You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I agree to follow the Code of Conduct that this project adheres to.
I have searched the Issue Tracker for a feature request that matches the one I want to file, without success.
Suggestion
Opening this issue so as to document the way we currently approach user group related "add user" functionality and provide some suggestions on how we can improve on it for both existing and upcoming module features.
The limitation I'm about to describe is currently exclusively related to the Chat module's chat group feature, but should soon start affecting Authentication once its own user groups feature gets released.
As of right now, user authenticated application requests for creating a chat room and adding additional users to it unilaterally add target users to the group without any way for them to accept or decline this action.
While administrators should definitely be capable of operating in such a way, normal user requests should ideally be inviting other users to a group instead.
Automatically adding others into a group can not only end up being frustrating, depending on the app, but may also end up getting exploited by malicious users spamming such requests.
We would be retaining the existing functionality for apps that are best suited for it through a configuration option of course.
Adding users to a group, in the default configuration, should ideally send them an invitation for them to accept or decline.
We should also be sending out socket events for this so that client apps can pick these up in real time.
The very same considerations should be taken into account while implementing Authentication's user groups feature.
If we wish to take this up a notch at some point down the line we could make it so users' connections of sorts can be allowed to automatically add them to groups or even let users themselves configure their own preferences, but offering simple module configurations for it would be more than enough for most use cases and definitely not overkill.
This discussion was converted from issue #116 on April 17, 2022 16:32.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Checklist
Suggestion
Opening this issue so as to document the way we currently approach user group related "add user" functionality and provide some suggestions on how we can improve on it for both existing and upcoming module features.
The limitation I'm about to describe is currently exclusively related to the Chat module's chat group feature, but should soon start affecting Authentication once its own user groups feature gets released.
As of right now, user authenticated application requests for creating a chat room and adding additional users to it unilaterally add target users to the group without any way for them to accept or decline this action.
While administrators should definitely be capable of operating in such a way, normal user requests should ideally be inviting other users to a group instead.
Automatically adding others into a group can not only end up being frustrating, depending on the app, but may also end up getting exploited by malicious users spamming such requests.
We would be retaining the existing functionality for apps that are best suited for it through a configuration option of course.
Adding users to a group, in the default configuration, should ideally send them an invitation for them to accept or decline.
We should also be sending out socket events for this so that client apps can pick these up in real time.
The very same considerations should be taken into account while implementing Authentication's user groups feature.
If we wish to take this up a notch at some point down the line we could make it so users' connections of sorts can be allowed to automatically add them to groups or even let users themselves configure their own preferences, but offering simple module configurations for it would be more than enough for most use cases and definitely not overkill.
Beta Was this translation helpful? Give feedback.
All reactions