Allow admins to add, edit, delete user groups!

2025-07-23 07:09:43 +02:00 · 2018-02-27 14:16:23 +00:00 · 2018-02-27 14:16:23 +00:00 · 19b4a3de49
commit 19b4a3de49
parent 00f415214c
23 changed files with 1470 additions and 664 deletions
--- a/README.md
+++ b/README.md
@ -52,7 +52,7 @@ Space view.

 ## Latest version

-Community edition: v1.57.3
+Community edition: v1.58.0

 ## OS support

--- a/core/database/scripts/autobuild/db_00018.sql
+++ b/core/database/scripts/autobuild/db_00018.sql
@ -0,0 +1,9 @@
+/* community edition */
+
+-- role and role membership
+ALTER TABLE role ADD COLUMN `purpose` VARCHAR(100) DEFAULT '' NOT NULL AFTER `role`;
+ALTER TABLE role ADD COLUMN `revised` TIMESTAMP DEFAULT CURRENT_TIMESTAMP AFTER `created`;
+CREATE INDEX idx_role_1 ON role(orgid);
+
+-- deprecations
+DROP TABLE IF EXISTS `labelrole`;
--- a/domain/group/endpoint.go
+++ b/domain/group/endpoint.go
@ -0,0 +1,218 @@
+// Copyright 2018 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package group
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/core/request"
+	"github.com/documize/community/core/response"
+	"github.com/documize/community/core/uniqueid"
+	"github.com/documize/community/domain"
+	"github.com/documize/community/model/audit"
+	"github.com/documize/community/model/group"
+)
+
+// Handler contains the runtime information such as logging and database.
+type Handler struct {
+	Runtime *env.Runtime
+	Store   *domain.Store
+}
+
+// Add saves new user group.
+func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
+	method := "group.Add"
+	ctx := domain.GetRequestContext(r)
+
+	if !ctx.Administrator {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "body")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	var g group.Group
+	err = json.Unmarshal(body, &g)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "group")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	g.RefID = uniqueid.Generate()
+	g.OrgID = ctx.OrgID
+
+	if len(g.Name) == 0 {
+		response.WriteMissingDataError(w, method, "name")
+		return
+	}
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	err = h.Store.Group.Add(ctx, g)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	ctx.Transaction.Commit()
+
+	g, err = h.Store.Group.Get(ctx, g.RefID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeGroupAdd)
+
+	response.WriteJSON(w, g)
+}
+
+// Groups returns all user groups for org.
+func (h *Handler) Groups(w http.ResponseWriter, r *http.Request) {
+	method := "group.Groups"
+	ctx := domain.GetRequestContext(r)
+
+	g, err := h.Store.Group.GetAll(ctx)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	response.WriteJSON(w, g)
+}
+
+// Update saves group name and description changes.
+func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
+	method := "group.Update"
+	ctx := domain.GetRequestContext(r)
+
+	if !ctx.Administrator {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	groupID := request.Param(r, "groupID")
+	if len(groupID) == 0 {
+		response.WriteMissingDataError(w, method, "groupID")
+		return
+	}
+
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "body")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	var g group.Group
+	err = json.Unmarshal(body, &g)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "group")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	g.OrgID = ctx.OrgID
+	g.RefID = groupID
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	err = h.Store.Group.Update(ctx, g)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	ctx.Transaction.Commit()
+
+	h.Store.Audit.Record(ctx, audit.EventTypeGroupUpdate)
+
+	g, err = h.Store.Group.Get(ctx, g.RefID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	response.WriteJSON(w, g)
+}
+
+// Delete removes group and associated member records.
