Closed wintermeyer closed 4 months ago
Please add a hook in the code with a comment where we can add a "report a state change by email to our admin team" functionality. Only for the :under_investigation
state.
Please write a test for the "immediate auto logout". We have to make sure that once an account is deactivated the owner of that account can not login and can not do anything if he is already logged in.
@wintermeyer , the next task will be ensuring the certain actions you describe match with a users status eg logging in etc
What I forgot: We need to establish a paper trail. Some sort of LogEntry resource where we log every action in the system. But that is an extra issue.
@wintermeyer could you kindly clarify what you mean by admin visible? Is it that an admin can view their profile? . For the incognito , hibernated and archived accounts , should we ensure that these accounts do not appear in the "Potential Partners" query too?
@wintermeyer could you kindly clarify what you mean by admin visible? Is it that an admin can view their profile?
Yes.
For the incognito , hibernated and archived accounts , should we ensure that these accounts do not appear in the "Potential Partners" query too?
YES! Good catch!
Okay , I think it will be better to break down each user state action into a PR to make sure we have got everything right and tested .
@wintermeyer , just a thought . A friend told me for incognito in other systems , you have to pay premium so it is something we can think about. Another thing would be , as an anonymous user can I like other profiles , and chat with them?
@wintermeyer , just a thought . A friend told me for incognito in other systems , you have to pay premium so it is something we can think about. Another thing would be , as an anonymous user can I like other profiles , and chat with them?
Yes, other systems do this. I do not want to go this way. I want animina to be a fair system.
We need to add a state machine to the
User
andBasicUser
resource. The state will change how a user can act and be seen. Right now I can think of the following states (but please add or change when you see fit):depends: Depends on the other policies which are already in place. But probably this is a yes. immediate auto logout: If this state is invoked we have to update all the pages that user is currently using to a black screen with some sort of "Your account is under investigation. Please come back tomorrow." message. Ideally we have to log out the user (if technically possible).
What is what
As always: Please use rights so that 3rd party access will not bypass any logic. Please remember the relations. I want to be sure that a 3rd party API access can not access the user/profile but all its stories, chats, images, etc. Please use common sense. When in doubt: Ask here or contact @wintermeyer