Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

frontend page for creating a new realm #1521

Open
wants to merge 26 commits into
base: dev
Choose a base branch
from
Open

frontend page for creating a new realm #1521

wants to merge 26 commits into from

Conversation

varCepheid
Copy link
Collaborator

closes #1510

@varCepheid varCepheid marked this pull request as draft January 13, 2023 02:37
@varCepheid varCepheid self-assigned this Jan 13, 2023
@varCepheid varCepheid added enhancement Adds a new feature or meets a request. wip backend Changes need to be made in the backend code. labels Jan 13, 2023
@varCepheid varCepheid added question Further information is requested. and removed wip labels Jan 15, 2023
@varCepheid
Copy link
Collaborator Author

varCepheid commented Jan 15, 2023

@calebeby At line 37 in new-realm, the server gets a request to POST a new realm, even if that realm is already in the database. Is there a check that should happen in the frontend code to make sure that doesn't happen, or will the backend take care of it?

A lot of typecheck errors remain, but they seemed to pass the test.
@varCepheid varCepheid added the needs work Changes have been suggested and need to be implemented. label Feb 21, 2023
@varCepheid varCepheid removed the question Further information is requested. label Feb 21, 2023
@varCepheid varCepheid marked this pull request as ready for review February 23, 2023 01:46
@varCepheid varCepheid added question Further information is requested. help wanted More attention or people are needed. and removed needs work Changes have been suggested and need to be implemented. question Further information is requested. labels Feb 23, 2023
@varCepheid varCepheid added the needs work Changes have been suggested and need to be implemented. label Feb 23, 2023
@calebeby
Copy link
Member

@varCepheid The checks are passing on the dev branch, and if this branch is up to date with that branch, then the checks should be passing here too. I think at least some of the changes in this PR aren't needed to make checks pass.

@varCepheid varCepheid marked this pull request as draft February 23, 2023 22:40
@varCepheid varCepheid marked this pull request as ready for review February 23, 2023 22:58
@varCepheid varCepheid enabled auto-merge February 23, 2023 22:59
@varCepheid varCepheid removed the needs work Changes have been suggested and need to be implemented. label Feb 23, 2023
@varCepheid varCepheid removed the backend Changes need to be made in the backend code. label Nov 15, 2023
@calebeby
Copy link
Member

calebeby commented Jan 6, 2024

@varCepheid I have a question about how this flow works for users. If a team was to create a new realm, now that realm has no users. So in order for them to start making approved users for their realm, they'd need to make an unverified user in that realm, and still go through the manual process of contacting pigmice and getting their account verified and set to admin. Then they could go and make other users.

Is it intended to still have that manual step there or were you envisioning something different?

package.json Outdated Show resolved Hide resolved
src/routes/signup.tsx Outdated Show resolved Hide resolved
src/routes.ts Outdated Show resolved Hide resolved
src/routes/signup.tsx Outdated Show resolved Hide resolved
@calebeby
Copy link
Member

calebeby commented Jan 6, 2024

@varCepheid it looks like newly-created realms have shareReports set to false, while all the previous realms have it set to true. Is that intentional?

@varCepheid varCepheid disabled auto-merge January 6, 2024 03:37
@varCepheid
Copy link
Collaborator Author

The shareReports bit was unintentional and I fixed it. My solution to the no-admins problem was to make the new-realm form have all the same fields as the signup form, so it creates the first account in the same action in the new realm and sets it to be an admin.

src/routes/signup.tsx Outdated Show resolved Hide resolved
@varCepheid
Copy link
Collaborator Author

I realized that making a user automatically an admin A. is a bad idea and B. gives us no oversight of new realms. I think we should just indicate that a new user in a new realm needs to join the Slack to become an admin.

@calebeby
Copy link
Member

calebeby commented Jul 5, 2024

@varCepheid Good point. However, if the backend already allows it, then people still could technically do it themselves (not a big fan of "security by obscurity"). Maybe we should make the backend have a constraint on creating new admin users/realms.

@varCepheid
Copy link
Collaborator Author

There actually is already a backend constraint, which meant the user creation request wasn't going through, because a non-admin user (in this case not even logged in) can't create users. I think the ideal way to do this is to create only the realm and then force the would-be admin to communicate with us about creating their user. The alternative is to create a dummy super-admin and log in as that user for only the time it takes to create the new user.

@varCepheid
Copy link
Collaborator Author

After talking with Elijah, I realized that of course a non-user can create a user because the signup page does it. The actual problem was in the return type of the createRealm method, but that's largely unimportant. Currently, the new-realm form creates the realm with an unverified user in it and directs the user to email me and get connected to the Slack. From there, we can verify them and make them an admin. I think this system puts the least burden on us but still allows us oversight of who is running realms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Adds a new feature or meets a request.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

create realms from frontend
3 participants