[RFC0001] Authentication

[mikkokotila]

What is it?

The ability to create an account, and log in with that account. Once logged in, the ability to manage settings belonging to the account.

How would it work?

You could create an account using Facebook, Google, or your email address. Once logged in, you will have access to features that are not available if you are not logged in.

Why is it important?

We can implement several important features which serve the needs of both translators and translation managers. Examples of the immediate implications include:

• Once logged in, your search history will be logged
• Once logged in, you could upload your own dictionary to be used
• Once logged in, the organization you belong to is identified(translation team)

Specification

Hierarchy

• Organization
• Translation Team
• Translator

User roles

• Organization manager (super-admin)
• Translation team manager (admin)
• Translator (member)

Settings

Organization Settings

Organization must belong to a user, so there is no separate user information at the Organization level.

• organization_name
• organization_logo
• invite_member
• add_member
• remove_member
• member_role
• show_dictionaries*
• custom_dictionary*
• same_as_team

Those marked with * can be locked to the Organization level i.e. Team and Member level can't make changes.

If same_as_team is set to True, Team Settings will be entirely disabled.

Team Settings

Team must belong to a Member, so there is no separate Member information at the Team level.

• organization_name
• organization_logo
• invite_member
• add_member
• remove_member
• member_role
• show_dictionaries*
• custom_dictionary*

Those marked with * can be locked to the Team level i.e. Member level can't make changes.

Member Settings

• name
• password
• connect_with_google
• connect_with_facebook

Views

• Settings view
• Add custom dictionary model/dialogue
• Add/remove/invite member

[blahmonkey]

Ideally simply implemented via GQL + pgsql. Maybe Hasura is a good way

[mikkokotila]

Base case

1) A person creates an account 2) That account becomes an organization 3) Now to that organization one or more translation teams can be created 4) Each translation team can have one or more translators

Quirk

• One translator can belong to translation teams in one or more organizations

[pdey]

Quirk

* One translator can belong to translation teams in one or more organizations

@mikkokotila : This can be an usual case that one translator can belong to multiple organizations. But can we assume that for a user uploaded dictionary will always belong to only one organziation? Also do we want to have any "shared public dictionary" that all users can use and modify?

[mikkokotila]

This can be an usual case that one translator can belong to multiple organizations. But can we assume that for a user uploaded dictionary will always belong to only one organization?

It will belong always to an organization, but it might be that not all the teams in that organization can access that dictionary.

Also do we want to have any "shared public dictionary" that all users can use and modify?

In settings, users will have option to declare their custom dictionary a public one also. In addition to that, there will be a growing number of public dictionaries everyone can access and choose from.

[pdey]

@mikkokotila What will be the on-boarding process for an Organization. Can any registered user create their own Organization ? And by creating an organization they automatically assume the "Organization Manager" for that Org. Or, alternatively, An user account that is created (by Padma Admin) with "Organization Manager" role can only create an Organization, after their registration with role is done. Which of these two ways will work for us?

Related question, Can one user own/create at most one Organization ?

[mikkokotila]

Basically, there are two different ways to create a new user:

1) A user who has the right to do so invites a user to join the organization 2) The comes to Padma.io and creates a new user

In the case of #2, the user must create an organization under which the user then resides. That user then becomes the owner of that organization.

Related question, Can one user own/create at most one Organization ?

A user can belong to more than one organization (if invited to those organizations) but can only create one (upon creating the user).

[pdey]

@mikkokotila Whats the functional and authorization differences between a dictionary uploaded by Organization (org admin) and Team (team admin).

1. Are all dictionaries (custom or public) uploaded by an Organization visible (readable) by all users across all Orgs, or limited only to the members belong to the Org.
2. Custom dictionaries uploaded by Org Admin - Can they be modified by all teams within the org ? Do they need to be assigned a team.
3. Similarly, what are the authorization accesses for a dictionary uploaded by a team_admin - within the team, all teams in their Org, All Orgs ?

