Group invite model
Closes #4 (closed)
- Adds a Group User Invite model to store invite info (just meta data off of GroupUser)
- Add to group user api view a is invite pending field
- Always add user to a group without waiting for acceptance - just note it's pending. We need this due to end to end crypto.
- Adds some test that don't use the python passit sdk. This makes them much easier to use and check the permissions well. I want to do this more going forward. They just won't be able to do any real crypto stuff - since all the ciphertext is fake.
Pending questions:
Should we even allow a client to view the group key ciphertext before accepting? I could imagine a possible attack vector sending random users json data via group invites. However we need to watch for this in groups where people accept the invite anyway - so it might just be smoke hiding this from the api.
This will require significant sdk and frontend changes to support showing this.
Edited by David Burke