Private places: Watch requests and invitations

[Jaymassena]

Issue by Jaymassena 04/21/14 23:59:08 Originally opened as https://github.com/3meters/catalina/issues/69

---

Watch a private place

Pri 1: Watch request

• Private places only show in Candipatch if you are there
• If you are there, you can see the name and banner but it only shows messages (content) if you are the owner or already watching otherwise you see a big button to make a watch request. (something similar to a friend request). If you are using Candipatch anonymously, the user will see the standard sign-in requirement if they try make a watch request.
• If you make a watch request, the owner gets a notification and the opportunity to approve or discard the watch request. The requestor does not get notified that the watch request was discarded.
• If the owner accepts the watch request, a watch link is created between the place and the requestor. The requestor gets a notification that they are now watching the place, it shows in their list of watched places, and they can see any linked content (messages).
• If any non-owner ever unwatches a private place, they have to repeat the previous steps to start watching the place again. When you unwatch a private place, we confirm that’s what you want to do.
• Browsing another users profile only shows messages they’ve sent to public places.

  Pri 2: Watch invitation

• The place owner can share a watch invitation with anybody they want.
• The watch invitation includes a link that opens the place in Candipatch and the user is presented with the same workflow as a watch request.

  Watch management

  Pri 1: Request indicators

• Place owners can monitor watch requests by checking the list of places they own. Places with pending watch requests will be badged with a count of the requests for that place.

  Pri 1: Browse and delete watchers

• Private place owners can use an action in the UI to view a list of the users that have requested or have been approved to watch the place they own. The list shows the users photo, name, and their status. The list also includes the ability to select users and remove them as watchers (approved or not).

  Pri 3: Block users permanently

• Users can block any user permanently from watching any private places they own. When a user has been blocked, any request to watch any private places owned by the blocking user is rejected.

[Jaymassena]

Comment by Jaymassena 04/23/14 18:55:39

---

Work Items

Service

These have already been added to the private_places branch:

• Add the visibility property to _entity.js, type string, values=private|public, default=public
• Add the status property to _link.js, type string, values=requested|approved

Behavior

Watch links between a user and a private place:

• Inserting a watch link is only allowed if status='requested' unless the authenticated user is the owner of the private place.
• Inserting a watch link is only allowed if the _from entity is the same as the authenticated user. (we don't want to let someone spam people with watch links they didn't initiate.)
• Updating the status property on a watch link between a user and a private place is only allowed if the authenticated user is the owner of the private place.
• A watch link with either status can be deleted by either the owner of the 'to' entity or the 'from' entity.

Content linked to a private place:

• Any request to browse a private place should not include any linked entities, links to entities, or link counts unless the authenticated user is the private place owner or has a watch link to the private place where status='approved'.
• Any request to browse links to a private place or entities linked to a private place should be rejected unless the authenticated user is the private place owner or has a watch link to the private place where status='approved'.