vincent-peugnet / antilope Goto Github PK

In order to add a forum module to Antilope, the best solution seems to use SAML protocol.

It allow user to be automatically authenticated on a forum or any other SAML 2 compatible Service provider (SP).

The best way to do it seems to use the LightSAML-IDP library. This not well documented, happily for me, there is this perfect tutorial doing just what I'd like to do !

An example of SAML SP plugin for Flarum seems to be in active dev right now : https://github.com/askvortsov1/flarum-saml

If SAML is working smoothly, this will be a major improvement in terms of modularity !

Use emails for notifications

The main moment to add some share point to an user is for now during the validation process.

At this time, the idea is to calculate it based on 3 datas ;

• the rank of the validating user
• how much the sharable as already been validated
• then divided by the number of managers

add a view to easily check for event.

an easy way seems to be a week using 7 columns that are only displayed horizontally on large computer screens.

But, the simplest is just like the task list : display a list of all next days where something append (start, end) and what continue today.

To be able to fix a typo, or update an expired PGP key for instance.

Global parameter : users can view disabled sharables

check for level up should be triggered by multiple events:

• when an user get share points
• when an user login
• when an user create a sharable

MMhhh, maybe a better system would be to trigger thoose checks depending on the upper userclass access parameters.

What do you recommend @n-peugnet ?

When an user click on the "ask for contact" button, this should send some more preçise info related to the sharable.

should it be :

• some added contact info (email, phone, matrix, adresse, coordinate...)
• a new text bock containing text to help the user access the sharable
• both ?

Some sharable does not seems to need this contact logic. For example, thoses where managers are not responsible for it, this seems less acurate.

So, there should be a choice indicating how it need or not to be contacted :

1. don't need contact before accessing
2. auto contact, info are send automaticaly
3. manual contact, managers have to check manualy user profiles asking for it, and send them contact individualy
4. never send contact, only user needing access send contact by clicking the button, managers only can join the user using their contact infos.

There's an ideological problem with stratey number 3 and 4, as it add some judgment by the manager upon the user.
Maybe this should as well be a global parameter...

I don't remember what I've done here when correcting a spelling error, but I've broke the migration system. I think I've deleted the original creation of last_activivy.

I think I should transform it to ADD last_activity instead of CHANGE because there are no reference of last_activy before.

What do you think @n-peugnet

https://symfony.com/doc/current/security/access_denied_handler.html#customize-the-forbidden-response

add an admin panel and an admin role using symfony role system

Report are made to avoid abuse and try to keep a minimum security layer using user self moderation and dedicated moderators.

add the ability to report sharables and interested users to users. (interested users are users that have clicked on interested button on a sharable

This could be an UserClass propriety defining who can or not report. But keep in mind that it's a security tool, so this should not be reserved to only high user classes.

There should be different types of reports adressing to differents users types :

• report

  • the sharable is not available anymore (maybe this could be only when manager don't take responsibility for it) This is send to managers or public in case of no-responsibility for example
  • there's been a problem with the sharable
    • send it directly with managers
    • or send it to moderators, the reports will be analysed and used to block dangerous users or sharables

• user can create reports on

  • sharable
  • interest
  • validation
  • contact ???

• report right is set in their user class

This is not hte most important feature but ut might add clues on who have seen you're infos and the allow for solfing issues between peoples...

Are you ready ?

The simplest way could be a markdown file stored in the app files.
But only one admin could edit it.
It could be interesting to add the ability to allow moderators edit the rules.

AND

The most complex but interesting strategy could be to use a git-like rule system, but using a vote system to validate rules or not.
Voters could be mods of course, but also some users as defined by user-classes.

This could as well be done by some external dedicated tools, with a SAML connection #40 🥺 But I doubt on this solution.

Actually vote system for rules are very related to important aspects of this project. This would be a great implementation but maybe not too soon as it need a lot of work to do it well.

to help new user, there could be a lot of little texts infos div in each page explaning how it works.

Users can then just uncheck it in there account setting to hide those.

This seems to me the easiest way to add some help in the application. It take advantage of the precise page sub-division.

allow users to bookmark sharables

• userclass update, depends on #53
• invitation has been used
• account has been disabled
• validation received
• rules update
• invited to manage a sharable

each sharable should have the ability to store geo datas.

There should be two ways of doing so ;

• by setting up a longitude and a latitude
• by setting up a address, postal code, country

When a one is set but not the other, the app will check on online API to get the other.

Roadmap

• store coordinates with sharables
  • add a long and lat property to Sharable entity as float ?
  • update the form
  • add a radius property for public location anonymisation
• map view
  • implement leaflet
  • add deflate library
• add the (reverse)geo-coding function in forms
  • store address in sharable
  • install a library to do this
    • maybe bazingaGeocoderBundle
• radar view on phones
  • craoGeoBundle to calculate distances in database.

So, would you be interested for a setup of ye olde php toolchain:

• PHPStan for static analysis (+ symfony plugin) (#19)
• PHPCS for style checkink (PSR12) (#23)
• GitHub Action to run these checks on pull requests and master (#35)

In addition I could add a command in Symfony console that run the checks to easily check before committing.

indicate when :

• an user can't be interested if it's because he or she haven't set any contact (linking to the contact edit form)
• he or she already validated
• he or she is already interested

For this, I will need to use the JOIN TABLE strategy.. 🤕

This seems quite the same idea

checkboxes to select tags in sharable/edit

Problem, when there is a lot of tags, thing will get pretty messy...

Two possibilities I see :

• in global parameters : allow or not users to create tags
• user can create tags only at a certain point.

instead of editing sharable description as a part of /edit, add a specific interface with a generous editor.