+func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
+	method := "group.Delete"
+	ctx := domain.GetRequestContext(r)
+
+	if !ctx.Administrator {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	groupID := request.Param(r, "groupID")
+	if len(groupID) == 0 {
+		response.WriteMissingDataError(w, method, "groupID")
+		return
+	}
+
+	g, err := h.Store.Group.Get(ctx, groupID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	_, err = h.Store.Group.Delete(ctx, g.RefID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	ctx.Transaction.Commit()
+
+	h.Store.Audit.Record(ctx, audit.EventTypeGroupDelete)
+
+	response.WriteEmpty(w)
+}
--- a/domain/group/mysql/store.go
+++ b/domain/group/mysql/store.go
@ -0,0 +1,95 @@
+// Copyright 2018 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package mysql
+
+import (
+	"database/sql"
+	"fmt"
+	"time"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/domain"
+	"github.com/documize/community/domain/store/mysql"
+	"github.com/documize/community/model/group"
+	"github.com/pkg/errors"
+)
+
+// Scope provides data access to MySQL.
+type Scope struct {
+	Runtime *env.Runtime
+}
+
+// Add inserts new user group into store.
+func (s Scope) Add(ctx domain.RequestContext, g group.Group) (err error) {
+	g.Created = time.Now().UTC()
+	g.Revised = time.Now().UTC()
+
+	_, err = ctx.Transaction.Exec("INSERT INTO role (refid, orgid, role, purpose, created, revised) VALUES (?, ?, ?, ?, ?, ?)",
+		g.RefID, g.OrgID, g.Name, g.Purpose, g.Created, g.Revised)
+
+	if err != nil {
+		err = errors.Wrap(err, "insert group")
+	}
+
+	return
+}
+
+// Get returns requested group.
+func (s Scope) Get(ctx domain.RequestContext, refID string) (g group.Group, err error) {
+	err = s.Runtime.Db.Get(&g,
+		`SELECT id, refid, orgid, role as name, purpose, created, revised FROM role WHERE orgid=? AND refid=?`,
+		ctx.OrgID, refID)
+
+	if err != nil {
+		err = errors.Wrap(err, "select group")
+	}
+
+	return
+}
+
+// GetAll returns all user groups for current orgID.
+func (s Scope) GetAll(ctx domain.RequestContext) (groups []group.Group, err error) {
+	err = s.Runtime.Db.Select(&groups,
+		`select id, refid, orgid, role as name, purpose, created, revised FROM role WHERE orgid=? ORDER BY role`,
+		ctx.OrgID)
+
+	if err == sql.ErrNoRows || len(groups) == 0 {
+		groups = []group.Group{}
+		err = nil
+	}
+	if err != nil {
+		err = errors.Wrap(err, "select groups")
+	}
+
+	return
+}
+
+// Update group name and description.
+func (s Scope) Update(ctx domain.RequestContext, g group.Group) (err error) {
+	g.Revised = time.Now().UTC()
+
+	_, err = ctx.Transaction.Exec("UPDATE role SET role=?, purpose=?, revised=? WHERE orgid=? AND refid=?",
+		g.Name, g.Purpose, g.Revised, ctx.OrgID, g.RefID)
+
+	if err != nil {
+		err = errors.Wrap(err, "update group")
+	}
+
+	return
+}
+
+// Delete removes group from store.
