From ef4fff9e9b3ce90de8d2d37ff76e4944327c4e22 Mon Sep 17 00:00:00 2001 From: Robert Smith Date: Mon, 25 Aug 2025 20:40:04 -0230 Subject: [PATCH 1/8] Refactor user policy methods to enforce platform management permissions --- app/policies/better_together/user_policy.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/policies/better_together/user_policy.rb b/app/policies/better_together/user_policy.rb index 11c31508a..c576f9753 100644 --- a/app/policies/better_together/user_policy.rb +++ b/app/policies/better_together/user_policy.rb @@ -3,11 +3,11 @@ module BetterTogether class UserPolicy < ApplicationPolicy # rubocop:todo Style/Documentation def index? - user.present? + permitted_to?('manage_platform') end def show? - user.present? + user.present? && (record == user || permitted_to?('manage_platform')) end def create? @@ -19,7 +19,7 @@ def new? end def update? - false + permitted_to?('manage_platform') end def edit? @@ -36,7 +36,9 @@ def me? class Scope < Scope # rubocop:todo Style/Documentation def resolve - scope.all + return scope.where(id: user.id) unless permitted_to?('manage_platform') + + scope.order(created_at: :desc) end end end From d612fa4d599ef356c52eb3ee2e8f263c12a7e497 Mon Sep 17 00:00:00 2001 From: Robert Smith Date: Tue, 26 Aug 2025 11:20:04 -0230 Subject: [PATCH 2/8] WIP: User management guide --- docs/diagrams/source/user_management_flow.mmd | 239 +++++++++ docs/end_users/user_management_guide.md | 327 ++++++++++++ docs/platform_organizers/user_management.md | 482 ++++++++++++++++++ 3 files changed, 1048 insertions(+) create mode 100644 docs/diagrams/source/user_management_flow.mmd create mode 100644 docs/end_users/user_management_guide.md create mode 100644 docs/platform_organizers/user_management.md diff --git a/docs/diagrams/source/user_management_flow.mmd b/docs/diagrams/source/user_management_flow.mmd new file mode 100644 index 000000000..4bcada925 --- /dev/null +++ b/docs/diagrams/source/user_management_flow.mmd @@ -0,0 +1,239 @@ +graph TB + %% User Management Flow - End User and Platform Manager Perspectives + %% Better Together Community Engine + + %% User Registration Flow + subgraph "User Registration Flow" + A[User Initiates Registration] --> B{Platform Privacy?} + B -->|Public| C[Direct Registration Form] + B -->|Private/Invitation-Only| D[Invitation Code Required] + + D --> E{Valid Invitation Code?} + E -->|No| F[Show Code Entry Form] + E -->|Yes| G[Pre-filled Registration Form] + F --> H[User Enters Code] + H --> E + + C --> I[Registration Form] + G --> I + + I --> J[User Fills Form] + J --> K{Form Valid?} + K -->|No| L[Show Validation Errors] + L --> J + + K -->|Yes| M[Create User Account] + M --> N[Create Person Profile] + N --> O[Process Legal Agreements] + + O --> P{Invitation Present?} + P -->|Yes| Q[Apply Invitation Roles] + P -->|No| R[Default Community Member] + + Q --> S[Mark Invitation Accepted] + R --> T[Send Confirmation Email] + S --> T + + T --> U[User Checks Email] + U --> V[Click Confirmation Link] + V --> W[Account Activated] + W --> X[Sign In Available] + end + + %% Platform Manager Invitation Management + subgraph "Platform Manager - Invitation System" + PM1[Platform Manager Access] --> PM2[Host Dashboard] + PM2 --> PM3[Platform Management] + PM3 --> PM4{Create New Invitation?} + + PM4 -->|Yes| PM5[New Invitation Form] + PM4 -->|No| PM6[View Existing Invitations] + + PM5 --> PM7[Set Invitation Details] + PM7 --> PM8[Assign Roles] + PM8 --> PM9[Set Validity Period] + PM9 --> PM10[Add Personal Message] + PM10 --> PM11[Create Invitation] + + PM11 --> PM12[Generate Invitation Token] + PM12 --> PM13[Queue Invitation Email] + PM13 --> PM14[Background Email Job] + PM14 --> PM15[Email Delivered] + + PM6 --> PM16[Invitation List View] + PM16 --> PM17{Invitation Actions?} + PM17 -->|View URL| PM18[Copy Invitation Link] + PM17 -->|Resend| PM19[Resend Email Job] + PM17 -->|Delete| PM20[Remove Invitation] + + PM19 --> PM14 + end + + %% User Authentication Flow + subgraph "User Authentication" + AUTH1[User Sign In Attempt] --> AUTH2[Enter Email/Password] + AUTH2 --> AUTH3{Credentials Valid?} + + AUTH3 -->|No| AUTH4[Show Login Error] + AUTH4 --> AUTH5{Too Many Attempts?} + AUTH5 -->|Yes| AUTH6[Account Lockout] + AUTH5 -->|No| AUTH2 + + AUTH3 -->|Yes| AUTH7{Account Confirmed?} + AUTH7 -->|No| AUTH8[Resend Confirmation] + AUTH7 -->|Yes| AUTH9[Load User Session] + + AUTH9 --> AUTH10[Check Platform Privacy] + AUTH10 --> AUTH11{Private Platform?} + AUTH11 -->|Yes| AUTH12{Valid Invitation?} + AUTH12 -->|No| AUTH13[Access Denied] + AUTH12 -->|Yes| AUTH14[Grant Access] + AUTH11 -->|No| AUTH14 + + AUTH14 --> AUTH15[Load User Context] + AUTH15 --> AUTH16[Cache Permissions] + AUTH16 --> AUTH17[Redirect to Dashboard] + end + + %% Platform Manager User Support + subgraph "Platform Manager - User Support" + SUP1[Support Request Received] --> SUP2[Categorize Issue] + SUP2 --> SUP3{Issue Type?} + + SUP3 -->|Authentication| SUP4[Check Account Status] + SUP3 -->|Profile| SUP5[Review Profile Data] + SUP3 -->|Community Access| SUP6[Check Memberships] + SUP3 -->|Technical| SUP7[System Diagnostics] + + SUP4 --> SUP8[Password Reset Tools] + SUP4 --> SUP9[Email Verification] + SUP4 --> SUP10[Account Unlock] + + SUP5 --> SUP11[Edit Profile Access] + SUP5 --> SUP12[Privacy Settings] + SUP5 --> SUP13[Username Changes] + + SUP6 --> SUP14[Role Assignment] + SUP6 --> SUP15[Community Membership] + SUP6 --> SUP16[Permission Updates] + + SUP7 --> SUP17[Error Log Analysis] + SUP7 --> SUP18[System Health Check] + SUP7 --> SUP19[Escalate to Tech Team] + + SUP8 --> SUP20[Implement Solution] + SUP9 --> SUP20 + SUP10 --> SUP20 + SUP11 --> SUP20 + SUP12 --> SUP20 + SUP13 --> SUP20 + SUP14 --> SUP20 + SUP15 --> SUP20 + SUP16 --> SUP20 + SUP17 --> SUP20 + SUP18 --> SUP20 + + SUP20 --> SUP21[Test Resolution] + SUP21 --> SUP22[Notify User] + SUP22 --> SUP23[Document Solution] + SUP23 --> SUP24[Close Support Ticket] + end + + %% User Profile Management + subgraph "User Profile Management" + PROF1[User Profile Access] --> PROF2[View Profile Page] + PROF2 --> PROF3{Edit Profile?