Last active
December 3, 2021 16:51
-
-
Save gurukulkarni/97d19e295ca0e72e683ef72eaf7739dd to your computer and use it in GitHub Desktop.
Invitation And Invitation Acceptance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| killer use cases | |
| --- action | |
| -> error handling | |
| -> single action for all invites / acceptance | |
| --- Direct Data Access | |
| -> testability | |
| CREATE:: --> | |
| A Mutation Action that authenticated person call that then writes to company_invitation / zone_invitation (create permission view +/ log?) | |
| -> Only authenticated person with COMPANY_WIDE_STAFF_ADMIN -> zone_invitation / COMPANY_ADMIN (T.B.D.) -> company_invitation | |
| -> Optional person_id | |
| -> multiple roles in another column | |
| -> expiry_date? | |
| gets back an invitation_id UUID / or a longer id for security that points to -> company_invitation.id | |
| READ:: --> | |
| A Query Action that takes this invitation_id and checks it | |
| -> with company_invitation.id you can read from a view the details and optionally restrict to a person id if it is present | |
| -> Check if it is expired or already accepted | |
| -> if expired or already accepted | |
| -> send appropriate response | |
| -> else -> the type of invitation + the details that are available | |
| BETTER_INVITATION_REPRESENTATION?:: --> qr code | |
| ACCEPT:: --> | |
| A Mutation Action that authenticated person calls with this invitation_id | |
| *** -> all authenticated persons can call this | |
| -> Check if it is expired or already accepted | |
| -> Write invitation expired or accepted to company_invitation_acceptance | |
| -> send appropriate response | |
| -> else if person_id present in company_invitation then check it matches the person_id from company_invitation_acceptance entry | |
| -> read company_invitation and see if | |
| -> if not then do nothing + throw exception | |
| -> Write invitation acceptance failed | |
| -> if person_id is not present in company_invitation or it matches | |
| -> we grant these permissions | |
| -> insert into person_company_roles | |
| -> default Staff role if not present | |
| -> return success response | |
| -------- Direct Database Access ----------- | |
| CREATE:: --> | |
| COMPANY_WIDE_STAFF_ADMIN writes to company_invitation / zone_invitation | |
| -> Key Points | |
| -> Not Only are the invitations themselves are time limited | |
| -> But also the person who join using such an invite has to be removed from the zone / company / role ? | |
| READ:: -> | |
| with the invitation_id | |
| write a row to a company_invitation_acceptance table a column allow_to_read | |
| -> reads using the association read the company_invitation | |
| -> a view for reading an invitation / keep this info in company_invitation / zone_invitation | |
| -> if the allow_to_read is already set do nothing and return the info | |
| ACCEPT:: --> | |
| -> 1 invitation multiple acceptance | |
| -> a trigger that run on update of a column on company_invitation_acceptance accepted = true | |
| -> does all things needed for acceptance see: *** | |
| -> When invite is of type "EXTERNAL" -> If the person accepting the invitation is already a guard / admin / staff in the company then it is rejected | |
| Time based invitation --> | |
| COMPANY_WIDE_STAFF_ADMIN -> created a time bound invite -> gives it to security service -> who invites random people -> they accept -> then are removed after the invite time | |
| ------------------------- | |
| membership_shadow -> write old membership info before updating |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment