Skip to content

Add Terms of Service Acceptance Concept #6632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 37 commits into from
Dec 19, 2022
Merged

Add Terms of Service Acceptance Concept #6632

merged 37 commits into from
Dec 19, 2022

Conversation

fm3
Copy link
Member

@fm3 fm3 commented Nov 10, 2022
edited
Loading

New config keys webKnossos.termsOfService.{enabled, version, content}, new routes
GET /termsOfService, POST termsOfService/accept, GET /termsOfService/acceptanceNeeded

The idea is that after login, the frontend checks acceptanceNeeded and shows a popup asking for new TOS acceptance. If the user is orga owner, they cann call accept and that’s it, if they are not, they are told please contact your orga owner.

Note that if termsOfService is not explicitly enabled in the config, acceptanceNeeded should always return false.

Note that when migrating an existing instance, every orga should get one organization owner.

TODO Frontend

  • adapt types (user json now contains isOrganizationOwner)
  • use routes, show modals, as described above

URL of deployed dev instance (used for testing):

Steps to test:

  • set termsOfService.enabled to true in application.conf
  • ensure that you are logged in
  • open some page on wk
  • a modal should appear and prompt you to accept the ToS
  • log in as a second user (which is not an admin)
  • a modal should appear and ask you to contact the orga admin
  • snoozing
    • the default deadline is currently in 2023, so the modals should be closable
    • reload the page --> the modals shouldn't re-appear
    • wait more than 20 seconds --> the modals should appear again
  • with exceeded deadline:
    • change the deadline in application conf to a past date (e.g., 2021)
    • check that the modals cannot be closed without hitting accept
    • after acceptance, the modals shouldn't appear again
  • bump the ToS version in the application.conf
    • the modals should appear again

Issues:

(Please delete unneeded items, merge only when none are left open)

  • Ready for review

@fm3 fm3 self-assigned this Nov 10, 2022
@philippotto
Copy link
Member

philippotto commented Nov 25, 2022
edited
Loading

I finished the basic functionality. Looks like this:

image
image

@fm3 When I tested this, I stumbled a bit, since I had to set the tos version to 1 (since the lastTOSAcceptanceVersion defaults to 0). maybe it could default to -1? or one checks the last TOS acceptance time against zero..

@philippotto philippotto self-assigned this Nov 25, 2022
daniel-wer
daniel-wer reviewed Nov 29, 2022
View reviewed changes
Copy link
Member

@daniel-wer daniel-wer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Frontend LGTM 👍

I think the backend still needs a review?

I'm a little bit worried that this might be fairly disruptive. In case the organization owner is not immediately available, all members need to wait for the ToS acceptance. I think a more user friendly pattern would be to prompt the organization owner for acceptance a couple of weeks before (repeatedly), noting the deadline and that work of the members will be disrupted if the ToS are not accepted by then. I know that this would be more work to implement, but I wanted to note it. Have you thought about or discussed this?

@fm3
Copy link
Member Author

fm3 commented Nov 29, 2022

I'm a little bit worried that this might be fairly disruptive. In case the organization owner is not immediately available, all members need to wait for the ToS acceptance. I think a more user friendly pattern would be to prompt the organization owner for acceptance a couple of weeks before (repeatedly), noting the deadline and that work of the members will be disrupted if the ToS are not accepted by then. I know that this would be more work to implement, but I wanted to note it. Have you thought about or discussed this?

Would forward this to @normanrz – I think apart from the implementation effort, there may be legal things to consider?

@fm3 fm3 changed the title [WIP] Add Terms of Service Acceptance Concept Add Terms of Service Acceptance Concept Nov 29, 2022
@fm3 fm3 marked this pull request as ready for review November 29, 2022 11:03
@fm3 fm3 requested a review from jstriebel November 29, 2022 11:03
@philippotto
Copy link
Member

I'm a little bit worried that this might be fairly disruptive. In case the organization owner is not immediately available, all members need to wait for the ToS acceptance. I think a more user friendly pattern would be to prompt the organization owner for acceptance a couple of weeks before (repeatedly), noting the deadline and that work of the members will be disrupted if the ToS are not accepted by then. I know that this would be more work to implement, but I wanted to note it. Have you thought about or discussed this?