} + PROF3 -->|No| PROF4[View Only Mode] + PROF3 -->|Yes| PROF5{User Owns Profile?} + + PROF5 -->|No| PROF6[Permission Check] + PROF6 --> PROF7{Admin Access?} + PROF7 -->|No| PROF4 + PROF7 -->|Yes| PROF8[Admin Edit Mode] + + PROF5 -->|Yes| PROF9[User Edit Mode] + + PROF8 --> PROF10[Edit Profile Form] + PROF9 --> PROF10 + + PROF10 --> PROF11[Update Information] + PROF11 --> PROF12{Changes Valid?} + PROF12 -->|No| PROF13[Show Validation Errors] + PROF13 --> PROF10 + + PROF12 -->|Yes| PROF14[Save Changes] + PROF14 --> PROF15[Update Search Index] + PROF15 --> PROF16[Broadcast Updates] + PROF16 --> PROF17[Show Success Message] + end + + %% Platform Manager User Administration + subgraph "Platform Manager - User Administration" + ADM1[User Administration Access] --> ADM2[User Directory] + ADM2 --> ADM3[View All Users List] + ADM3 --> ADM4{Select User Action?} + + ADM4 -->|View Details| ADM5[User Profile View] + ADM4 -->|Edit Account| ADM6[Admin Edit Access] + ADM4 -->|Role Management| ADM7[Role Assignment Interface] + ADM4 -->|Delete Account| ADM8[Account Deletion Workflow] + + ADM5 --> ADM9[Review User Activity] + ADM9 --> ADM10[Community Memberships] + ADM10 --> ADM11[Content History] + ADM11 --> ADM12[Support History] + + ADM6 --> ADM13[Modify Account Details] + ADM13 --> ADM14[Update Profile Information] + ADM14 --> ADM15[Audit Log Entry] + + ADM7 --> ADM16[Platform Role Assignment] + ADM7 --> ADM17[Community Role Assignment] + ADM16 --> ADM18[Permission Recalculation] + ADM17 --> ADM18 + ADM18 --> ADM19[Cache Permission Updates] + + ADM8 --> ADM20[Data Export Option] + ADM20 --> ADM21[Confirmation Required] + ADM21 --> ADM22[Account Deletion] + ADM22 --> ADM23[Data Cleanup Jobs] + ADM23 --> ADM24[Audit Trail Update] + end + + %% Security and Monitoring + subgraph "Security and Monitoring" + SEC1[Security Monitoring] --> SEC2[Failed Login Detection] + SEC2 --> SEC3{Suspicious Activity?} + SEC3 -->|Yes| SEC4[Account Lockout] + SEC3 -->|No| SEC5[Normal Activity Logging] + + SEC4 --> SEC6[Security Alert] + SEC6 --> SEC7[Platform Manager Notification] + SEC7 --> SEC8[Investigation Required] + + SEC5 --> SEC9[Activity Analytics] + SEC9 --> SEC10[User Engagement Tracking] + SEC10 --> SEC11[Platform Health Monitoring] + + SEC8 --> SEC12[Account Analysis] + SEC12 --> SEC13{Security Risk?} + SEC13 -->|Yes| SEC14[Enhanced Security Measures] + SEC13 -->|No| SEC15[Account Recovery Process] + + SEC14 --> SEC16[Password Reset Required] + SEC15 --> SEC17[User Notification] + SEC16 --> SEC18[Security Incident Documentation] + end + + %% Styling + classDef userAction fill:#e1f5fe,stroke:#01579b,stroke-width:2px + classDef adminAction fill:#f3e5f5,stroke:#4a148c,stroke-width:2px + classDef systemProcess fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px + classDef errorState fill:#ffebee,stroke:#b71c1c,stroke-width:2px + classDef securityProcess fill:#fff3e0,stroke:#e65100,stroke-width:2px + + class A,J,U,V,X,AUTH1,AUTH2,PROF1,PROF2,PROF3 userAction + class PM1,PM5,PM6,SUP1,SUP2,ADM1,ADM2,ADM3 adminAction + class M,N,O,T,PM11,PM12,PM13,PM14,AUTH9,AUTH15,AUTH16 systemProcess + class L,AUTH4,AUTH6,AUTH13,PROF13,SEC4,SEC6 errorState + class SEC1,SEC2,SEC8,SEC12,SEC14,SEC16 securityProcess diff --git a/docs/end_users/user_management_guide.md b/docs/end_users/user_management_guide.md new file mode 100644 index 000000000..fb26c99a7 --- /dev/null +++ b/docs/end_users/user_management_guide.md @@ -0,0 +1,327 @@ +# User Management Flow: End User Guide + +**Target Audience:** Community members using the platform +**Document Type:** User Guide +**Last Updated:** August 25, 2025 + +## Overview + +This guide explains how to manage your account and navigate user-related features from an end user's perspective. Understanding these processes helps you successfully register, maintain your profile, and get support when needed. + +## User Registration Process + +### Registration Methods + +**Public Platforms:** +- Direct registration at `/users/sign_up` +- Create account with email, password, and profile details +- Accept platform agreements (Terms of Service, Privacy Policy, Code of Conduct) + +**Private Platforms (Invitation-Only):** +- Receive invitation email with unique invitation code +- Click invitation link or enter code manually +- Registration form pre-filled with invited email +- Automatic role assignment based on invitation +- Accept platform agreements + +### Registration Steps + +1. **Access Registration** + - Visit the sign-up page + - If invitation-only: Enter invitation code or follow invitation link + +2. **Email and Authentication** + - Provide valid email address (your login username) + - Create secure password (minimum 12 characters) + - Confirm password + +3. **Profile Information** + - **Name:** Your display name (publicly visible) + - **Username/Identifier:** Unique handle for your profile + - **Description:** Optional bio/introduction + +4. **Legal Agreements** + - Review and accept Terms of Service + - Review and accept Privacy Policy + - Review and accept Code of Conduct (if applicable) + +5. **Email Verification** + - Check your email for confirmation link + - Click link to activate your account + - Sign in with your credentials + +### Profile Setup + +After registration, complete your profile: + +- **Contact Information:** Add phone numbers, addresses +- **Privacy