Allow journal managers to invite users to adopt a role

[ajnyga]

Tagging @bozana here

The issue is discussed here: https://forum.pkp.sfu.ca/t/ojs3-editing-user-roles-in-multi-journal-installations/28711

The problem: if a user is registered to more than one journal, the journal manager can not edit the roles the user has in her journal. In OJS2 this was possible and in OJS3 journal managers can still add the reviewer role when doing a review assignment.

Suggestion:

• allow editing user roles within a given context but do not allow editing the user detail (name etc.).
• add a new "edit roles" feature to the users grid
• for users that exist in multiple journals, do not show the "edit" feature for journal managers (no use if they can not edit anyway)

Problem with legislation: @bozana raised the problem with data privacy and user "contracts". Maybe we could just send a notification when journal managers adds a new role for a user. Basically the same thing we do now with the reviewers in OJS3.

[librariam]

• 1 from a PKP|PS client with a multi-site install

[asmecher]

Note from the CRedIT Helsinki sprint group: When an invitation process is supported for co-authorship, consider the QuickSubmit plugin being used for back-issue entry. Historical submissions will include authors without emails and an invitation process will not be workable; in this case editors should be able to authorship data directly.

Another complicated example: a submission includes a photograph of a sculpture. It may be necessary to credit the sculptor and the photographer.

[luizbgomide]

+1 from a multi-journal admin

[Devika008]

Hello,

I made a user flow that reflects the all the research, discussions and feedback received on this issue over the last few years along with some minor testing with a small user group at the Copenhagen Sprint. A big shout out to @withanage, @ajnyga, @bozana, @asmecher, @jardakotesovec and John for helping me fine tune the work further and make the process more GDPR compliant.

Summary of the requirement

1. In the “Users & Roles” section of the settings, we add a new “Invite user to take a role” action that can be used to invite any user to the journal OJS software based on an email address. The email sent will add the following:

   • Invitation request along with details of the role, starting date etc.
   • ORCiD verification details
   • GDPR compliance

2. Reviewer can be added to OJS in two ways

   • Through the review section of the submission: Here the Journal Manager (JM henceforth) / Editor can click on “Add a reviewer” action and will see the following: Reviewers already associated with the Journal and added to OJS and send a review request to them, “Add a new user”- here the JM/Editor can invite a user via email to not only review the submission but also be an OJS user in reviewer capacity- and “Enroll an existing user” - here the JM/Editor can add the reviewer role to a user who already has other OJS roles along with sending an invitation to review the submission.
   • Through the “Users & Roles” section: Here the JM/Editor can either add a new user to OJS as a reviewer or add a reviewer role to an existing OJS user. The user will then be shown in the existing reviewer section of “Add a reviewer” on a submission.

3. Multiple hosted Journal OJS Installation: For Multiple Hosted Journals, Editors/ JMs cannot access information of users of one Journal to another. In spite of the journals being hosted on the same OJS instance, the user will have to go through the verification again to protect the information to be GDPR compliant. This is the same method followed by likes of Slack wherein even if the channel is hosted by the same company, the invitation process needs to be followed and accepted by the user. However, I as a user will not have to create a new account, I can use my existing OJS logins and verify and accept the role.

4. Other important considerations

   • Even if the user information is publicly available, the JM / editor cannot input the information without consent. This will be translated in the journey in a way where the editors can input the information but they wont be stored in the system. They are shown to the user as suggestions when they accept the invite and the user approves or changes it. Post which the information is stored in the system
   • Co-author reauthorization is required even if the user is an existing OJS user

5. ORCiD Pre-requisite

   • Starting with 3.5.0, ORCiD Verification would not happen through a plugin. We're rewriting ORCiD support to be integrated into OJS rather than maintaining a plugin. The option to make ORCiD mandatory should be present as part of the 3.5.0 implementation; it shouldn't be necessary to write up a plugin to add the "make ORCiDs mandatory" checkbox.
   • If the JM/System Administrator/Editor has marked ORCiD verification as mandatory, then the email invitation sent will highlight that the verification is mandatory. If it’s not enabled then the ORCiD mandatory message on the email will not be shown
   • Mandatory or not, when the user is redirected to the ORCiD website to verify they have an option to skip the step. Since we cannot customize the ORCiD verification screen to show skip or not, the email will be the vehicle for communication.

