User Precursor
Background
There are several places in Synapse where a user needs to reference a collaborator who they find is not yet in Synapse. The main two are: (1) adding someone to a Team and (2) adding someone to an Access Control List. This set of services allows the creation of a 'user precursor' to which Team invitations and ACLs can be related. When the precursor is linked to an actual Synapse user, the resources provided to the precursor become those of the Synapse user.
UI Mockup
https://docs.google.com/presentation/d/1SKSzfWaOBAPdN87ivTXnLxV3ItuY7VoWANcXWeglxN0/edit?usp=sharing
Additional Requirements/Suggestions (from March 3 meeting):
- need a 'batch mode' to allow a list of email addresses to be specified
- forget the fname, lname fields
- if a given email is already an alias in Synapse, invisibly convert into a membership invitation
- after some expiration date, using the invitation-link should generate a membership invitation request
Client Responsibilities
The client is responsible for the sequence:
1) create or select an account
2) link the precursor to the account
3) retrieve the associated team invitation(s) and present them for acceptance
The client must ensure Synapse is logged out before the sequence begins.
Services
| URI | Request Method | Request Param's | Request Body | Response Body | Description | Authority |
|---|---|---|---|---|---|---|
| /userPrecursor | POST | email, fname, lname, invitation message | ID, token | Create a user precursor for the given email address. Sends email to invited user. 400 response if email has been used before. | authenticated users | |
| /userPrecursor | GET | limit, offset | PaginatedResults of precursor | Returns all precursors created by the user. (Ordered by creation time stamp?) | Precursor creator. | |
| /userPrecursor/{id} | GET | -- | -- | ID, token, principalID (or null), email, fname, lname | Precursor creator. | |
| /userPrecursor/{id} | DELETE | -- | -- | -- | Delete user precursor. 403 status if precursor is already bound to an entity. | Precursor creator. |
/userPrecursor/{id}/principal Q: Is this the best URI? | POST | token | -- | -- | Bind a precursor to the principal of the currently authenticated user. Any entity access records for the precursor become ACL records. | Authenticated users. |
| /userPrecursor/{id}/access/entity | POST | -- | entity ID, access type | ? | Adds the given access type to the given entity to the given precursor. 403 status if precursor is already bound to an entity. | CHANGE_PERMISSION access to the entity. |
| /userPrecursor/{id}/access/entity/{entityId} | DELETE | -- | -- | -- | Remove all access to the given entity for the given precursor. 403 status if precursor is already bound to an entity. | CHANGE_PERMISSION access to the entity. |
| /userPrecursor/{id}/openInvitation | GET | teamId, limit, offset | -- | PaginatedResults<MembershipInvitation> | Get a paginated list of all the open membership invitations extended to a user, optionally filtering by teamId. | PUBLIC |
Note: The MembershipInvtnSubmission object is extended to accept either a principal ID or a precursor ID. So all the CRUD operations on this object now support user precursors.
Database Tables:
USER_PRECURSOR
- ID
- TOKEN
- PRINCIPAL_ID (can be null)
- USER_PROFILE
ACL_PRECURSOR
- ID
- ACL_ID
- USER_PRECURSOR_ID
ACL_PRECURSOR_ACCESS_TYPE
- ID
- ACL_PRECURSOR_ID
- ACCESS_TYPE