Settings:** Control profile visibility +- **Notification Preferences:** Manage email/in-app notifications +- **Community Memberships:** Join relevant communities +- **Profile Image:** Upload avatar (optional) + +## Account Management + +### Accessing Your Profile + +- **Navigation:** Click "My Profile" in user menu +- **Direct URL:** `/people/[your-username]` +- **Edit Profile:** Use "Edit" button (only you can edit your own profile) + +### Profile Components + +**Basic Information:** +- Name and username +- Profile description/bio +- Contact details (visibility controlled by privacy settings) +- Community memberships and roles + +**Privacy Controls:** +- **Public:** Profile visible to all users +- **Private:** Profile only visible to community members +- **Contact Visibility:** Control who sees your contact information + +**Notification Management:** +- Message notifications +- Community activity alerts +- System announcements +- Email delivery preferences + +### Updating Information + +1. Navigate to profile edit page +2. Modify desired information +3. Save changes +4. Changes take effect immediately + +## Authentication & Security + +### Sign In Process + +1. Visit sign-in page: `/users/sign_in` +2. Enter email and password +3. Click "Sign In" +4. Redirected to dashboard or previous page + +### Password Management + +**Changing Password:** +1. Go to account settings +2. Click "Change Password" +3. Enter current password +4. Enter new password (twice) +5. Save changes + +**Forgot Password:** +1. Click "Forgot Password" on sign-in page +2. Enter your email address +3. Check email for reset link +4. Follow link and create new password + +### Account Security + +- **Session Management:** Automatic logout after inactivity +- **Device Security:** Log out from all devices if needed +- **Email Verification:** Required for all new accounts +- **Two-Factor Authentication:** Available in security settings (if enabled) + +## Getting Support + +### Self-Service Resources + +**Help Documentation:** +- User guides and FAQs +- Video tutorials (if available) +- Community forums for peer support + +**Account Issues:** +- Password reset tools +- Email verification resend +- Profile recovery options + +### Contacting Support + +**When to Contact Support:** +- Cannot access your account +- Technical issues with platform +- Questions about features +- Report bugs or problems +- Account security concerns + +**How to Contact Support:** +- **Support Email:** Available in platform footer +- **Contact Form:** Usually found in "Help" or "Support" section +- **In-App Messaging:** Direct message to support team (if available) + +**Information to Include:** +- Your username/email +- Description of the issue +- Steps you've already tried +- Browser/device information +- Screenshots if applicable + +### Support Response + +- **Response Time:** Typically 24-48 hours for non-urgent issues +- **Priority Issues:** Account security and access issues prioritized +- **Follow-up:** Support team may request additional information +- **Resolution:** You'll receive confirmation when issue is resolved + +## Common User Scenarios + +### First-Time Registration + +1. **Receive Invitation** (private platforms) + - Check email for invitation + - Click invitation link + - Note any special roles mentioned + +2. **Complete Registration** + - Fill out registration form + - Accept all required agreements + - Verify email address + +3. **Initial Setup** + - Complete profile information + - Set privacy preferences + - Join relevant communities + - Explore platform features + +### Profile Updates + +1. **Regular Maintenance** + - Update contact information + - Refresh profile description + - Adjust privacy settings + - Review notification preferences + +2. **Community Changes** + - Join new communities + - Update role information + - Manage community-specific settings + +### Account Issues + +1. **Login Problems** + - Verify email/password + - Check for typos + - Use password reset if needed + - Contact support if persistent + +2. **Profile Visibility** + - Check privacy settings + - Verify community memberships + - Ensure profile is complete + - Ask community administrators if needed + +## Privacy and Data Protection + +### Data Collection + +The platform collects: +- Registration information (email, name, username) +- Profile information (description, contact details) +- Usage data (login times, page views, interactions) +- Community participation (posts, comments, memberships) + +### Data Control + +**You Can:** +- View all your personal data +- Update your information anytime +- Delete your account and data +- Control who sees your profile +- Manage email communications + +**Platform Uses Data For:** +- Account authentication and security +- Personalized experience +- Community features and matching +- Analytics and platform improvement +- Communication about platform updates + +### Data Sharing + +- **Within Communities:** Profile information shared with community members +- **Public Information:** Name and username may be publicly visible +- **No Third-Party Sales:** Personal data not sold to external companies +- **Legal Requirements:** Data may be shared if legally required + +## Tips for Success + +### Profile Best Practices + +- **Complete Profile:** Fill out all relevant sections +- **Professional Photo:** Use clear, appropriate profile image +- **Engaging Description:** Write helpful bio that explains your interests +- **Keep Updated:** Regularly review and update information +- **Privacy Awareness:** Understand what information is public vs. private + +### Community Participation + +- **Follow Guidelines:** Read and follow community-specific rules +- **Be Respectful:** Maintain respectful communication +- **Stay Active:** Regular participation improves experience +- **Report Issues:** Use reporting tools for inappropriate content +- **Seek Help:** Ask questions when you need assistance + +### Security Best Practices + +- **Strong Password:** Use unique, complex password +- **Regular Updates:** Keep contact information current +- **Secure Devices:** Log out from public/shared computers +- **Monitor Activity:** Review account activity regularly +- **Report Suspicious:** Contact support for security concerns + +## Troubleshooting Common Issues + +### Cannot Register + +**Problem:** Registration form shows errors +**Solutions:** +- Check email format is valid +- Ensure password meets requirements +- Verify all required fields completed +- Clear browser cache and try again +- Try different browser + +### Email Not Received + +**Problem:** Confirmation email not arriving +**Solutions:** +- Check spam/junk folder +- Wait 10-15 minutes for delivery +- Verify email address is correct +- Request new confirmation email +- Contact support if persistent + +### Profile Not Visible + +**Problem:** Other users cannot see your profile +**Solutions:** +- Check privacy settings +- Verify community membership status +- Ensure profile information is complete +- Confirm account is activated +- Ask community organizer + +### Forgot Username + +**Problem:** Cannot remember username +**Solutions:** +- Check email confirmation messages +- Try variations of your name +- Contact support with email address +- Check profile URL if you bookmarked it + +## Related Documentation + +- [Platform Privacy Policy](privacy_policy.md) +- [Community Guidelines](community_guidelines.md) +- [Safety and Reporting Tools](safety_reporting.md) +- [Messaging and Communication](messaging_guide.md) +- [Community Participation Guide](community_participation.md) + +--- + +*For additional support, contact the platform support team or refer to the comprehensive help documentation.* diff --git a/docs/platform_organizers/user_management.md b/docs/platform_organizers/user_management.md new file mode 100644 index 000000000..955412ffd --- /dev/null +++ b/docs/platform_organizers/user_management.md @@ -0,0 +1,482 @@ +# User Management: Platform Organizer Guide + +**Target Audience:** Platform Organizers and Support Staff +**Document Type:** Administrative Guide +**Last Updated:** August 25, 2025 + +## Overview + +This guide explains user management from the Platform Organizer perspective, including user oversight, invitation management, account support, and administrative tools. Platform Organizers have elevated permissions to manage users across the entire platform. + +## Platform User Management Overview + +### User Lifecycle + +1. **Invitation/Registration** → 2. **Account Verification** → 3. **Profile Completion** → 4. **Community Participation** → 5. **Ongoing Support** + +### Administrative Responsibilities + +- **User Account Oversight:** Monitor user registrations and activations +- **Invitation Management:** Create and manage platform invitations +- **Support Resolution:** Handle user support requests and account issues +- **Security Monitoring:** Monitor for suspicious activity and abuse +- **Data Management:** Handle data requests and account deletions +- **Compliance:** Ensure platform compliance with policies and regulations + +## User Registration Management + +### Registration Modes + +**Public Registration:** +- Users can self-register without invitations +- Open to anyone with valid email +- Subject to platform terms and agreements +- Configurable via Platform Settings → "Requires Invitation" (disabled) + +**Invitation-Only Registration:** +- Platform requires invitation codes for registration +- Controlled access and user vetting +- Default setting for hosted platforms +- Configurable via Platform Settings → "Requires Invitation" (enabled) + +### Managing Registration Settings + +**Access:** Host Dashboard → Platforms → Edit → "Requires Invitation" + +**Public Mode Benefits:** +- Faster community growth +- Lower barrier to entry +- Suitable for open communities +- Self-service registration + +**Invitation-Only Benefits:** +- Controlled user quality +- Reduced spam and abuse +- Curated community building +- Better security control + +## Platform Invitation System + +### Creating Invitations + +**Access:** Host Dashboard → Platforms → [Platform Name] → "New Invitation" + +**Invitation Types:** +- **Platform Invitation:** Standard invitation with platform/community roles +- **Custom Invitations:** Extended functionality (venue-specific, organization-specific) + +**Required Information:** +- **Invitee Email:** Target email address +- **Platform Role:** Role within the platform (optional) +- **Community Role:** Role within the default community (optional) +- **Locale:** Language for invitation email +- **Validity Period:** Start and end dates for invitation +- **Personal Greeting:** Custom message to invitee + +**Role Assignment Options:** +- **Platform Roles:** platform_manager, platform_tech_support, platform_developer, etc. +- **Community Roles:** community_member, community_facilitator, community_governance_council, etc. + +### Managing Existing Invitations + +**Invitation Dashboard:** Host Dashboard → Platforms → [Platform Name] → Invitations List + +**Available Actions:** +- **View Invitation URL:** Copy link to share manually +- **Resend Invitation:** Send new email with same invitation +- **Delete Invitation:** Remove invitation (cannot be undone) + +**Invitation Status Tracking:** +- **Pending:** Invitation sent, waiting for acceptance +- **Accepted:** User registered and invitation processed +- **Expired:** Invitation past validity period +- **Revoked:** Invitation manually canceled + +**Invitation Information Displayed:** +- Invitee email address +- Inviter (who created the invitation) +- Platform and community roles assigned +- Status and acceptance date +- Last sent timestamp +- Validity period + +### Invitation Email Management + +**Email Delivery:** +- Background job processing via Sidekiq +- Automatic retry on delivery failures +- Time zone-aware sending (platform's time zone) +- Localized content based on invitation locale + +**Email Content:** +- Platform branding +- Personal greeting (if provided) +- Role information (if roles assigned) +- Invitation link and code +- Validity period information +- Contact information + +### Bulk Invitation Management + +**Best Practices:** +- Create invitations in batches for easier management +- Use consistent role assignments for user groups +- Set appropriate validity periods (30-90 days recommended) +- Include personal greetings to improve acceptance rates + +**Tracking and Analytics:** +- Monitor invitation acceptance rates +- Track which inviters have highest success rates +- Identify patterns in expired invitations +- Review role assignments for consistency + +## User Account Administration + +### User Directory Access + +**Access:** Host Dashboard → Users + +**User List Features:** +- Email address display +- Account status indicators +- Registration date information +- Platform and community role assignments +- Direct access to user profiles + +**Available Actions per User:** +- **View Profile:** Access full user profile information +- **Edit Account:** Modify user account details (limited) +- **Delete Account:** Remove user and associated data +- **Role Management:** Assign/remove platform and community roles + +### User Account Information + +**Profile Data Access:** +- Personal information (name, username, description) +- Contact details (email, phone numbers, addresses) +- Community memberships and roles +- Account activity and login history +- Content and interaction history + +**Privacy Considerations:** +- Access limited to users with proper permissions +- Audit trail of administrative actions +- Data access logged for compliance +- Respect user privacy settings where possible + +### Account Status Management + +**Account States:** +- **Active:** Normal, fully functional account +- **Pending Confirmation:** Registered but email not verified +- **Suspended:** Temporarily disabled account +- **Deleted:** Account marked for deletion + +**Status Change Authority:** +- Platform Organizers can modify most account states +- Some actions require higher privileges or approval +- Critical actions are logged and auditable +- User notification for status changes + +## User Support and Issue Resolution + +### Common Support Categories + +**Authentication Issues:** +- Password reset requests +- Email verification problems +- Account lockouts +- Login difficulties + +**Profile Management:** +- Information update requests +- Privacy setting confusion +- Username change requests +- Profile visibility issues + +**Community Access:** +- Community joining issues +- Role assignment questions +- Permission-related problems +- Community-specific feature access + +**Technical Problems:** +- Platform functionality issues +- Browser compatibility problems +- Feature malfunction reports +- Performance concerns + +### Support Request Handling + +**Initial Triage:** +1. Categorize the issue type +2. Assess urgency and impact +3. Determine required permissions for resolution +4. Assign to appropriate support staff + +**Investigation Process:** +1. **Gather Information:** + - User account details + - Error messages or screenshots + - Steps to reproduce issue + - Browser/device information + +2. **Account Analysis:** + - Check account status and history + - Review recent activity logs + - Verify role and permission assignments + - Check community memberships + +3. **System Verification:** + - Test functionality with test accounts + - Check system status and health + - Review recent platform changes + - Verify configuration settings + +**Resolution Strategies:** +- **Self-Service:** Guide user to self-resolution tools +- **Administrative Fix:** Resolve issue through admin interface +- **Technical Escalation:** Forward to development team +- **Policy Decision:** Escalate to platform governance + +### Support Tools and Resources + +**Administrative Interfaces:** +- User management dashboard +- Role and permission management +- Community membership tools +- Invitation system controls + +**Diagnostic Tools:** +- User activity logs +- System error logs +- Performance monitoring +- Security event tracking + +**Communication Tools:** +- Direct messaging system +- Email notification system +- Announcement capabilities +- Community bulletin posting + +## Security and Compliance + +### Security Monitoring + +**Account Security:** +- Monitor failed login attempts +- Track unusual account activity +- Detect potential account takeovers +- Review privilege escalation requests + +**Platform Security:** +- Monitor for spam or abuse patterns +- Track content policy violations +- Identify suspicious user behavior +- Coordinate with content moderation + +**Data Protection:** +- Handle data access requests +- Manage account deletion requests +- Ensure data retention compliance +- Coordinate with legal requirements + +### Compliance Management + +**Data Protection Compliance:** +- GDPR/privacy law compliance +- User consent management +- Data retention policies +- Right to deletion processing + +**Platform Policy Enforcement:** +- Terms of Service violations +- Community guideline enforcement +- User conduct standards +- Appeal and review processes + +**Audit and Reporting:** +- Administrative action logging +- User data access tracking +- Security incident documentation +- Compliance reporting requirements + +## Administrative Workflows + +### New User Onboarding + +1. **Invitation Creation** (for private platforms) + - Create invitation with appropriate roles + - Send invitation with personalized message + - Track invitation delivery and acceptance + +2. **Registration Support** + - Monitor for registration issues + - Assist with email verification problems + - Help with initial profile setup + - Provide platform orientation + +3. **Community Integration** + - Ensure proper community membership + - Verify role assignments are correct + - Introduce to community resources + - Follow up on early experience + +### Account Issue Resolution + +1. **Issue Intake** + - Receive support request + - Categorize and prioritize + - Assign to appropriate team member + - Set response time expectations + +2. **Investigation and Diagnosis** + - Gather relevant information + - Reproduce issue if possible + - Analyze account and system state + - Determine root cause + +3. **Resolution Implementation** + - Apply appropriate fix + - Test resolution effectiveness + - Document solution steps + - Notify user of resolution + +4. **Follow-up and Closure** + - Confirm issue is resolved + - Update support documentation + - Close support ticket + - Analyze for pattern prevention + +### User Lifecycle Management + +**Active User Monitoring:** +- Track user engagement levels +- Identify at-risk users +- Provide proactive support +- Recognize valuable contributors + +**Inactive User Management:** +- Identify dormant accounts +- Send re-engagement communications +- Clean up unused accounts +- Manage data retention policies + +**Account Termination:** +- Process account deletion requests +- Handle suspended account procedures +- Manage data export requests +- Ensure compliance with deletion requirements + +## Best Practices + +### Invitation Management + +- **Clear Role Communication:** Explain role assignments in invitation messages +- **Appropriate Validity Periods:** Set reasonable expiration dates (30-90 days) +- **Personal Touch:** Include personalized messages to improve acceptance +- **Follow-up:** Check on invitation acceptance and provide support +- **Documentation:** Keep records of invitation purposes and outcomes + +### User Support Excellence + +- **Rapid Response:** Acknowledge requests quickly (within 24 hours) +- **Clear Communication:** Use non-technical language when appropriate +- **Complete Solutions:** Ensure issues are fully resolved +- **Documentation:** Maintain detailed support history +- **Learning:** Use support patterns to improve platform + +### Security and Privacy + +- **Least Privilege:** Grant minimum necessary access rights +- **Audit Trails:** Maintain logs of all administrative actions +- **Privacy Respect:** Access user data only when necessary +- **Secure Communications:** Use secure channels for sensitive information +- **Regular Reviews:** Periodically review user access and roles + +### Platform Administration + +- **Consistent Policies:** Apply policies fairly and consistently +- **Community Focus:** Balance individual needs with community welfare +- **Proactive Management:** Address issues before they escalate +- **Continuous Improvement:** Regular review and enhancement of processes +- **Stakeholder Collaboration:** Work closely with community organizers + +## Tools and Resources + +### Administrative Dashboards + +**Host Dashboard:** Primary platform management interface +- User management tools +- Invitation system controls +- Platform configuration options +- Analytics and reporting + +**Community Management:** Community-specific tools +- Member management +- Role assignments +- Community settings +- Local moderation tools + +### Monitoring and Analytics + +**User Metrics:** +- Registration and activation rates +- User engagement levels +- Community participation +- Support request patterns + +**Platform Health:** +- System performance monitoring +- Security event tracking +- Feature usage analytics +- Error and issue reporting + +### Documentation and Training + +**Internal Resources:** +- Administrative procedures guide +- User support playbooks +- Security incident response plans +- Compliance checklists + +**User Resources:** +- Platform user guides +- FAQ documentation +- Video tutorials +- Community guidelines + +## Escalation Procedures + +### Technical Issues + +1. **Level 1:** Basic support staff resolution +2. **Level 2:** Platform organizer intervention +3. **Level 3:** Development team escalation +4. **Level 4:** System administrator involvement + +### Policy Issues + +1. **Community Level:** Community organizer review +2. **Platform Level:** Platform organizer decision +3. **Governance Level:** Platform governance review +4. **Legal Level:** Legal counsel involvement + +### Security Incidents + +1. **Initial Response:** Immediate threat mitigation +2. **Investigation:** Detailed incident analysis +3. **Coordination:** Multi-team incident response +4. **Resolution:** Complete incident remediation + +## Related Documentation + +- [Platform Administration Guide](platform_administration.md) +- [Security and Privacy Policies](security_privacy.md) +- [Community Management Tools](community_management.md) +- [User Support Procedures](user_support_procedures.md) +- [Compliance and Legal Guidelines](compliance_legal.md) + +--- + +*This guide is regularly updated to reflect changes in platform capabilities and best practices. For additional questions or clarifications, consult the platform development team or governance council.