Would forward this to @normanrz – I think apart from the implementation effort, there may be legal things to consider?

@normanrz and I briefly discussed this and agreed that we should try to find a simple solution to mitigate the described problem. One idea would be the following:

The application.conf gets another ToS parameter which would be a deadlineTimestamp that contains the (ideally, a human-readable?) date on which the new ToS have to be agreed upon. When requesting the ToS state, the result could be {needsAcceptance: boolean, deadlineTimestamp: timestamp}. If the deadline is not reached yet, the modals would be closable.

What do you think about this @fm3 ?

@fm3
Copy link
Member Author

fm3 commented Dec 6, 2022

@philippotto I added the two new fields acceptanceDeadline (number) and acceptanceDeadlinePassed Boolean, using current server time, to the /termsOfService/acceptanceNeeded route.

Note that we should set enabled to false again in the config before merging this PR

jstriebel
jstriebel reviewed Dec 6, 2022
View reviewed changes
Copy link
Contributor

@jstriebel jstriebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice stuff, backend mostly LGTM 👍 Only left some minor comments:

@fm3 fm3 requested a review from jstriebel December 6, 2022 14:57
jstriebel
jstriebel reviewed Dec 6, 2022
View reviewed changes
Copy link
Contributor

@jstriebel jstriebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backend is fine from my side, didn't do any testing though. Leaving the approval for the frontend reviewer.

philippotto
philippotto reviewed Dec 9, 2022
View reviewed changes
conf/application.conf Outdated
@@ -74,6 +74,13 @@ webKnossos {

Please add the information of the operator to comply with GDPR.
"""
termsOfService {
enabled = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set to false before merging

@philippotto
Copy link
Member

philippotto commented Dec 9, 2022
edited
Loading

@daniel-wer The front-end part is ready for a second review. I integrated a snooze functionality so that the ToS acceptance can be snoozed if the deadline hasn't passed yet. The modals will re-appear on the next page load if a specific duration has passed in the meantime (currently, 20 seconds for testing; probably will change to 3 days).

daniel-wer
daniel-wer approved these changes Dec 12, 2022
View reviewed changes
Copy link
Member

@daniel-wer daniel-wer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if the remaining ToDos are taken care of. Thank you for making it easy to test on the dev instance 🙏

  • The ToS shouldn't include the hamburger menu or website footer. Not sure whether that's something for this PR or needs to be changed in the ToS weblium page.

@philippotto
Copy link
Member

[ ] The ToS shouldn't include the hamburger menu or website footer. Not sure whether that's something for this PR or needs to be changed in the ToS weblium page.

I'd assume, it would be the easiest to change this on weblium. @normanrz Is this possible? Currently, it looks like this:

image

@normanrz
Copy link
Member

I'd assume, it would be the easiest to change this on weblium. @normanrz Is this possible?

Yeah. I'll check that.

philippotto
philippotto reviewed Dec 19, 2022
View reviewed changes
@philippotto philippotto merged commit 99ba7bc into master Dec 19, 2022
@philippotto philippotto deleted the tos branch December 19, 2022 10:18
hotzenklotz added a commit that referenced this pull request Dec 20, 2022
@hotzenklotz
Merge branch 'master' of github.com:scalableminds/webknossos into pri…
b3f37d2 
…cing

* 'master' of github.com:scalableminds/webknossos:
  Automatically open (and close) quick select settings when labeling in… (#6706)
  Add Terms of Service Acceptance Concept (#6632)
  Fix crash in publication page and add error boundaries (#6700)
  temporarily disable vx related polling (#6702)
  add protected and private modifiers to DAO hierarchy (#6698)
@philippotto philippotto mentioned this pull request Dec 21, 2022
Merged
1 task
@philippotto philippotto mentioned this pull request Mar 20, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philippotto philippotto philippotto left review comments

@jstriebel jstriebel jstriebel left review comments

@daniel-wer daniel-wer daniel-wer approved these changes

Assignees

@fm3 fm3

@philippotto philippotto

Labels
backend new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add owner for organizations and ToS acceptance
5 participants
@fm3 @philippotto @normanrz @daniel-wer @jstriebel