search

hackforwesternmass / lightupthemap

Light Up The Map was started by a group of Western Mass moms who were fed up with the slow pace of climate legislation. Our children's futures and health will not wait. We knew we needed to activate more people and more Representatives, and fast.
https://www.lightupthemap.com/
0 stars 1 forks source link

Hook to link lights to new user account #12

Closed a-pasquale closed 6 years ago

a-pasquale commented 7 years ago

After user creates a new account, we should link any new lights created as an anonymous user to their new account.

a-pasquale commented 7 years ago

How can we do this without giving Authenticated Users permissions to edit any lights?

I'm thinking of passing node ids for lights created before account creation with the POST to register a new account and then hooking into account registration to update the owners of those light nodes with the new user id if the light node ids are anonymous.

limako commented 7 years ago

I'm not sure the context here, but we separate authentication from authorization by setting the "Authorized User" role to have the same permissions as Anonymous. For people to have elevated permissions, we create other roles and anoint people with those roles using some other source of data (manually, or other cases, from the LDAP or Shibboleth environments we're using).

On 9/14/17 8:42 AM, Andrew Pasquale wrote:

How can we do this without giving Authenticated Users permissions to edit any lights?

I'm thinking of passing node ids for lights created before account creation with the POST to register a new account and then hooking into account registration to update the owners of those light nodes with the new user id if the light node ids are anonymous.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hackforwesternmass/lightupthemap/issues/12#issuecomment-329469649, or mute the thread https://github.com/notifications/unsubscribe-auth/AGqEmFL_NnJzpaXBhSeVp-vm7J4OIxraks5siR8tgaJpZM4PMTcU.

-- Steven D. BREWER limako@bierfaristo.com http://blog.bierfaristo.com/ Transsalte-senhalte.

rick02840 commented 7 years ago

@a-pasquale we can pass the node id of the created light when redirecting to a user login / account creation page, then can probably associate the user with that node id when user logs in or creates an account. A bit complex maybe.... @serundeputy what do you think? Another thought is to use email address. If we ask for email address on light creation --"if you want your light to be associated with you, please enter email" -- that is unique and is also unique to users, so we could associate lights to users via email. This is simpler. Optionally we could have a cron job that finds lights with anonymous authors and changes the light author to the correct user based on associated email address. @limako this issue describes the context: https://github.com/hackforwesternmass/lightupthemap/issues/3

a-pasquale commented 6 years ago

This functionality was incorporated by duplicating anonymous nodes that the user created before registering an account and then deleting the original anonymous nodes. Closing this issue, but will open another issue to deal with the permissions implications.