add stories
This commit is contained in:
@@ -0,0 +1,27 @@
|
||||
# Sync Billing Plans with Users
|
||||
|
||||
**ID:** ORG-001
|
||||
**Priority:** High
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want billing plans to automatically sync with user seats so that I'm only charged for active users and can easily manage costs.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Adding a user to org automatically updates billing (for per-seat plans)
|
||||
- [ ] Removing a user adjusts billing accordingly
|
||||
- [ ] Prorated charges/credits for mid-cycle changes
|
||||
- [ ] Organization dashboard shows current seat count vs plan limit
|
||||
- [ ] Warning notification when approaching seat limit
|
||||
- [ ] Automatic upgrade prompt when exceeding limit
|
||||
- [ ] Billing history shows seat changes over time
|
||||
|
||||
## Technical Notes
|
||||
- `BillingPlan.syncForUser()` method exists but is not implemented
|
||||
- Paddle integration exists for payment processing
|
||||
- Need to track user-to-organization seat assignments
|
||||
- Consider grace period for temporary overages
|
||||
- Webhook from Paddle for payment confirmations
|
||||
|
||||
## Related TODOs
|
||||
- `ts/reception/classes.billingplan.ts:16` - `// TODO sync this for user`
|
||||
@@ -0,0 +1,28 @@
|
||||
# Invite and Manage Team Members
|
||||
|
||||
**ID:** ORG-002
|
||||
**Priority:** Critical
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to invite team members to my organization and manage their access so that my team can collaborate securely.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Owner can invite users via email address
|
||||
- [ ] Invited user receives email with invitation link
|
||||
- [ ] Invitation can be accepted by existing users or during registration
|
||||
- [ ] Owner can view pending invitations and resend/cancel them
|
||||
- [ ] Owner can see all current members with their roles
|
||||
- [ ] Owner can remove members from organization
|
||||
- [ ] Owner can transfer ownership to another member
|
||||
- [ ] Bulk invite via CSV upload
|
||||
|
||||
## Technical Notes
|
||||
- Organization and User models exist with association
|
||||
- Need new Invitation model with token and expiry
|
||||
- Use `ReceptionMailer` for invitation emails
|
||||
- RoleManager can be leveraged for role assignment
|
||||
- Consider invitation expiry (7 days default)
|
||||
|
||||
## Related TODOs
|
||||
- New feature - core organizational functionality
|
||||
@@ -0,0 +1,28 @@
|
||||
# Assign Roles to Members
|
||||
|
||||
**ID:** ORG-003
|
||||
**Priority:** High
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to assign different roles to team members so that I can control what each person can access and do within the organization.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Owner can create custom roles for the organization
|
||||
- [ ] Default roles: Owner, Admin, Member, Viewer
|
||||
- [ ] Each role has configurable permissions
|
||||
- [ ] Owner can assign/change roles for any member
|
||||
- [ ] Role changes take effect immediately
|
||||
- [ ] Members can view their own role and permissions
|
||||
- [ ] Audit log for role changes
|
||||
- [ ] At least one Owner must exist at all times
|
||||
|
||||
## Technical Notes
|
||||
- RoleManager exists with basic role infrastructure
|
||||
- `getRolesAndOrganizationsForUserId` endpoint available
|
||||
- Need to expand Role model with permissions array
|
||||
- Consider permission inheritance (Admin inherits Member permissions)
|
||||
- JWT claims should include role for authorization
|
||||
|
||||
## Related TODOs
|
||||
- Partial implementation exists in RoleManager
|
||||
@@ -0,0 +1,27 @@
|
||||
# Customize Organization Branding
|
||||
|
||||
**ID:** ORG-004
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to customize the branding of my organization's login and account pages so that my team sees our company identity when authenticating.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Upload organization logo
|
||||
- [ ] Set primary and secondary brand colors
|
||||
- [ ] Custom login page welcome message
|
||||
- [ ] Organization name displayed on login/register
|
||||
- [ ] Preview branding changes before saving
|
||||
- [ ] Reset to default branding option
|
||||
- [ ] Branding applies to email templates (org-specific emails)
|
||||
|
||||
## Technical Notes
|
||||
- Organization model needs branding fields (logo URL, colors, message)
|
||||
- Frontend components need to accept branding props
|
||||
- Email templates should support organization branding
|
||||
- Consider white-label subdomain support (org.idp.global)
|
||||
- Image storage similar to user avatars (EU-008)
|
||||
|
||||