+func (s Scope) Delete(ctx domain.RequestContext, refID string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+	b.DeleteConstrained(ctx.Transaction, "role", ctx.OrgID, refID)
+	return b.DeleteWhere(ctx.Transaction, fmt.Sprintf("DELETE FROM rolemember WHERE orgid=\"%s\" AND roleid=\"%s\"", ctx.OrgID, refID))
+}
--- a/domain/storer.go
+++ b/domain/storer.go
@ -20,6 +20,7 @@ import (
 	"github.com/documize/community/model/block"
 	"github.com/documize/community/model/category"
 	"github.com/documize/community/model/doc"
+	"github.com/documize/community/model/group"
 	"github.com/documize/community/model/link"
 	"github.com/documize/community/model/org"
 	"github.com/documize/community/model/page"
@ -39,6 +40,7 @@ type Store struct {
 	Block        BlockStorer
 	Category     CategoryStorer
 	Document     DocumentStorer
+	Group        GroupStorer
 	Link         LinkStorer
 	Organization OrganizationStorer
 	Page         PageStorer
@ -265,3 +267,12 @@ type PageStorer interface {
 	GetDocumentRevisions(ctx RequestContext, documentID string) (revisions []page.Revision, err error)
 	DeletePageRevisions(ctx RequestContext, pageID string) (rows int64, err error)
 }
+
+// GroupStorer defines required methods for persisting user groups and memberships
+type GroupStorer interface {
+	Add(ctx RequestContext, g group.Group) (err error)
+	Get(ctx RequestContext, refID string) (g group.Group, err error)
+	GetAll(ctx RequestContext) (g []group.Group, err error)
+	Update(ctx RequestContext, g group.Group) (err error)
+	Delete(ctx RequestContext, refID string) (rows int64, err error)
+}
--- a/edition/boot/mysql.go
+++ b/edition/boot/mysql.go
@ -22,6 +22,7 @@ import (
 	block "github.com/documize/community/domain/block/mysql"
 	category "github.com/documize/community/domain/category/mysql"
 	doc "github.com/documize/community/domain/document/mysql"
+	group "github.com/documize/community/domain/group/mysql"
 	link "github.com/documize/community/domain/link/mysql"
 	org "github.com/documize/community/domain/organization/mysql"
 	page "github.com/documize/community/domain/page/mysql"
@ -42,6 +43,7 @@ func StoreMySQL(r *env.Runtime, s *domain.Store) {
 	s.Block = block.Scope{Runtime: r}
 	s.Category = category.Scope{Runtime: r}
 	s.Document = doc.Scope{Runtime: r}
+	s.Group = group.Scope{Runtime: r}
 	s.Link = link.Scope{Runtime: r}
 	s.Organization = org.Scope{Runtime: r}
 	s.Page = page.Scope{Runtime: r}
--- a/edition/community.go
+++ b/edition/community.go
@ -41,8 +41,8 @@ func main() {
 	// product details
 	rt.Product = env.ProdInfo{}
 	rt.Product.Major = "1"
-	rt.Product.Minor = "57"
-	rt.Product.Patch = "3"
+	rt.Product.Minor = "58"
+	rt.Product.Patch = "0"
 	rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch)
 	rt.Product.Edition = "Community"
 	rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition)
--- a/embed/bindata_assetfs.go
+++ b/embed/bindata_assetfs.go
--- a/gui/app/components/customize/user-groups.js
+++ b/gui/app/components/customize/user-groups.js
@ -0,0 +1,108 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+import $ from 'jquery';
+import { inject as service } from '@ember/service';
+import Component from '@ember/component';
+import AuthProvider from '../../mixins/auth';
+import ModalMixin from '../../mixins/modal';
+
+export default Component.extend(AuthProvider, ModalMixin, {
+	groupSvc: service('group'),
+	newGroup: null,
+
+	didReceiveAttrs() {
+		this._super(...arguments);
+		this.load();
+		this.setDefaults();
+	},
+
+	load() {
+		this.get('groupSvc').getAll().then((groups) => {
+			this.set('groups', groups);
+		});
+	},
+
+	setDefaults() {
+		this.set('newGroup', { name: '', purpose: '' });
+	},
+
+	actions: {
+		onOpenGroupModal() {
+			this.modalOpen("#add-group-modal", {"show": true}, '#new-group-name');
+		},
+
+		onAddGroup(e) {
+			e.preventDefault();
+
+			let newGroup = this.get('newGroup');
+			if (is.empty(newGroup.name)) {
+				$("#new-group-name").addClass("is-invalid").focus();
+				return;
+			}
+
+			this.get('groupSvc').add(newGroup).then(() => {
+				this.load();
+			});
+
+			this.modalClose("#add-group-modal");
+			this.setDefaults();
+		},
+