Below are the user flows for inviting users to a role in OJS

A. Landing Page ( Settings > Users & Roles > Users)

B. The JM/editor needs to add a new role to a known user and searches for the user via their username or email ID by clicking on “invite user to take a role

1. 

• If an invitation is sent to an existing user to acquire a new role then the users name will appear in both the tables and not just one table

2. 

How the roles table functions

• Selecting a role from the drop down is compulsory
• The start date auto defaults to “today’s date” with an option for the Journal Manager to set a date in the future as well as past
• End date is not a field the JM can fill. Once the JM clicks on “Remove Role” the end date defaults to that date.
• Journal Masthead --> always auto defaults to appearing in the masthead with options of them not not certain roles which can be managed from the settings
• Once the JM clicks on “Remove Role” then not only the user access is removed but they stop appearing in the masthead as well
• Nothing can be toggled or changed once invitation is accepted by the user

3. 

4. 

5. 

6. 

C. The JM/editor needs to add a new role to a known user and finds the user in the list or searches for the user via their username or email ID.

1. 

2. 

3. 

4. 

5. 

6. 

• the user can choose to skip the ORCID iD Verification

7. 

8. 

D. The editor needs to add a new user and the user doesn’t have any existing OJS Account

1. 

2. 

• As you can see here, the editor can input user data limited to their email, given name and family name. Once the user accepts the invite, these inputs will appear as suggestions which the user can leave or change. Once the user accepts and saves information, only then is information stored in the system

3. 

4. 

5. 

6. 

7. 

8. 

9. 

10. 

E. For Multiple Hosted Journals, Editors/ JMs cannot access information of users of one Journal to another. In spite of the journals being hosted on the same OJS instance, the user will have to go through the verification again to protect their information and fort he process to be GDPR compliant. This is the same method followed by likes of Slack wherein even if the channel is hosted by the same company, the invitation process needs to be followed and accepted by the user. However, I as a user will not have to create a new account, I can use my existing OJS logins and verify and accept the role

1. 

2. 

3. 

4. 

5. 

As you can see the process is similar upto this point because to the editor its inviting a new user to their journal.

6. 

7. 

An existing OJS user, has two options here, either to link their existing OJS account or to create a new one using a new email id. Do note that even if the user uses an existing account, no information about the user activity can be shared with other journals in the same installation

8. 

9. 

[Devika008]

Continuing from the previous comment, here are the workflows for editors inviting reviewers.

As mentioned above the reviewer can be added to OJS in two ways - Through the review section of the submission: Here the Journal Manager (JM henceforth) / Editor can click on “Add a reviewer” action and will see the following: Reviewers already associated with the Journal and added to OJS and send a review request to them, “Add a new user”- here the JM/Editor can invite a user via email to not only review the submission but also be an OJS user in reviewer capacity- and “Enroll an existing user” - here the JM/Editor can add the reviewer role to a user who already has other OJS roles along with sending an invitation to review the submission. - Through the “Users & Roles” section: Here the JM/Editor can either add a new user to OJS as a reviewer or add a reviewer role to an existing OJS user. The user will then be shown in the existing reviewer section of “Add a reviewer” on a submission.

Here, I am showing the workflow of editor inviting the reviewer from the reviewer panel in the workflow

A. The reviewer does not have an existing user account. And the JM/Editor want to invite the reviewer through the reviewer panel in the submission

1. 

2. 

3. 

4. 

5. 

6. 

7. 

8. 

9. 

10. 

B. Enrol Existing User as a reviewer who is ORCiD Verified

1. 

2. 

3. 

4. 

5. 

6. 

C. Invite existing reviewer (not ORCiD Verified)

1. 

2. 

3. 

4. 

5. 

6. 

[Devika008]

Hello,

As this issue had too many components and journey's mashed into one, for decreasing the cognitive load on everyone, we all decided to break down the issue into four parts each highlighting an important element. If I have missed anything, please feel free to add them in the issues:

1. Allow Journal Managers to invite users to adopt a role - Editors, Authors, Readers, etc

2. Allow Journal Managers to Invite users to adopt a role - Reviewers

3. Allow Journal Managers to invite users to adopt a role - GDPR

4. Allow Journal Managers to invite users to adopt a role - ORCiD