Rethink AppMember invitation flow
Current Situation
- Adding new app members from within apps uses the
user.create
action, which requiresAccountManager
permissions and createsUser
records. - Adding a new app member from the app, who can also create app members, is not currently working.
Requirements
- The flow should resemble the organization invite flow, with an email with a one time link in it. Following the link, a new
AppMember
should be created with a password set by the invited person. NoUser
record should be created in this flow. - It should be possible to select the role for the new
AppMember
when inviting them. If the role is sufficient, they should also be able to invite new app members.
Preconditions
- App has the following roles:
- Manager (default)
- Employee
- App has
enableSelfRegistration: false
What the different flows are
Flow 1
- App developer sends an organization invite email
- The invited person clicks on the invitation link
- They get redirected to the studio on
/organization-invite?key=<key>
If they are logged in in the studio
- The
User
record of the authenticated user gets added to the organization with the invite role
If they are not logged in in the studio
- They get a link to the login page
- They log in or create an account
- They get redirected back to
/organization-invite?key=<key>
- The
User
record of the authenticated user gets added to the organization with the invite role
Flow 2
- App developer creates an organization
- App developer publishes an app
- An
AppMember
record is created for the app developer with the default app role
Flow 3
- App member with a sufficient role invites someone to the app
- The invited person clicks on the invitation link
- The invited person gets redirected to a page in the app where they can set their password
- An
AppMember
record is created with their chosen password, and the email and role, chosen by the inviter
What needs to be done to accomplish this
-
Create a new model AppInvite
-
Send /app-invite?key=<key>
emails -
Add an appMember.invite
action -
Create a new page in apps called AppMemberActivation, which is always there, similar to Login and Register -
Allow app members to log in in apps without having a User
record linked to them -
Extend app security definition with a property of the role definition, that allows inviting new app members
Ref #388 (closed)
Edited by Vasil Velikov