+		onShowDeleteModal(groupId) {
+			this.set('deleteGroup', { name: '', id: groupId });
+			this.modalOpen("#delete-group-modal", {"show": true}, '#delete-group-name');
+		},
+
+		onDeleteGroup(e) {
+			e.preventDefault();
+
+			let deleteGroup = this.get('deleteGroup');
+			let group = this.get('groups').findBy('id', deleteGroup.id);
+
+			if (is.empty(deleteGroup.name) || group.get('name') !== deleteGroup.name) {
+				$("#delete-group-name").addClass("is-invalid").focus();
+				return;
+			}
+
+			this.get('groupSvc').delete(deleteGroup.id).then(() => {
+				this.load();
+			});
+
+			this.modalClose("#delete-group-modal");
+			this.set('deleteGroup', { name: '', id: '' });
+		},
+
+		onShowEditModal(groupId) {
+			let group = this.get('groups').findBy('id', groupId);
+			this.set('editGroup', group);
+			this.modalOpen("#edit-group-modal", {"show": true}, '#edit-group-name');
+		},
+
+		onEditGroup(e) {
+			e.preventDefault();
+
+			let group = this.get('editGroup');
+
+			if (is.empty(group.get('name'))) {
+				$("#edit-group-name").addClass("is-invalid").focus();
+				return;
+			}
+
+			this.get('groupSvc').update(group).then(() => {
+				this.load();
+			});
+
+			this.modalClose("#edit-group-modal");
+			this.set('editGroup', null);
+		}
+	}
+});
--- a/gui/app/models/group.js
+++ b/gui/app/models/group.js
@ -0,0 +1,24 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+import Model from 'ember-data/model';
+import attr from 'ember-data/attr';
+
+export default Model.extend({
+	orgId: attr('string'),
+	name: attr('string'),
+	purpose: attr('string'),
+	created: attr(),
+	revised: attr(),
+
+	// for UI
+	members: attr('number', { defaultValue: 0 })
+});
--- a/gui/app/pods/customize/groups/controller.js
+++ b/gui/app/pods/customize/groups/controller.js
@ -0,0 +1,25 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+import { inject as service } from '@ember/service';
+import Controller from '@ember/controller';
+
+export default Controller.extend({
+	userService: service('user'),
+
+	init() {
+		this._super(...arguments);
+		// this.newUser = { firstname: "", lastname: "", email: "", active: true };
+	},
+
+	actions: {
+	}
+});
--- a/gui/app/pods/customize/groups/route.js
+++ b/gui/app/pods/customize/groups/route.js
@ -0,0 +1,25 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+import Route from '@ember/routing/route';
+import AuthenticatedRouteMixin from 'ember-simple-auth/mixins/authenticated-route-mixin';
+
+export default Route.extend(AuthenticatedRouteMixin, {
+	beforeModel () {
+		if (!this.session.isAdmin) {
+			this.transitionTo('auth.login');
+		}
+	},
+
+	activate() {
+		this.get('browser').setTitle('Groups');
+	}
+});
--- a/gui/app/pods/customize/groups/template.hbs
+++ b/gui/app/pods/customize/groups/template.hbs
@ -0,0 +1 @@
+{{customize/user-groups}}
--- a/gui/app/pods/customize/template.hbs
+++ b/gui/app/pods/customize/template.hbs
@ -14,6 +14,7 @@
 			<ul class="tabnav-control">
 				{{#link-to 'customize.general' activeClass='selected' class="tab" tagName="li"}}General{{/link-to}}
 				{{#link-to 'customize.folders' activeClass='selected' class="tab" tagName="li"}}Spaces{{/link-to}}
+				{{#link-to 'customize.groups' activeClass='selected' class="tab" tagName="li"}}Groups{{/link-to}}
 				{{#link-to 'customize.users' activeClass='selected' class="tab" tagName="li"}}Users{{/link-to}}
 				{{#if session.isGlobalAdmin}}
 					{{#link-to 'customize.smtp' activeClass='selected' class="tab" tagName="li"}}SMTP{{/link-to}}
--- a/gui/app/router.js
+++ b/gui/app/router.js
@ -50,6 +50,9 @@ export default Router.map(function () {
 		this.route('general', {
 			path: 'general'
 		});
+		this.route('groups', {
+			path: 'groups'
+		});
 		this.route('users', {
 			path: 'users'
 		});
--- a/gui/app/services/group.js
+++ b/gui/app/services/group.js
@ -0,0 +1,68 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+import { inject as service } from '@ember/service';
+import BaseService from '../services/base';
+
+export default BaseService.extend({
+	sessionService: service('session'),
+	ajax: service(),
+	localStorage: service(),
+	store: service(),
+
+	// Add user group.
