[ENG-6682] Add UserMessage feature for Institutional Access #10824
Conversation
Johnetordoff
changed the title
| }, | ||
| ) | ||
|
|
||
| def to_internal_value(self, data): |
There was a problem hiding this comment.
this was caused by using the RelationshipField it doesn't handle POSTing to relationships well.
Johnetordoff
force-pushed
the
institutional-access-user-message
branch
from
ce125ed to
f7a73c2
Compare
Johnetordoff
force-pushed
the
institutional-access-user-message
branch
from
f7a73c2 to
edb3118
Compare
There was a problem hiding this comment.
A few changes requested. Also, I'm not seeing some of the things mentioned in ARB. For example, did you ask product have having a "cc the sender" option, or did they say no to that? I also didn't see any rate limiting on the API call. Please go over the list of suggestions from ARB and make sure that they're all either disapproved by Product or implemented here.
api/users/permissions.py
Outdated
| if message_type == MessageTypes.INSTITUTIONAL_REQUEST: | ||
| return self._validate_institutional_request(request, user) |
There was a problem hiding this comment.
Is this the right place for this check? Again, it would give a 403, when a 409 Conflict or just a straight 400 might be more appropriate.
There was a problem hiding this comment.
Since currently this only applies to insti admin, I'll make that check here and move the institution validation and other details to the serializer. Good comment thanks.
api_tests/users/views/test_user_message_institutional_access.py
Outdated
Show resolved
Hide resolved
api_tests/users/views/test_user_message_institutional_access.py
Outdated
Show resolved
Hide resolved
| <p> | ||
| To review this request, please visit your project dashboard or contact your institution administrator for further details. | ||
| </p> |
There was a problem hiding this comment.
This isn't accurate for this kind of email. Please check with product to verify what the text of the email surrounding the comment will be when it's not a request for access message. Also, the name of the email template is not correct for this feature, since it's not a request for access message.
There was a problem hiding this comment.
Sorry about that I simply copied the wrong message Product gave me, here's their docs if you want to confirm scroll down to the end. https://docs.google.com/document/d/1ZVbfohipKiJrMeRQIp3xCIdO_l9kyMVPui1-CP0teBs/edit?tab=t.0
|
@brianjgeiger For the thing mentioned in the ARB, I assumed that these would come after the the other aspects have been approved. I'd like to make the |
|
Maybe I can cc here, but |
Johnetordoff
force-pushed
the
institutional-access-user-message
branch
from
9fc47ae to
cd45df2
Compare
|
Okay, that's fine. |
|
@Johnetordoff The cc: functionality was only supposed to go to the sender. It was a way of giving the sender confirmation that the message was sent and what the contents of the message was. It was not meant to go to the other institutional admins at all. |
|
Also, did you ask Product about the cc functionality, or did you just add it? I didn't see any questions in slack about any of the ARB ideas. |
|
@brianjgeiger I spoke with Product and had a meeting with Blaine right after the ARB and she was enthusiastic about adding the I'll try to keep some of this discussion in the slack. Sorry about that. |
Johnetordoff
force-pushed
the
institutional-access-user-message
branch
4 times, most recently
from
b97e597 to
cd45df2
Compare
api/users/views.py
Outdated
| required_read_scopes = [CoreScopes.USERS_READ] | ||
| required_write_scopes = [CoreScopes.USERS_WRITE] | ||
| parser_classes = (JSONAPIMultipleRelationshipsParser, JSONAPIMultipleRelationshipsParserForRegularJSON) | ||
|
|
||
| serializer_class = UserMessageSerializer | ||
|
|
There was a problem hiding this comment.
This view should have Throttle classes set per ARB. Probably just needs:
throttle_classes = [BurstRateThrottle, SendEmailThrottle]
api/users/views.py
Outdated
| UserMessagePermissions, | ||
| ) | ||
|
|
||
| required_read_scopes = [CoreScopes.USERS_READ] |
There was a problem hiding this comment.
This probably needs USER_EMAIL_READ as well.
Johnetordoff
changed the base branch from
develop
to
feature/institutional_access
Johnetordoff
force-pushed
the
institutional-access-user-message
branch
from
c91534e to
f3ab16b
Compare
Johnetordoff
merged commit 9831d86
into
CenterForOpenScience:feature/institutional_access
Purpose
This is to allow institutional admins limited messaging capabilities for users within their institution. This PR should allow an email message be sent to an institution member by an admin, using the UserMessage system.
Changes
is_institutional_adminmethod to user modelUserMessageFactoryUSER_MESSAGE_INSTITUTIONAL_ACCESS_REQUESTemail templateQA Notes
Please make verification statements inspired by your code and what your code touches.
What are the areas of risk?
Any concerns/considerations/questions that development raised?
Documentation
Side Effects
Ticket
https://openscience.atlassian.net/browse/ENG-6682
Bits discussed in at ARB:
#10841