Workspace ACL's to allow sharing akin to template permissions page

[Emyrk]

Workspace Sharing

Just like templates, add ACL lists to workspaces to enable sharing. Sharing works to groups + users.

Backend

• Database + api work to add ACLs to workspaces

Frontend

• Permissions UI page for workspace for sharing to groups + other users

[ammario]

We should hold off on completing this until we have strong alignment on how to correctly do shared infrastructure. For example, @bpmct and I discussed Group-owned workspaces that everyone in a Group has access to. The benefit of that model is there are no user-specific credentials injected into the workspace at start.

A bad case is we have multiple paths in the product to achieve the same user story and no clear guidance to our users and when to use which.

[Emyrk]

@ammario at present we assume workspaces are owned by some user, and like you said we inject user credentials.

Moving to a group owned model, a lot of that code has to have branches. And scripts inside a workspace will need to have branches to accommodate missing env vars or w/e.

I would like to investigate the use cases for group owned workspaces. Peer development can be accomplished via extensions like VSCode LiveShare. If group owned workspaces are intended for some sort of ownerless environment like CI, it feels like a "CI" headless user could exist.

Just my 2c