Background
There are several places in Synapse where a user needs to reference a collaborator who they find are is not yet in Synapse. The main two are: (1) adding someone to a Team and (2) adding someone to an Access Control List. This set of services allows the creation of a 'user precursor' to which Team invitations and ACLs can be related. When the precursor is linked to an actual Synapse user, the resources provided to the precursor become those of the Synapse user.
UI Mockup
...
https://docs.google.com/presentation/d/1SKSzfWaOBAPdN87ivTXnLxV3ItuY7VoWANcXWeglxN0/edit?usp=sharing
create an external user token (EUT) (+ various meta data, e.g. first, last, email)
table columns: ID, token, first, last, email, principalId (initially null)
prior to its acceptance (when principalId is null), the EUT can be rescinded
should be able to update with new token (but keeping the same EU ID)
should sending the EUT to the person be a server-side or client-side function?
service to create a team invitation linked to an EU + services for all CRUD on such an object
shall we generalize the existing invitation or create a new object?
service to update an EU record, associating a principal Id
anyone having the EUT can link the EU record to their account
at this point the EUT can't be rescinded by the creator
...
Client Responsibilities
The client is responsible for the sequence:
1) create or select an account
2) link the EUT precursor to the account
3) retrieve the associated team invitation(s) and accept them (or and present them for acceptance)
following link must log out any user
The client must ensure Synapse is logged out before the sequence begins.
| URI | Request Method | Request Param's | Request Body | Response Body | Description | Authority |
|---|---|---|---|---|---|---|
| /userPrecursor | POST | email, fname, lname, invitation message | ID, token | Create a user precursor for the given email address. Sends email to invited user. 400 response if email has been used before. | authenticated users | |
| /userPrecursor | GET | limit, offset | PaginatedResults of precursor | Returns all precursors created by the user. (Ordered by creation time stamp?) | Precursor creator. | |
| /userPrecursor/{id} | GET | -- | -- | ID, token, principalID (or null), email, fname, lname | Precursor creator. | |
| /userPrecursor/{id} | DELETE | -- | -- | -- | Delete user precursor. 403 status if precursor is already bound to an entity. | Precursor creator. |
/userPrecursor/{id}/principal Q: Is this the best URI? | POST | token | -- | -- | Bind a precursor to the principal of the currently authenticated user. Any entity access records for the precursor become ACL records. | Authenticated users. |
| /userPrecursor/{id}/access/entity | POST | -- | entity ID, access type | ? | Adds the given access type to the given entity to the given precursor. 403 status if precursor is already bound to an entity. | User must have sharing rights to the entity AND be the precursor creator. |
| /userPrecursor/{id}/access/entity/{entityId} | DELETE | -- | -- | -- | Remove all access to the given entity for the given precursor. 403 status if precursor is already bound to an entity. | User must have sharing rights to the entity AND be the precursor creator. |
| /membershipInvitation | POST | -- | MembershipInvtnSubmission | MembershipInvtnSubmission | Create a membership invitation for a precursor. | User must be Team admin AND be the precursor creator. |
Database tables:
table columns: ID, token, first, last, email, principalId (initially null)