+	add(payload) {
+		return this.get('ajax').post(`group`, {
+			contentType: 'json',
+			data: JSON.stringify(payload)
+		}).then((group) => {
+			let data = this.get('store').normalize('group', group);
+			return this.get('store').push(data);
+		});
+	},
+
+	// Returns all groups for org.
+	getAll() {
+		return this.get('ajax').request(`group`, {
+			method: 'GET'
+		}).then((response) => {
+			let data = [];
+
+			data = response.map((obj) => {
+				let data = this.get('store').normalize('group', obj);
+				return this.get('store').push(data);
+			});
+
+			return data;
+		});
+	},
+
+	// Updates an existing group.
+	update(group) {
+		let id = group.get('id');
+
+		return this.get('ajax').request(`group/${id}`, {
+			method: 'PUT',
+			contentType: 'json',
+			data: JSON.stringify(group)
+		}).then((group) => {
+			let data = this.get('store').normalize('group', group);
+			return this.get('store').push(data);
+		});
+	},
+
+	// Delete removes group and associated user membership.
+	delete(groupId) {
+		return this.get('ajax').request(`group/${groupId}`, {
+			method: 'DELETE'
+		});
+	}
+});
--- a/gui/app/styles/view/customize.scss
+++ b/gui/app/styles/view/customize.scss
@ -55,4 +55,44 @@
 			color: $color-primary;
 		}
 	}
+
+	> .groups-list {
+        padding: 0;
+        margin: 0;
+
+		> .item {
+			margin: 15px 0;
+			padding: 15px;
+			@include card();
+			@include ease-in();
+
+			> .group {
+				display: inline-block;
+
+				> .name {
+					font-size: 1.2rem;
+					color: $color-primary;
+				}
+
+				> .purpose {
+					font-size: 1rem;
+					color: $color-off-black;
+				}
+
+				> .info {
+					font-size: 0.9rem;
+					margin-top: 8px;
+					color: $color-gray;
+				}
+			}
+
+			> .buttons {
+				margin-top: 5px;
+			}
+
+			> .action {
+				display: inline-block;
+			}
+		}
+	}	
 }
--- a/gui/app/templates/components/customize/user-groups.hbs
+++ b/gui/app/templates/components/customize/user-groups.hbs
@ -0,0 +1,113 @@
+<div class="row">
+	<div class="col">
+		<div class="view-customize">
+
+			<h1 class="admin-heading">Groups</h1>
+			<h2 class="sub-heading">Create groups for easier user management &mdash; assign users to groups</h2>
+			<div class="btn btn-success mt-3 mb-3" {{action 'onOpenGroupModal'}}>Add group</div>
+			<div id="add-group-modal" class="modal" tabindex="-1" role="dialog">
+				<div class="modal-dialog" role="document">
+					<div class="modal-content">
+						<div class="modal-header">Add Group</div>
+						<div class="modal-body">
+							<form onsubmit={{action 'onAddGroup'}}>
+								<div class="form-group">
+									<label for="new-group-name">Name</label>
+									{{focus-input id="new-group-name" type="text" class="form-control mousetrap" placeholder="Enter group name" value=newGroup.name}}
+									<small class="form-text text-muted">e.g. Managers, Developers, Acme Team</small>
+								</div>
+								<div class="form-group">
+									<label for="space-invite-msg">Description (optional)</label>
+									{{textarea id="new-group-desc" value=newGroup.purpose class="form-control" rows="3"}}
+								</div>
+							</form>
+						</div>
+						<div class="modal-footer">
+							<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Close</button>
+							<button type="button" class="btn btn-success" onclick={{action 'onAddGroup'}}>Add</button>
+						</div>
+					</div>
+				</div>
+			</div>
+
+			<div class="groups-list">
+				{{#each groups as |group|}}
+					<div class="item row">
+						<div class="group col-8">
+							<div class="name">{{group.name}}</div>
+							<div class="purpose">{{group.purpose}}&nbsp;</div>
+							<div class="info">
+								{{#if (eq group.members 0)}}
+									no members assigned yet
+								{{else if (eq group.members 1)}}
+									1 member
+								{{else}}
+									{{group.members}} members
+								{{/if}}
+							</div>
+						</div>
+						<div class="col-4 buttons text-right">
+							<div class="button-icon-gray align-middle" data-toggle="tooltip" data-placement="top" title="Rename" {{action 'onShowEditModal' group.id}} >