[mikkokotila]

Are all dictionaries (custom or public) uploaded by an Organization visible (readable) by all users across all Orgs, or limited only to the members belong to the Org.

When a dictionary is uploaded, it has to be decided by the uploader if it's just visible to that org, or if it's visible to public.

Custom dictionaries uploaded by Org Admin - Can they be modified by all teams within the org ? Do they need to be assigned a team.

Dictionaries have to be assigned to teams or can set a dictionary to be automatically added to all teams under org.

Similarly, what are the authorization accesses for a dictionary uploaded by a team_admin - within the team, all teams in their Org, All Orgs ?

Maybe we make it so that only the org manager can upload dictionaries?

[pdey]

@mikkokotila So we can keep things like this may be.

1. Only Org Managers upload dictionaries.
2. Org manager can add/revoke access for the uploaded dictionary for
   • Public (READ)
   • User within org (READ and/or WRITE)
   • Team withing org (READ and/or WRITE)

This also implies that when a Team Manager adds a new translator, new member can automatically have the access rights to dictionaries available to the Team.

[mikkokotila]

Only Org Managers upload dictionaries.

yes

Only Org Managers upload dictionaries.

yes

[pdey]

@mikkokotila All Public dictionary should necessarily be READ_ONLY ?

[mikkokotila]

All Public dictionary should necessarily be READ_ONLY ?

I think not. The owner of the dictionary can always change it.

[pdey]

All Public dictionary should necessarily be READ_ONLY ?

I think not. The owner of the dictionary can always change it.

Ok. In that case who all can make changes to a Public dictionary. I guess should be restricted within the members of the Organization who owns the dictionary ?

[mikkokotila]

Ok. In that case who all can make changes to a Public dictionary. I guess should be restricted within the members of the Organization who owns the dictionary?

Public or not, all the same rules apply. Public is just one attribute for a dictionary that the owner can declare. But even then, once it has been set to Public, it would still have to be accepted by superadmin (so for example right now myself). In other words, Public or not, is not affecting anything else on the rights side.

[pdey]

Regarding design of dictionary data, there are three parts -

1. Dictionary Definition (Name of Dictionary, Organization, General access type (Public/Custom) )
2. Master list of Words across all dictionaries.
3. List of Descriptions or Meanings for each Word, each Description for a given Word is tied to a Dictionary. There could be multiple Descriptions as multiple dictionaries can have meaning for each Word.

Questions:

1. Can a single Dictionary have multiple Descriptions for the same Word ?
2. Can all team members in a dictionary add a new Word or update an existing Word. Or Words are entered only when a dictionary is updated and only the Descriptions can be added/edited ?

[mikkokotila]

Can a single Dictionary have multiple Descriptions for the same Word ?

Yes, I think many dictionaries will have that starting point that key is not unique.

Can all team members in a dictionary add a new Word or update an existing Word. Or Words are entered only when a dictionary is updated and only the Descriptions can be added/edited ?

Better is that this depends on the auth, so if person has been assigned those rights, then yes, if not then not. So you might have read, but not write or delete.

[pdey]

@mikkokotila At some point, do we also need to add audit data to keep a track of who has made changes, such as added/modified a word (that may be used by multiple dictionaries in multiple orgs), added/modified some descriptions, etc.

[pdey]

@mikkokotila Also can we simplify the access rules by granting access only to a Team and not to individual Translator. In this way we also enforce every Translator belong to a Team, with a Team having at least one Translator.

It will be simpler to enforce rule this way and avoid double checks for Translator and Team level access rights.

[mikkokotila]

Sure we could do that. There is anyhow the case where maybe some translators in a team are not allowed to make changes, but that could be overcome by having them in a separate team which don't have other than READ rights.

[pdey]

Based on the specification and disussions here, I have the basic database and graphql schema on https://github.com/Lotus-King-Research/Padma-Dictionary-Service/pull/8. Its still in draft, will soon publish the PR.