Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PMT] - Admin Verification Portal #343

Open
10 tasks
SamratSahoo opened this issue Feb 6, 2025 · 0 comments
Open
10 tasks

[PMT] - Admin Verification Portal #343

SamratSahoo opened this issue Feb 6, 2025 · 0 comments
Assignees
@josephshenq

Comments

@SamratSahoo
Copy link
Member

SamratSahoo commented Feb 6, 2025
edited
Loading

Context

The admins want to have the power to give permissioned access to the rest of the application in a way that's more flexible.

Current Workflow:

  • Admins invite a user to the application via the access management page.
  • User is able to create their account.

We want to augment this workflow with the following:

  • User creates an account via Google/FB
  • The user cannot access anything, but the account is still created
  • Admin gets notification via email that a user signed up
  • Admin can choose to delete the account or verify it in the portal
  • Upon verification, the user can access the rest of the app

We should still keep the invite functionality. If an admin invites a user, their account automatically becomes verified upon creation.

Acceptance Criteria

  • Add any necessary attributes to the schema (i.e., maybe like a verifiedByAdmin attribute, but how you do it, I'll let you decide) + modify any corresponding user endpoints to account for this
  • On account sign-up, use juno SDK to send an email to [email protected] (for testing purposes) telling them a new user has signed up; you can use Juno for this; see this example on how to use Juno
  • Create a user management page similar to the access management page and add a button to verify the user and a button to delete the user.
    • Create any corresponding endpoints for the admin to verify + delete the user
    • You can also modify the access management page instead of making a new user management page if that's easier
    • Note: There is a distinction between a user and an account: a user is an account that has been created.
      • i.e., A user exists for a person who signed into that account and created their profile
      • If you keep access and user management pages the same, you'll want to differentiate which one of the accounts has an associated user with them
  • Ensure that no application functionality is accessible to a user unless an admin has verified them. You'll also want to secure API endpoints. The user should not be able to view posts, create posts, etc., until they are verified.
    • Any users already in the database should have access to everything
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josephshenq josephshenq

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamratSahoo @josephshenq