[ENG-6682] Add reply-to and cc-ing features to Institutional Access #10841
Conversation
…wn address as a reply_to
Johnetordoff
changed the title
…terForOpenScience/osf.io into institutional-access-user-message-arb * 'feature/institutional_access' of https://github.com/CenterForOpenScience/osf.io: add user message read/write permissions to full add new user message oauth scope and throttling classes Fix backfill, report Update changelog and bump versions Follow-up fix for target/next (start/end) month Fix failures caused by base class MonthlyReporter update [ENG-6506] Fix: counted-usage clobbers (CenterForOpenScience#10799) [ENG-6435] Fix: duplicate reports when run for past years (CenterForOpenScience#10800) Add PrivateSpamMetricsReport (CenterForOpenScience#10791) [ENG-4438] Add OOPSpam and Akismet metrics to spam report (CenterForOpenScience#10783) [ENG-6364] Migrate Preprint Affilations (CenterForOpenScience#10787)
Johnetordoff
force-pushed
the
institutional-access-user-message-arb
branch
from
3bb43b8 to
dc2331e
Compare
framework/email/tasks.py
Outdated
| if cc_addr: | ||
| msg['Cc'] = ', '.join(cc_addr) |
There was a problem hiding this comment.
Check with product: How do they want the To and CC handled to avoid giving someone's email address away? The way this appears to be implemented, the recipients will both see the other's email address. In the case of a cc:, it might be that you want to bcc: both recipients.
There was a problem hiding this comment.
Yeah Product agrees BCC is better.
Johnetordoff
force-pushed
the
institutional-access-user-message-arb
branch
from
8cf6f25 to
87711e9
Compare
| to_addr=user_with_affiliation.username, | ||
| cc_addr=[institutional_admin.username], |
There was a problem hiding this comment.
This may be handled later on, but in the case of a bcc, both the sender and the recipient should be bcc'd, otherwise the sender will be able to see the recipient's email address.
Johnetordoff
force-pushed
the
institutional-access-user-message-arb
branch
from
87711e9 to
2130551
Compare
Johnetordoff
force-pushed
the
institutional-access-user-message-arb
branch
from
2130551 to
8de394a
Compare
| default=False, | ||
| help_text='The boolean value that indicates whether other institutional admins were CCed', | ||
| help_text='The boolean value that indicates whether other institutional admins were BCCed', |
There was a problem hiding this comment.
This should probably say, "The boolean value that indicates whether the sender is BCCed"
| @@ -87,7 +87,7 @@ def send_institution_request(self) -> None: | |||
| send_mail( | |||
| mail=MessageTypes.get_template(self.message_type), | |||
| to_addr=self.recipient.username, | |||
There was a problem hiding this comment.
I think, in the case of BCC'ing the sender, the recipient also needs to be BCC'd. There would be no to_address in that case. Without the BCC, however, it makes sense to have the recipient be in the to_addr.
There was a problem hiding this comment.
This is just a wrapper for the the two different email utilities that implement the BBC in different ways, so it's hard to say which behavior is actually "the best".
But anyway, if there's no to_addr and just bbc-ing, yes that can just BBC I just have to that meld with the two utility functions, seems reasonable from a developer experience perceptive to adapt that behavior to SendGrid and simple SMTP, but it's just making the send_email wrapper around SMTP and Sendgrid better if I understand correctly.
There was a problem hiding this comment.
Yeah, I'm not super-concerned where it's changed, just that all recipients of the email are bcc'd if the bcc option is chosen.
There was a problem hiding this comment.
Yeah I dealt with that here:
recipients = [to_addr] + (bcc_addr or [])
https://github.com/CenterForOpenScience/osf.io/pull/10841/files#diff-78b71751c095a6eb9a92be212c4acf17f402fc34266030b5440596cf2a57d243R112 sorry probably got lost with the clean-up, but that's new. Sendgrid has it's own way of handling it.
SMTP BCCs by just not CCing, so no additional action is necessary.
Johnetordoff
merged commit 7068791
into
CenterForOpenScience:feature/institutional_access
Purpose
Add the CCing and Reply-to features that were added as a result of the ARB.
Changes
send_mailutilitiesQA Notes
Please make verification statements inspired by your code and what your code touches.
What are the areas of risk?
Any concerns/considerations/questions that development raised?
Documentation
Side Effects
Ticket
PR:
I decided to split this off this PR, because it was only for features discussed in the ARB.