+								<i class="material-icons">edit</i>
+							</div>
+							<div class="button-icon-gap" />
+							<div class="button-icon-danger align-middle" data-toggle="tooltip" data-placement="top" title="Delete" {{action 'onShowDeleteModal' group.id}}>
+								<i class="material-icons">delete</i>
+							</div>
+						</div>
+					</div>
+				{{else}}
+					<div class="margin-top-30"><i>No groups</i></div>
+				{{/each}}
+			</div>
+
+			<div id="delete-group-modal" class="modal" tabindex="-1" role="dialog">
+				<div class="modal-dialog" role="document">
+					<div class="modal-content">
+						<div class="modal-header">Delete Group</div>
+						<div class="modal-body">
+							<form onsubmit={{action 'onDeleteGroup'}}>
+								<p>Are you sure you want to delete this group?</p>
+								<div class="form-group">
+									<label for="delete-space-name">Please type group name to confirm</label>
+									{{input id="delete-group-name" type="text" class="form-control mousetrap" placeholder="Group name" value=deleteGroup.name}}
+									<small class="form-text text-muted">This will remove group membership information and associated permissions!</small>
+								</div>
+							</form>
+						</div>
+						<div class="modal-footer">
+							<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Close</button>
+							<button type="button" class="btn btn-danger" onclick={{action 'onDeleteGroup'}}>Delete</button>
+						</div>
+					</div>
+				</div>
+			</div>
+
+			<div id="edit-group-modal" class="modal" tabindex="-1" role="dialog">
+				<div class="modal-dialog" role="document">
+					<div class="modal-content">
+						<div class="modal-header">Edit Group</div>
+						<div class="modal-body">
+							<form onsubmit={{action 'onEditGroup'}}>
+								<div class="form-group">
+									<label for="edit-group-name">Name</label>
+									{{input id="edit-group-name" type="text" class="form-control mousetrap" placeholder="Enter group name" value=editGroup.name}}
+									<small class="form-text text-muted">e.g. Managers, Developers, Acme Team</small>
+								</div>
+								<div class="form-group">
+									<label for="space-invite-msg">Description (optional)</label>
+									{{textarea id="edit-group-desc" value=editGroup.purpose class="form-control" rows="3"}}
+								</div>
+							</form>
+						</div>
+						<div class="modal-footer">
+							<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Close</button>
+							<button type="button" class="btn btn-success" onclick={{action 'onEditGroup'}}>Save</button>
+						</div>
+					</div>
+				</div>
+			</div>			
+
+		</div>
+	</div>
+</div>
--- a/gui/package.json
+++ b/gui/package.json
@ -1,6 +1,6 @@
 {
 	"name": "documize",
-	"version": "1.57.3",
+	"version": "1.58.0",
 	"description": "The Document IDE",
 	"private": true,
 	"repository": "",
--- a/meta.json
+++ b/meta.json
@ -1,16 +1,16 @@
 {
    "community":
    {
-        "version": "1.57.3",
+        "version": "1.58.0",
        "major": 1,
-        "minor": 57,
-        "patch": 3
+        "minor": 58,
+        "patch": 0
    },
    "enterprise":
    {
-        "version": "1.59.3",
+        "version": "1.60.0",
        "major": 1,
-        "minor": 59,
-        "patch": 3
+        "minor": 60,
+        "patch": 0
    }
 }
--- a/model/audit/audit.go
+++ b/model/audit/audit.go
@ -74,4 +74,7 @@ const (
 	EventTypeCategoryUpdate     EventType = "updated-category"
 	EventTypeCategoryLink       EventType = "linked-category"
 	EventTypeCategoryUnlink     EventType = "unlinked-category"
+	EventTypeGroupAdd           EventType = "added-group"
+	EventTypeGroupDelete        EventType = "removed-group"
+	EventTypeGroupUpdate        EventType = "updated-group"
 )
--- a/model/group/group.go
+++ b/model/group/group.go
@ -0,0 +1,30 @@
+// Copyright 2018 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package group
+
+import "github.com/documize/community/model"
+
+// Group defines a user group.
