Add User states

[wintermeyer]

We need to add a state machine to the User and BasicUser resource. The state will change how a user can act and be seen. Right now I can think of the following states (but please add or change when you see fit):

	can login	user visible	admin visible	immediate auto logout	anonymous visible
:normal	yes	depends *	yes	no	depends *
:validated	yes	depends *	yes	no	depends *
:under_investigation	no	no	yes	yes	no
:banned	no	no	yes	yes	no
:incognito	yes	no	yes	no	no
:hibernate	yes	no	yes	no	no
:archived	no	no	yes	yes	no

depends: Depends on the other policies which are already in place. But probably this is a yes. immediate auto logout: If this state is invoked we have to update all the pages that user is currently using to a black screen with some sort of "Your account is under investigation. Please come back tomorrow." message. Ideally we have to log out the user (if technically possible).

What is what

	Description
:normal	Standard account.
:validated	Validated account. We are pretty sure that this is a real human.
:under_investigation	This account was flagged. Either by an other user, us (admins) or an AI. Something is fishy.
:banned	This account is banned. The main reason to still keep it is to block the mobile phone number and the email address.
:incognito	The user wants to read other users but doesn't want to be seen.
:hibernate	The user wants to keep the account but doesn't want to use it right now.
:archived	Somebody delete the account.

As always: Please use rights so that 3rd party access will not bypass any logic. Please remember the relations. I want to be sure that a 3rd party API access can not access the user/profile but all its stories, chats, images, etc. Please use common sense. When in doubt: Ask here or contact @wintermeyer

[wintermeyer]

Please add a hook in the code with a comment where we can add a "report a state change by email to our admin team" functionality. Only for the :under_investigation state.

[wintermeyer]

Please write a test for the "immediate auto logout". We have to make sure that once an account is deactivated the owner of that account can not login and can not do anything if he is already logged in.

[MICHAELMUNAVU83]

@wintermeyer , the next task will be ensuring the certain actions you describe match with a users status eg logging in etc

[wintermeyer]

What I forgot: We need to establish a paper trail. Some sort of LogEntry resource where we log every action in the system. But that is an extra issue.

[MICHAELMUNAVU83]

@wintermeyer could you kindly clarify what you mean by admin visible? Is it that an admin can view their profile? . For the incognito , hibernated and archived accounts , should we ensure that these accounts do not appear in the "Potential Partners" query too?

[wintermeyer]

@wintermeyer could you kindly clarify what you mean by admin visible? Is it that an admin can view their profile?

Yes.

For the incognito , hibernated and archived accounts , should we ensure that these accounts do not appear in the "Potential Partners" query too?

YES! Good catch!

[MICHAELMUNAVU83]

Okay , I think it will be better to break down each user state action into a PR to make sure we have got everything right and tested .

[MICHAELMUNAVU83]

@wintermeyer , just a thought . A friend told me for incognito in other systems , you have to pay premium so it is something we can think about. Another thing would be , as an anonymous user can I like other profiles , and chat with them?

[wintermeyer]

@wintermeyer , just a thought . A friend told me for incognito in other systems , you have to pay premium so it is something we can think about. Another thing would be , as an anonymous user can I like other profiles , and chat with them?

Yes, other systems do this. I do not want to go this way. I want animina to be a fair system.