Per domain user subscription and admin role

I'm sure something similar has been asked already but I couldn't find it on the forum.

Would it be possible to add to following features of User & Groups in future version of Cloudron:

• subscribe users to a specific domain (say with another drop down option for each users: default being "all" but with the possibility to select domains individually - as it is down for selecting group membership). Those users would then only be allowed to login on apps which are installed under that/those particular domain(s). Effectively this is no different that manually creating a group for each domain and then manually setting the correct access permission when installing apps, except that it would automate that process by creating those groups in the background for each domain and setting the correct rights automatically. Also it would be helpful for implementing the "3. per domain user management" aspect of the "domain admin" feature below

• create a "domain admin" role to give some members admin rights but only on certain domains so that they can (and only can): 1. access all apps and email settings on a given domain(s); 2. an managed all of apps on that/those domain(s) 3. can see all users subscribed to that/those domain(s) and can invite new users to that/those domain(s). So as role we'd have: Owner, Admin (would automatically be administrates all domains), Domain Admin (which when selected would open the drop down menu to select domains without the "All" option), Users (which when selected would open the drop down menu to select domains, with default choice on the "All" option).

It feels these two features would greatly enhance cloudron management for cases where you don't necessarily want to have admins able to administrate all domains (either for security reasons and for reducing admin time) but still want someone able to configure email accounts / lists, manage apps and invite people.

Here is just some concepts and some ideas on how it could work on the UI side. Hope this proves useful.

Hello,

Is it possible to integrate mailman to cloudron to be able to manage email lists?

It would be a great feature to have.

Could be useful, don't think we have already an app for this.
https://www.signserver.org/
https://hub.docker.com/r/primekey/signserver-ce

@scooke I too would very much like to use Kopano Meet with external users (without them to login into my Cloudron), so like you I think it would be a great feature to have but still, I think we should be grateful on the fact some developer bothered making a Cloudron package even if there are limitations for now and not be too harsh or focused on criticisms and enjoy that we got a videoconference app running on Cloudron. And maybe kindly ask for support if you're trying to do something which you cannot do on your own (I believe the Kopano Meet Cloudron app has an open source code which you could be modify to add the functions you want, if you know how to do it).

As @fbartels explained, Kopano does have this functionality, it "just" needs to be configured. Now the "just" doesn't seem very straightforward and yes it'd be great if someone could package the app with that function turned on. Maybe @fbartels can help? Personally I'm not a developer so I can't help with this but appreciate any work anyone can put into this or into anything else that makes Cloudron better.

@jdaviescoates said in Meet Kopano (unstable version) - a few questions & problems :

with full p2p WebRTC apps like Kopano Meet all users need to have enough bandwidth for all streams or something

Here is a nice explanation of the pros and cons of the three main typologies used for video conference: p2p / MCU / SFU

I like the idea of having more app filters!

SSO great idea.

When it comes to an "open source" filter, I think the open code based makes more sense, rather than looking at all add-ons or price. We are talking about filters on Cloudron App Store, therefore think the question is, "is the app actually installed from cloudron app store opened of closed?", not any add-ons people may choose to install later on.

Other options could be to have:

• a Free Software filter for program without any proprietary add-ons
• a "close sourced" filter for apps where the code of the base app is not available (i.e. that app actually installed from the app store)
• a $ filter for program that require a paid license

Mainly I think we should NOT conflate price/money and license type / openness of source case. Take Teamspeak, for e.g., it can be used for free, on a free (as in free beer) license, yet it is proprietary software.

I think that whatever filter option we choose, the openness of the code that is actually being installed from the Cloudron App Store (i.e. without add-ons) is the thing that users should be made aware of / able to easily choose from. So as a first implementation of any filter, I thing the open/closed source filter would be the priority.

Is there any update on this app? It would be awesome to have it!

Also might be of interest:

An article which test a methodology to compare SFUs, and then test a few of them. Results probably do not reflect real case scenario though.

@girish Thanks for the reply and explanation Girish. I actually didn't imply I wanted a fully featured multi-organisation approach to Cloudron management, and even less if it implies major changes to Cloudron core design. I actually like that the current design is oriented to single user / organisation as it prevents centralisation.

The use case I had in mind was mainly for a single organisation that has several domains and a fluctuating users base of about 200. By default all users have access to all apps (unless you configure manually as I mentioned in the post).
The issue is that with users coming and going, you must make sure not to make mistakes with permissions and correctly isolate them from each domains by manually managing groups.
The other issues is that these users make regular requests to create email list, email accounts, adding or removing users. So it'd be handy to be able to give more people admin rights just for these particular aspects and restricted to a specific domain.

I thought what I had described was not a fully featured multi domains function for cloudron, but "just" (says someone who doesn't code) some additional domain management capabilities that could be implemented with functions that already exist in cloudron (namely with User Groups and different role levels). But I can imagine that when it comes down to doing, it becomes more complicated.

Just for info. The point of running on a remote server is that the files are always accessible even if all other devices are turned off.
Been using Syncthing for years, it is incredibly powerful for syncing files...a thousand miles faster and more reliable than NextCloud, Dropbox, etc.

@fbartels Oops sorry, I should have at least tried to restart. It working fine just with restarting the app (no need to even reinstall). Thanks

@fbartels Thanks!

@fbartels it feels there is a problem with the recent version of the app. Creating public group is not available any more and people have to sign in.

I had a public group set-up, joined the call, sent the link invite but the person was asked to login. I tried the link myself in a private browser window and it was the same, I was asked to sign in (whereas usually, it worked directly).

So I deleted that group and tried to create a new one but there isn't the option any more to make the group public. Is this a bug??

@fbartels it feels there is a problem with the recent version of the app. Creating public group is not available any more and people have to sign in.

I had a public group set-up, joined the call, sent the link invite but the person was asked to login. I tried the link myself in a private browser window and it was the same, I was asked to sign in (whereas usually, it worked directly).

So I deleted that group and tried to create a new one but there isn't the option any more to make the group public. Is this a bug??

@jdaviescoates said in What's coming in 6.0 (take 2):

Edit: tbh not particularly excited by this, because I'm more excited about having BBB on Cloudron and that isnt' even compatible with 18.04 yet!

And the worst is, they're explicitly putting all of the work in making BBB compatible with 18.04 first and they have no plans for 20.04.

@jdaviescoates If you're using rsync, the space errors might not be so strange, as it would only need to add additional files, rather than backing up the whole thing again, hence the space required for a given backup might be quite random (depending what has changed since the last one). Just a suggestion though. And of course if you're using tarball then that is really weird!

@girish Glad it was at least a useful suggestion. Let's see if it works in practice

@girish weird, "./" was the first thing I tried when it didn't on its own but there again it threw me an error about command not found and minio-credentials not being a folder. I resorted to trying bash in case I got it wrong and that's the only time it at least tried to run something (but ran into those errors).
But have just done it again and it worked fine, I must have done something wrong the first time.
Sorry for reporting a non issue and thanks for getting back

When trying to run the script for changing credentials I get the following error:

minio-credentials: line 3: use strict: command not found

minio-credentials: line 5: syntax error near unexpected token `('

minio-credentials: line 5: `const fs = require('fs');'

This happens for both minio-credentials set and minio-credentials get

Also the script is not recognised as a command I have to type: bash minio-credentials for it to run (and then it fails).

@murgero Great! It will be a monetary donation as all my Cloudron instances are already referred. I'll do that tomorrow (as I might convince someone else to donate too )