Request publishing rights on profile page

CatalogueOfLife / checklistbank

UI for checklistbank.org

https://www.checklistbank.org/

7 stars 2 forks source link

Request publishing rights on profile page #1464

Open mdoering opened 2 weeks ago

mdoering commented 2 weeks ago

Users need to request manually if they want editor rights so they can create and publish datasets. I would think its best linked from their profile, e.g. where the Roles re displayed. If no editor or admin role exists there should be a button to request it with a short paragraph to explain what they intend to do. It should also be required to have an ORCID. That prevents spammers and can be used to populate missing name and country infos.

I assume it would then be best to create an issue in a new private repository where we can manage user permissions. Or POST to the backend and we track editor requests there. But this then needs another page to list all requests and delete them if dealt with. Not a big deal to set up the API for this. How about the React part?

thomasstjerne commented 2 weeks ago

Yes it would be best to use a private GH repo. Since the UI has no proxy backend, the backend would still need to expose an endpoint that creates the issue in the repository

mdoering commented 2 weeks ago

ok. After thinking a bit more I would rather store it all in CLB and avoid github. Could you work with the assumption of the following method being available?

POST /user/editor-request

... with the body content being the text explaining the intended use.

I would then store an additional editorRequest property with the user and allow the user search to list only the current open users requesting editor permissions. We would then need to slightly adapt the admin user page with:

button or tick box to show only users with open requests
A way to show the request text - suggest a modular popup in a new small column with an icon
an action button inside that request popup to reject or accept it (accepting is the same as changing the roles to include editor

The backend will also send an email notification to the admins and the requesting user to acknowledge the request.

mdoering commented 1 week ago

The POST /user/editor-request exists now, but only verifies users and sends out an email to support to answer the request. Good as a start. @thomasstjerne you can add that to the UI now

mdoering commented 3 days ago

I start wondering if we should just allow any user to create new datasets. Then nothing new would be needed. Users can already be blocked through the UI in case they misbehave. And monitoring recently created datasets is sth we should do regularly anyway.