## Related TODOs
|
||||
- New feature - no existing infrastructure
|
||||
@@ -0,0 +1,27 @@
|
||||
# View Organization Usage Analytics
|
||||
|
||||
**ID:** ORG-005
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to view analytics about how my organization uses the identity platform so that I can understand adoption and identify potential issues.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Dashboard showing key metrics (active users, logins, registrations)
|
||||
- [ ] Time-series charts for login activity
|
||||
- [ ] Most active users ranking
|
||||
- [ ] Failed login attempts summary
|
||||
- [ ] Authentication method breakdown (password, email link, 2FA)
|
||||
- [ ] Date range selector for historical data
|
||||
- [ ] Export analytics data (CSV, PDF)
|
||||
|
||||
## Technical Notes
|
||||
- Need to aggregate login events per organization
|
||||
- Consider time-series database or aggregation pipeline in MongoDB
|
||||
- Privacy: show aggregates, not individual user activity details
|
||||
- Cache analytics for performance
|
||||
- Real-time updates via WebSocket for dashboard
|
||||
|
||||
## Related TODOs
|
||||
- New feature - requires event logging infrastructure
|
||||
@@ -0,0 +1,28 @@
|
||||
# Configure SSO for Organization
|
||||
|
||||
**ID:** ORG-006
|
||||
**Priority:** High
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to configure Single Sign-On with my company's identity provider so that employees can use their corporate credentials.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Support SAML 2.0 SSO configuration
|
||||
- [ ] Support OIDC/OAuth SSO configuration
|
||||
- [ ] Test connection before enabling
|
||||
- [ ] Auto-provision users on first SSO login (JIT provisioning)
|
||||
- [ ] Map SSO attributes to user profile fields
|
||||
- [ ] Option to require SSO for all org members
|
||||
- [ ] Bypass SSO for emergency admin access
|
||||
- [ ] Support multiple SSO providers per organization
|
||||
|
||||
## Technical Notes
|
||||
- Implement SAML assertion consumer service
|
||||
- Store SSO configuration securely (encrypted secrets)
|
||||
- Certificate management for SAML
|
||||
- Consider using passport-saml and passport-openidconnect
|
||||
- Metadata endpoint for easy IdP configuration
|
||||
|
||||
## Related TODOs
|
||||
- New feature - enterprise SSO capability
|
||||
@@ -0,0 +1,28 @@
|
||||
# View Organization Audit Logs
|
||||
|
||||
**ID:** ORG-007
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to view audit logs for my organization so that I can track security-relevant events and meet compliance requirements.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Log all security-relevant events (logins, role changes, member changes)
|
||||
- [ ] Searchable audit log interface
|
||||
- [ ] Filter by event type, user, date range
|
||||
- [ ] Each entry shows: timestamp, actor, action, target, IP address
|
||||
- [ ] Immutable logs (cannot be deleted or modified)
|
||||
- [ ] Export logs for compliance (CSV, JSON)
|
||||
- [ ] Retention policy configuration (90 days default)
|
||||
- [ ] Real-time event streaming option
|
||||
|
||||
## Technical Notes
|
||||
- Create AuditLog collection with write-only access pattern
|
||||
- Index for efficient querying
|
||||
- Consider separate database/collection for audit data
|
||||
- Comply with SOC 2 / ISO 27001 logging requirements
|
||||
- Webhook option for SIEM integration
|
||||
|
||||
## Related TODOs
|
||||
- New feature - compliance and security requirement
|
||||
@@ -0,0 +1,28 @@
|
||||
# Manage Subscription and Billing
|
||||
|
||||
**ID:** ORG-008
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to manage my subscription plan and billing details so that I can upgrade, downgrade, or update payment methods as needed.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] View current subscription plan and features
|
||||
- [ ] Compare available plans with feature matrix
|
||||
- [ ] Upgrade to higher plan with immediate effect
|
||||
- [ ] Downgrade with effect at end of billing period
|
||||
- [ ] Update payment method (credit card via Paddle)
|
||||
- [ ] View billing history and download invoices
|
||||
- [ ] Cancel subscription with confirmation
|
||||
- [ ] Apply coupon/discount codes
|
||||
|
||||
## Technical Notes
|
||||
- Paddle integration exists (`paddlesetup` view, `BillingPlanManager`)
|
||||
- Enhance existing subscription view with more functionality
|
||||
- Paddle handles PCI compliance for payment data
|
||||
- Webhook handlers for subscription status changes
|
||||
- VAT handling for EU customers (Paddle manages this)
|
||||
|
||||
## Related TODOs
|
||||
- Enhancement to existing Paddle integration
|
||||
Reference in New Issue
Block a user