-
Notifications
You must be signed in to change notification settings - Fork 1
Profile Sharing and Project Participation
SeaSketch is used all around the world and so must take a very proactive stance on user privacy to accommodate the many data protection laws it may fall under. Users must provide explicit consent to share their private information. The most obvious part of SeaSketch where this comes up is in the Participants/Users list in the admin interface. SeaSketch will not show information about a participant to the project administrator unless that user has joined the project and explicitly shared profile information.
When joining a project, users must provide a name, and optionally an email address, institutional affiliation, and other details which will be provided to administrators of the project. It will also be associated with any posts they make to the forum. After joining a project, administrators will be able to assign access control privileges such as admin access, access to particular forums and data layers, etc. If a user "leaves" a project and chooses to stop sharing profile information, these privileges will be suspended (implemented in postgres RLS).
Users should be prompted to share profile information with a project only when appropriate. Some visitors may just be "browsing" to determine what SeaSketch can do. Others may not want to share their information. Below is a list of common scenarios where users should be prompted.
- User is visiting the project homepage after following an invite. They should be immediately encouraged to share their profile information. If their invite includes group or admin privileges they should be warned that not participating means they will not receive these permissions.
- User registering a new account from a particular project. It can be assumed then that they probably are only joining SeaSketch to participate in that project.
- When viewing the map list, overlayers, or sketching tools, if there is content that is limited to admins or certain user groups then a subtle prompt should encourage users to join the project to potentially gain access.
- Forums should get a similar subtle prompt, and posting should be blocked entirely until the user is a participant.
- Attempting to access the admin interface. The admin link should be shown normally, but if they are not sharing profile information the link should go to the "join project page". This should be implemented as a redirect so that any admin page goes there.
Given these scenarios, when accessing a "join this project" page there are a set of variants to that page:
- "Plain", where the user is opting to join the project by following one of the subtle prompts scattered across the interface.
- Admin-access, where the user is attempting to use their admin privileges but they haven't shared a complete profile.
- Responding to an invite.
For both the Invite variant and the plain display, if the user has been added to a group or would have admin privileges these should be called out.