fyliu
commented
1 year ago Ethan's work needs this level of no permission, where a registered user should have only public-level access until it's moved to memberGeneral.
Closed fyliu closed 1 year ago
fyliu
commented
1 year ago Ethan's work needs this level of no permission, where a registered user should have only public-level access until it's moved to memberGeneral.
ExperimentsInHonesty
commented
1 year ago We think we don't need another permission type because the user status and check type tables will end up being used in combination to restrict access.
We would also require an app token as well as cognito user token.
Discussion participants Fang Bonnie Shifra
fyliu
commented
1 year ago To clarify some more: The system would check that user status is "active" and that all the required checks are completed before allowing a user "member" level access to the API.
We need to implement checks for the permission to work, so check_type should be v0.1 . I updated its milestone.
Overview
PermissionType data in the tables spreadsheet should include a default permission that has almost no permission, like "Unverified user" or "Pre-onboarded user".
Action Items
Resources/Instructions
tables spreadsheet
Discussion
Remember that anyone is free to sign up for the cognito account before onboarding and have a valid login to the PD backend. Right now, the lowest permission level is memberGeneral, which I assume has more permission than we want to give a pre-member. For example, we don't want to allow people to start joining projects before they accepted the terms and conditions.