes can be created by a domain owners or administrators in People's domain
|
||||
On enabled domains, mailboxes are created at the same time on dimail (and a confirmation email is sent to the secondary email).
|
||||
On pending/failed domains, mailboxes are only created locally with "pending" status and are sent to dimail upon domain's activation.
|
||||
On disabled domains, mailboxes creation is not allowed.
|
||||
|
||||
### Users
|
||||
|
||||
The ones issuing requests. Dimail users will reflect domains owners and administrators on People, for logging purposes and to allow direct use of dimail, if desired. User reconciliation is made on user uuid provided by ProConnect.
|
||||
|
||||
### Permissions
|
||||
|
||||
As for People, an access - a permissions (or an "allow" in dimail) - grants an user permission to create objects on a domain.
|
||||
|
||||
Permissions requests are sent automatically upon :
|
||||
- dimail database initialisation:
|
||||
+ permission for dimail user People to create users and domains
|
||||
- domain creation :
|
||||
+ permission for dimail user People to manage domain
|
||||
+ permission for new owner on new domain
|
||||
- user creation:
|
||||
+ permission for People to manage user
|
||||
- access creation, if owner or admin:
|
||||
+ permission for this user to manage domain
|
||||
Reference in New Issue
Block a user