Document toolboxDocument toolbox

User Precursor

Background

There are several places in Synapse where a user needs to reference a collaborator who they find is not yet in Synapse.  The main two are:  (1) adding someone to a Team and (2) adding someone to an Access Control List. This set of services allows the creation of a 'user precursor' to which Team invitations and ACLs can be related. When the precursor is linked to an actual Synapse user, the resources provided to the precursor become those of the Synapse user.

UI Mockup

https://docs.google.com/presentation/d/1SKSzfWaOBAPdN87ivTXnLxV3ItuY7VoWANcXWeglxN0/edit?usp=sharing

 

Additional Requirements/Suggestions (from March 3 meeting):

  • need a 'batch mode' to allow a list of email addresses to be specified
  • forget the fname, lname fields
  • if a given email is already an alias in Synapse, invisibly convert into a membership invitation
  • after some expiration date, using the invitation-link should generate a membership invitation request

 

Client Responsibilities

The client is responsible for the sequence:

    1) create or select an account

    2) link the precursor to the account

    3) retrieve the associated team invitation(s) and  present them for acceptance

The client must ensure Synapse is logged out before the sequence begins.

 

Services

 

URIRequest MethodRequest Param'sRequest BodyResponse BodyDescriptionAuthority
/userPrecursorPOST email, fname, lname, invitation messageID, token

Create a user precursor for the given email address.

Sends email to invited user.

400 response if email has been used before.
authenticated users
/userPrecursorGETlimit, offset PaginatedResults of precursor

Returns all precursors created by the user.

(Ordered by creation time stamp?)

Precursor creator.
/userPrecursor/{id}GET----ID, token, principalID (or null), email, fname, lname Precursor creator.
/userPrecursor/{id}DELETE------

Delete user precursor.

403 status if precursor is already bound to an entity.

Precursor creator.

/userPrecursor/{id}/principal

Q: Is this the best URI?

POSTtoken----Bind a precursor to the principal of the currently authenticated user.  Any entity access records for the precursor become ACL records.Authenticated users.
/userPrecursor/{id}/access/entityPOST--entity ID, access type?

Adds the given access type to the given entity to the given precursor.

403 status if precursor is already bound to an entity.

CHANGE_PERMISSION access to the entity.
/userPrecursor/{id}/access/entity/{entityId}DELETE------

Remove all access to the given entity for the given precursor.

403 status if precursor is already bound to an entity.

CHANGE_PERMISSION access to the entity.
/userPrecursor/{id}/openInvitationGETteamId, limit, offset--PaginatedResults<MembershipInvitation>Get a paginated list of all the open membership invitations extended to a user, optionally filtering by teamId.PUBLIC

Note:  The MembershipInvtnSubmission object is extended to accept either a principal ID or a precursor ID.  So all the CRUD operations on this object now support user precursors.

 

Database Tables:

USER_PRECURSOR

  • ID
  • TOKEN
  • PRINCIPAL_ID (can be null)
  • USER_PROFILE

 

ACL_PRECURSOR

  • ID
  • ACL_ID
  • USER_PRECURSOR_ID

 

ACL_PRECURSOR_ACCESS_TYPE

  • ID
  • ACL_PRECURSOR_ID
  • ACCESS_TYPE