* From 2d13d7ea20e4104ca6c160fe3d3521cedd8d5d21 Mon Sep 17 00:00:00 2001 From: Robert Smith Date: Tue, 26 Aug 2025 11:20:21 -0230 Subject: [PATCH 3/8] WIP: allow rendering single diagrams --- bin/render_diagrams | 75 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 63 insertions(+), 12 deletions(-) diff --git a/bin/render_diagrams b/bin/render_diagrams index 496ed2541..78748f925 100755 --- a/bin/render_diagrams +++ b/bin/render_diagrams @@ -2,22 +2,27 @@ set -euo pipefail FORCE=${FORCE:-0} +SPECIFIED_FILES=() usage() { cat <&2 - usage >&2 - exit 2 + # Check if it's a file without .mmd extension + if [ -f "docs/diagrams/source/$1.mmd" ]; then + SPECIFIED_FILES+=("$1.mmd") + elif [ -f "docs/diagrams/source/$1" ]; then + SPECIFIED_FILES+=("$1") + else + echo "Error: File not found: $1" >&2 + echo "Looking for: docs/diagrams/source/$1 or docs/diagrams/source/$1.mmd" >&2 + exit 2 + fi ;; esac shift @@ -118,10 +140,39 @@ detect_complexity() { } shopt -s nullglob -files=(docs/diagrams/source/*.mmd) + +# Determine which files to process +if [ ${#SPECIFIED_FILES[@]} -gt 0 ]; then + # Process specified files + files=() + for spec_file in "${SPECIFIED_FILES[@]}"; do + if [[ "$spec_file" == /* ]]; then + # Absolute path provided + full_path="$spec_file" + else + # Relative path, assume it's in docs/diagrams/source/ + full_path="docs/diagrams/source/$spec_file" + fi + + if [ -f "$full_path" ]; then + files+=("$full_path") + else + echo "Error: File not found: $full_path" >&2 + exit 2 + fi + done +else + # Process all .mmd files (original behavior) + files=(docs/diagrams/source/*.mmd) +fi + if [ ${#files[@]} -eq 0 ]; then - echo "No Mermaid files found in docs/diagrams/source/*.mmd" >&2 - echo "Please ensure Mermaid diagram source files are in docs/diagrams/source/" >&2 + if [ ${#SPECIFIED_FILES[@]} -gt 0 ]; then + echo "No valid Mermaid files found from specified arguments" >&2 + else + echo "No Mermaid files found in docs/diagrams/source/*.mmd" >&2 + echo "Please ensure Mermaid diagram source files are in docs/diagrams/source/" >&2 + fi exit 0 fi From b958d5b0b6942a90692123c019dba8fde0c7d948 Mon Sep 17 00:00:00 2001 From: Robert Smith Date: Tue, 26 Aug 2025 14:42:31 -0230 Subject: [PATCH 4/8] Implement settings management with user account update functionality and localization support --- .../better_together/settings_controller.rb | 4 + .../users/registrations_controller.rb | 64 +++++++++ .../better_together/settings/index.html.erb | 124 ++++++++++++++++++ .../devise/registrations/_edit_form.html.erb | 60 +++++++++ app/views/devise/registrations/edit.html.erb | 61 +-------- .../devise/shared/_error_messages.html.erb | 2 +- .../better_together/_flash_messages.html.erb | 1 + .../better_together/_user_nav.html.erb | 6 + config/locales/en.yml | 26 ++++ config/locales/es.yml | 26 ++++ config/locales/fr.yml | 26 ++++ config/routes.rb | 13 +- 12 files changed, 350 insertions(+), 63 deletions(-) create mode 100644 app/controllers/better_together/settings_controller.rb create mode 100644 app/views/better_together/settings/index.html.erb create mode 100644 app/views/devise/registrations/_edit_form.html.erb diff --git a/app/controllers/better_together/settings_controller.rb b/app/controllers/better_together/settings_controller.rb new file mode 100644 index 000000000..bbbe1a6e5 --- /dev/null +++ b/app/controllers/better_together/settings_controller.rb @@ -0,0 +1,4 @@ +module BetterTogether + class SettingsController < ApplicationController + end +end diff --git a/app/controllers/better_together/users/registrations_controller.rb b/app/controllers/better_together/users/registrations_controller.rb index 70600bcdc..076c00b9a 100644 --- a/app/controllers/better_together/users/registrations_controller.rb +++ b/app/controllers/better_together/users/registrations_controller.rb @@ -8,6 +8,57 @@ class RegistrationsController < ::Devise::RegistrationsController skip_before_action :check_platform_privacy before_action :set_required_agreements, only: %i[new create] + before_action :configure_account_update_params, only: [:update] + + # PUT /resource + # We need to use a copy of the resource because we don't want to change + # the current user in place. + def update + self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) + prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) + + resource_updated = update_resource(resource, account_update_params) + yield resource if block_given? + if resource_updated + set_flash_message_for_update(resource, prev_unconfirmed_email) + bypass_sign_in resource, scope: resource_name if sign_in_after_change_password? + + respond_to do |format| + format.html { respond_with resource, location: after_update_path_for(resource) } + format.turbo_stream do + flash.now[:notice] = I18n.t('devise.registrations.updated') + render turbo_stream: [ + turbo_stream.replace( + 'flash_messages', + partial: 'layouts/better_together/flash_messages', + locals: { flash: } + ), + turbo_stream.replace( + 'account-settings', + partial: 'devise/registrations/edit_form' + ) + ] + end + end + else + clean_up_passwords resource + set_minimum_password_length + + respond_to do |format| + format.html { respond_with resource, location: after_update_path_for(resource) } + format.turbo_stream do + render turbo_stream: [ + turbo_stream.replace('form_errors', partial: 'layouts/better_together/errors', + locals: { object: resource }), + turbo_stream.replace( + 'account-settings', + partial: 'devise/registrations/edit_form' + ) + ] + end + end + end + end def new super do |user| @@ -62,6 +113,15 @@ def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize protected + def account_update_params + devise_parameter_sanitizer.sanitize(:account_update) + end + + def configure_account_update_params + devise_parameter_sanitizer.permit(:account_update, + keys: %i[email password password_confirmation current_password]) + end + def set_required_agreements @privacy_policy_agreement = BetterTogether::Agreement.find_by(identifier: 'privacy_policy') @terms_of_service_agreement = BetterTogether::Agreement.find_by(identifier: 'terms_of_service') @@ -84,6 +144,10 @@ def after_inactive_sign_up_path_for(resource) super end + def after_update_path_for(resource) + better_together.edit_user_registration_path + end + def person_params params.require(:user).require(:person_attributes).permit(%i[identifier name description]) end diff --git a/app/views/better_together/settings/index.html.erb b/app/views/better_together/settings/index.html.erb new file mode 100644 index 000000000..6cb31febb --- /dev/null +++ b/app/views/better_together/settings/index.html.erb @@ -0,0 +1,124 @@ + +<% content_for :page_title, t('.title') %> + +
+
+
+
+

+ + <%= t('.title') %> +

+
+
+
+ +
+ +
+ +
+ + +
+ + + + + + + + + + + +
+
+
\ No newline at end of file diff --git a/app/views/devise/registrations/_edit_form.html.erb b/app/views/devise/registrations/_edit_form.html.erb new file mode 100644 index 000000000..4a7c9ce67 --- /dev/null +++ b/app/views/devise/registrations/_edit_form.html.erb @@ -0,0 +1,60 @@ +<%= turbo_frame_tag "account-settings" do %> +
+
+
+ <%= form_for(resource, as: resource_name, url: registration_path(resource_name, format: :turbo_stream), html: { method: :put, class: 'needs-validation', novalidate: true, data: { turbo_frame: "account-settings", controller: "better_together--form-validation" } }) do |f| %> + <%= render "devise/shared/error_messages", resource: resource %> +
+ +
+ <%= f.label :email, class: 'form-label' %> + <%= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control' %> +
+ + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> +
+ <%= t('devise.registrations.edit.currently_waiting_confirmation_for_email', email: resource.unconfirmed_email) %> +
+ <% end %> + + +
+ <%= f.label :password, class: 'form-label' %> + (<%= t('devise.registrations.edit.leave_blank_if_you_don_t_want_to_change_it') %>) + <%= f.password_field :password, autocomplete: "new-password", class: 'form-control' %> + <% if @minimum_password_length %> + + <%= t('devise.shared.minimum_password_length', count: @minimum_password_length) %> + + <% end %> +
+ + +
+ <%= f.label :password_confirmation, class: 'form-label' %> + <%= f.password_field :password_confirmation, autocomplete: "new-password", class: 'form-control' %> +
+ + +
+ <%= required_label f, :current_password, class: 'form-label' %> + (<%= t('devise.registrations.edit.we_need_your_current_password_to_confirm_your_changes') %>) + <%= f.password_field :current_password, autocomplete: "current-password", class: 'form-control', required: true %> +
+ + +
+ <%= f.submit t('devise.registrations.edit.update'), class: 'btn btn-primary' %> +
+ <% end %> + + <% if params[:cancel] %> +

<%= t('devise.registrations.edit.cancel_my_account') %>

+
+ <%= t('devise.registrations.edit.unhappy') %> <%= button_to t('devise.registrations.edit.cancel_my_account'), registration_path(resource_name), data: { confirm: t('devise.registrations.edit.are_you_sure'), turbo_confirm: t('devise.registrations.edit.are_you_sure') }, method: :delete, class: 'btn btn-danger' %> +
+ <% end %> +
+
+
+<% end %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 8d5e0a145..5f93db08d 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -2,63 +2,4 @@ <%= t('.title', resource: devise_i18n_fix_model_name_case(resource.model_name.human, i18n_key: 'registrations.edit.title')) %> <% end %> -
-
-
-

<%= t('.title', resource: devise_i18n_fix_model_name_case(resource.model_name.human, i18n_key: 'registrations.edit.title')) %>

- - <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: 'needs-validation', novalidate: true }) do |f| %> - <%= render "devise/shared/error_messages", resource: resource %> - - -
- <%= f.label :email, class: 'form-label' %> - <%= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control' %> -
- - <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> -
- <%= t('.currently_waiting_confirmation_for_email', email: resource.unconfirmed_email) %> -
- <% end %> - - -
- <%= f.label :password, class: 'form-label' %> - (<%= t('.leave_blank_if_you_don_t_want_to_change_it') %>) - <%= f.password_field :password, autocomplete: "new-password", class: 'form-control' %> - <% if @minimum_password_length %> - - <%= t('devise.shared.minimum_password_length', count: @minimum_password_length) %> - - <% end %> -
- - -
- <%= f.label :password_confirmation, class: 'form-label' %> - <%= f.password_field :password_confirmation, autocomplete: "new-password", class: 'form-control' %> -
- - -
- <%= f.label :current_password, class: 'form-label' %> - (<%= t('.we_need_your_current_password_to_confirm_your_changes') %>) - <%= f.password_field :current_password, autocomplete: "current-password", class: 'form-control' %> -
- - -
- <%= f.submit t('.update'), class: 'btn btn-primary' %> -
- <% end %> - -

<%= t('.cancel_my_account') %>

-
- <%= t('.unhappy') %> <%= button_to t('.cancel_my_account'), registration_path(resource_name), data: { confirm: t('.are_you_sure'), turbo_confirm: t('.are_you_sure') }, method: :delete, class: 'btn btn-danger' %> -
- - <%= link_to t('devise.shared.links.back'), :back, class: 'btn btn-secondary' %> -
-
-
+<%= render 'edit_form' %> diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index 0e5adf560..0a00d2a93 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -1,5 +1,5 @@ <% if resource.errors.any? %> -
+