Closed heliogabal closed 8 years ago
darshi-shah
commented
8 years ago Hi Rainer,
Currently, site dont have register option. We need to let users create account on site. Let me know if we need admin approval and email verification in this. Also, if we let them login with social media, user account will be created automatically. Let me know which accounts to use for this and provide credentials for the same.
Please explain about PDF files.
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
you're right, forgot to tell you. No admin approval, but email verification. If there will be too much spam, we have to get some spam prevention as well. I had good experiences with the honeypot module for that, let me know if you know something better.
Currently, there is no role prepared for this. I'm not sure if it is better to use the built in authenticated user role for that matter, or create another role like "customer" or "client". Not sure what the most appropriate English term would be in real estate for that...
Maybe it would be best to put everything together in a feature module? Then we can create the respective role and permissions and don't have to do it manually. Prevents errors and provides better security control imo.
Right now, I only have the Twitter account ready, we will still have to finally decide which other services we want to offer. I'll let you know.
About PDF: Will have to be spec'd out fully yet, but in Germany, a house buyer has to provide certain legal documents to the real estate agent like a copy of his ID, a bank statement etc. So the client wants to collect these via the website, so the customer can upload these himself, and they get attached to the user. I think we would have to use the private file scheme for that, but I would need to get your advice on the security of that. Probably we should leave this out of this issue and I'll open another one for the documents functions once I have the full specs. So for now, just the user's data with edit capabilities should be shown after login.
darshi-shah
commented
8 years ago Hi Rainer,
Thanks for explaining this. I will create a new user role called "Buyer" and assign required permissions to this role. Honeypot is good. We can also use mollom.
I agree that these features should go in features module.
Also, after taking latest pull, we dont have "Dokument" content type. Let me know details about this please.
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
ok, let's use honeypot then. Mollom is problematic, because messages get sent to the US, and there is some legal unclarities about the Safe Harbour Agreement that would allow that.
And lets create a feature. Not sure if it is better to have several small distinct features, or if we should create a bigger hk_crm? I'll prepare one for the document content type, so you can have that as well. Naming it hk_crm for now, we can always decide later to split them up, no?
heliogabal
commented
8 years ago Hi Darshi, I realized I already put some CRM stuff into hk_admin feature, so I updated taht for the time being with the document ct and pushed to the develop branch. So now you should have the dokument as well.
darshi-shah
commented
8 years ago Hi Rainer,
I have pushed feature(HK Social Login) for this. The feature includes following:
I would also suggest that we add hidden captcha module for spam control.
This feature allows users to login using twitter. Let me know how we allow registration and what happens after user register using twitter.
I will be available on skype for chat.
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
thanks, I tried the feature and was able to successfully login via Twitter. It was a bit confusing that the Twitter Popup says "Post HK", shouldn't this be a separate one saying something like "H+K Login"?
Do we really need the email verification for Twitter? I was thinking that the email from the Twitter account could be used for the Drupal login, then it would already be verified by Twitter, and the user could be logged in right away, no? Because when I give my email and follow the respective link, I am told to change my password, but there is no way to change it, which is also confusing...
Then, I haven't been assigned the Buyer role automatically, are you still working on that or did I do something wrong?
I would want to wait and see how bad the spamming is going to be before activating another module, we're already at 230...
I still have to clear up how the registration should be incorporated into the page and how the user's landing page should look like, let you know asap.
darshi-shah
commented
8 years ago Hi Rainer,
We can use same twitter app for both posting to twitter and login. I will change app name to "H+K".
Email verification is on for all users. I will change this to have no email verification when user logged in via twitter. Users will automatically login to site.
I have added a rule to assign role automatically, I will push that in feature and let you know.
Also, please disable twitter signup module.
Thanks Darshi
darshi-shah
commented
8 years ago Hi Rainer,
I changed twitter app name to "H+K" but its showing as "H K". Let m e know if I need to change name to something else.
I have pushed code in git to remove email verification and assign role automatically.
Let me know what we need to do next in this issue.
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
I think then it would be best to call the app Herbert und Kohlmeyer Immobilien Gmbh. I can check everything tomorrow.
When the Buyer role is assigned, after login the user should land on his profile view. There is already an edit tab then, and we would need another tab called documents. There, the buyer should be able to upload documents and see them in a table with
Another tab should be called favorites, containing the users favorites, if any.
I still have to get tge full list of the required docs from the client...
darshi-shah
commented
8 years ago Hi Rainer,
These changes are done. Feature is pushed in git. Please make following additional changes for document name :
1 - make sure private file system path is set
2 - take pull
3 - go to admin/structure/types/manage/dokument/fields/field_dok_datei and enable " File (Field) Path settings"
4 - set file path to "dokumente" and " [node:field-dok-typ][node:author][node:created].[file:ffp-extension-original]" in file name
Let me know any questions in this. Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
ok, did that. Am I supposed to be able to see anything anywhere yet? Not sure how to check...
I see you changed the name of the app, thanks, that's better. Still, when I log in, the app wants to have permission to post to my twitter and more permissions that I don't need to give only for login, I think... Is there any way to split this up, so only the really necessary permissions are demanded for the login part? In Germany, there is a high reluctance towards and awareness of data mining issues, so these need to be considered.
I still have to put in an email address to register, can't the mail connected to twitter be used for that? If I put one in, I'm still not logged in but have to check my mail and follow that link, I think you changed that already? The feature says its in standard, so not sure what I'm doing wrong...
darshi-shah
commented
8 years ago Hi Rainer,
We can have separate apps for posting and login.
Please check this : https://twittercommunity.com/t/how-to-get-email-from-twitter-user-using-oauthtokens/558/39 - The API won't return an email address to you. If you're interested in a user's email address, you'll have to ask the user for it within your own application as a completely distinct act.
This is the reason we need user to email address. If we dont ask, user is created without email address.
Please make sure email verification is off in account settings (admin/config/people/accounts).
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
ok, so let's please do two apps to get only necessary permissions from login-users. So with the email, we leave it like that, but in the opened window, there should be a white background, right now it is not very readable as the email input form is directly over the background pic.
Disabled email verification.
thanks. Rainer
darshi-shah
commented
8 years ago Okay Rainer, I will make these changes and let you know.
darshi-shah
commented
8 years ago Hi Rainer,
I have created new app for login. Please set consumer public and secret keys from new app to test this.
CSS changes to remove background is also deployed.
Thanks Darshi
heliogabal
commented
8 years ago Hi Darshi,
great, that's much better permission-wise. I tested to login, didn't finally test the background thing, but if you removed it, it should be good to go. Closing this therefore.
The client wants to provide his customers with the possibility to log in to the site, edit their own user profile, upload needed documents, see their favorites and inquiries. This will be expanded further, but to begin with, there should be the login mechanism that creates a user and CRM Core contact with data either provided by the user on registration, or taken from social media platforms login functions.
This will be more convenient for the user, as she doesn't need to type as much, and we can collect more data at the same time, providing a better knowledge of the customer.
I looked at https://www.drupal.org/project/hybridauth and it seems to be the best solution I found. We should start with the possibility to log in via Twitter, then Facebook and Google, and probably Linkedin as well (the latter is not decided yet).
After registration, the user should be taken to a simple dashboard, where he can see his contact data, being able to edit it, and another page/ tab where he can upload PDF files. I created a new content type "Dokument" for the files, but this is going into another issues I guess.
Let me know what else you need to know, what data you need.