Choosing a rich markdown editor

What I need:

1. display markdown synthax
2. have toolbar for text style
3. have image import tool !?
4. have an easy url tool

In fact, Github editor is almost perfect, I love the image drag n drop function, but it lack of url help wich is cool for beginners I think.

Selection

• Toast UI Editor
• stackedit.js
• hyperMD
• simpleMDE Easy Markdown Editor lightweight

For example Toast UI editor is based on Jquery, and I use jquery query for bootstrap menu and others. Is it a good strategy to use only one main library like this more than many differents @n-peugnet ?

• try using DEFAULT SQL option

Warning could be send to users that received a certain amount of report.

This could be automatic: for example if first warning is set after 3 reports, the user will directly have a warning message.
But what will contain this message ?

• It should not give information about who send them
• it should explain in a way what for the user is warned. But how to do this ?
  • The only way I see to synthesize a problem, is through an human. This could be a moderator job to write the warning message or to select it in a list of categories, or both... Even better if it's referring to a specific part of the rules.
    • But moderators should not be able to see there own reports !
    • Maybe categories to choose when sending a warning could be directly in the rule list, according that rules are stored in a database table (#45).

What to do with the warning after it's been send ? Maybe let's just wait ! A warning could have a perish date set in global parameters. For example every warning last 3 months.

There could also be a number of simultaneous warning after which an user is disabled (meaning he or she can't /search/interest/validate any sharable.

It is strange to have to click on a button to receive the first one.

Usually it is automatic

VERY IMPORTANT 😉

Re-use the userclass/id by adding a userclass/id/edit and a userclass/id/delete.

access would be controller by userClassVoter checking if user is admin.

edit

Should be the same form as add but with a few differences:

• The rank could only be set between next and previous userClass ranks.
• the submit button will be called "edit"

Delete

On delete, all the user will migrate to the next lower user class or then upper.
It will be impossible to delete the last userClass standing.

Allow manager to manage sharables anonymously.

That could be a boolean in Manage object indicating it.

9da99c1#r46392536

Plizzz help me @n-peugnet !! 🤕

Store contacts in a new table.

• createdAt
• user
• sharable
• type (email, phone, matrix, adresse, coordinate...)

Question, does the sharables and users contact need to share the same table or is it better to split ?

user need to confirm that they really want to manage before they're actually added as managers.

• Do the same work that for sharable but for users.
  • add a select user class
  • add a search bar
  • ggg

Userclass/id should be redirected to user search using a get parameter indicating witch user_class to filter

But should they at least see the name ? without the ability to follow the link ?

add a consumption propriety in sharable entity

This could be for now just a boolean.

In a more advanced version this could be a int, that could indicate a quantity, but it's quite strange.

Could this propriety interact with validation ? as a consumable sharable should be deleted after a fixed amount of validation. But as validation are not so sure, it sounds a bit dangerous...

At least french for the beta.

https://symfony.com/doc/current/translation.html

This should be a global parameters to allow or not managers doing this

Deactivation of a sharable should not be a little checkbox in the edit page.

In fact activation or not is a different kind of info. That is why it should need a different place.

I could as well imagine storing in the database a "last toggle" date to indicate since when a sharable has been deactivated or since when it has be (re)activated. This will start with the first "activate" clic by the manager.

Funny idea : instead of storing a classic bool (0 or 1), I could store a int using a method isActivated() sending true if the number can't be divided by two and false if it can. That way, I just have an info of how much times it has been activated. LOL
It's really if you don't want to create an activate table with manyToOne relationship 😄 @n-peugnet

For this, I will need to use the JOIN TABLE strategy.. 🤕

account deactivation based on inactivity.

This sounds like a parameter in userClass:

• inactive (int)

quantity of days before inactivity pruning ( 0 for immunity )

And of course, store in the User class the lastConnect (datetime) and active (bool) datas.

But how to implement this ? should it be :

1. a cron job ?
2. or when an user connect ?
3. Or a scan triggered by admins or moderators ?

I know that I can easily implement a mix of 2 and 3, but maybe you have a better idea @n-peugnet ?

For many reasons, an user could become disabled.
It could happen:

• after a certain amount of warnings
• because of inactivity pruning #32
• because an user want to left the network ?? (is it the same thing)

But what does it mean to be disabled ?

• can't access sharable
• can't create sharable
• can't be contacted
• can't invite

So the user can still connect read the rules, and maybe later, contact staff.

What to do with already existing sharable ?

There are two cases:

1. When the disabled user is the only manager
   • this should be considerate as un-contactable, so impossible to be interested in.
     • this mean sharable using contact method 1 are still working
2. When there are onther non-disabled users
   • the sharable should remain as contactable if at least one contact exist.

Is disabled the same thing as deleting an account ?

Account should never be totally deleted. As there is often this logic of one account / user / lifetime. But it is not for every purpose. Maybe this could be a global parameter. accountRealDelete (bool). Or, allow or not user to leave with no traces.

This is related to the question: can user delete sharables ? This is interesting for archive purpose.

After all, I think the solution may be to ask the leaving user if he or she'd like to delete all it's history or not. This could be a parameter allowUserDeleteHistory (bool). The most problematic deletion seems to be validations.

• app:install
  • create a default user class (basic_user, rank:10, can create)
  • maybe other stuffs later
• app:admin asking for an user id, user will be set as admin
• app:testmail ask for email adress and try to send mail returning error status or success

All of this using https://symfony.com/doc/current/components/console.html and of course the success green output for @n-peugnet