+type Group struct {
+	model.BaseEntity
+	OrgID   string `json:"orgId"`
+	Name    string `json:"name"`
+	Purpose string `json:"purpose"`
+	Members int    `json:"members"`
+}
+
+// Member defines user membership of a user group.
+type Member struct {
+	OrgID  string `json:"orgId"`
+	RoleID string `json:"roleId"`
+	UserID string `json:"userId"`
+}
--- a/server/routing/routes.go
+++ b/server/routing/routes.go
@ -23,6 +23,7 @@ import (
 	"github.com/documize/community/domain/category"
 	"github.com/documize/community/domain/conversion"
 	"github.com/documize/community/domain/document"
+	"github.com/documize/community/domain/group"
 	"github.com/documize/community/domain/link"
 	"github.com/documize/community/domain/meta"
 	"github.com/documize/community/domain/organization"
@ -53,6 +54,7 @@ func RegisterEndpoints(rt *env.Runtime, s *domain.Store) {
 	page := page.Handler{Runtime: rt, Store: s, Indexer: indexer}
 	space := space.Handler{Runtime: rt, Store: s}
 	block := block.Handler{Runtime: rt, Store: s}
+	group := group.Handler{Runtime: rt, Store: s}
 	section := section.Handler{Runtime: rt, Store: s}
 	setting := setting.Handler{Runtime: rt, Store: s}
 	category := category.Handler{Runtime: rt, Store: s}
@ -180,6 +182,11 @@ func RegisterEndpoints(rt *env.Runtime, s *domain.Store) {
 	Add(rt, RoutePrefixPrivate, "pin/{userID}/sequence", []string{"POST", "OPTIONS"}, nil, pin.UpdatePinSequence)
 	Add(rt, RoutePrefixPrivate, "pin/{userID}/{pinID}", []string{"DELETE", "OPTIONS"}, nil, pin.DeleteUserPin)

+	Add(rt, RoutePrefixPrivate, "group", []string{"POST", "OPTIONS"}, nil, group.Add)
+	Add(rt, RoutePrefixPrivate, "group", []string{"GET", "OPTIONS"}, nil, group.Groups)
+	Add(rt, RoutePrefixPrivate, "group/{groupID}", []string{"PUT", "OPTIONS"}, nil, group.Update)
+	Add(rt, RoutePrefixPrivate, "group/{groupID}", []string{"DELETE", "OPTIONS"}, nil, group.Delete)
+
 	// fetch methods exist to speed up UI rendering by returning data in bulk
 	Add(rt, RoutePrefixPrivate, "fetch/category/space/{spaceID}", []string{"GET", "OPTIONS"}, nil, category.FetchSpaceData)
 	Add(rt, RoutePrefixPrivate, "fetch/document/{documentID}", []string{"GET", "OPTIONS"}, nil, document.FetchDocumentData)