Opened 5 months ago

Last modified 3 months ago

#15209 new enhancement

Implement User Usage Conditions in HaikuDepot

Reported by: apl-haiku Owned by: stippi
Priority: normal Milestone: Unscheduled
Component: Applications/HaikuDepot Version: R1/Development
Keywords: UUC conditions HDS Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description (last modified by apl-haiku)

About UUCs

The backend now supports the concept of a document called "user usage conditions" (UUC). The UUCs are versioned so a user may agree with an older UUC which is out of date because there is a newer UUC in place. Each UUC version is identified by a code such as UUC2019V01. It is possible that legacy users have not yet agreed to any UUC. The *latest* UUC document is available at https://depot.haiku-os.org/__user/usageconditions/latest/document.html. A specific version of the UUC can be obtained by replacing the latest with the code of the specific UUC. The UUC maybe obtained from a URL of the similar form with the ".html" extension swapped for ".md" if Markdown is required instead of HTML.

Signup Requirements

When the user signs up, the logic should first obtain the latest UUC. This can be obtained using the JSON-RPC API UserApi#getUserUsageConditions which provides the latest UUC code as well as the minimum age that user should be to sign up. The user GUI should ask that the user confirms they are as old or older than the minimum age and that they agree to the latest UUC. The latest UUC should be able to be displayed in a window. The user should only be able to proceed with creating a new user when they have agreed to the UUC and confirmed that they meet the minimum age requirement.

Viewing User's Current UUC

The user should be able to view the UUC that they agreed to. It is possible to use the JSON-RPC API UserApi#getUser to find out what UUC was agreed to and then to use the URL above to obtain the Markdown data and render it in a window.

Updated UUC

The UUC may be updated from time to time. If the user has not agreed to the latest UUC then they will not be allowed to perform many operations such as reading and writing some data; this is currently *NOT* enforced because this ticket is not completed. If the user has agreed to an older UUC then it is possible that the HaikuDepot desktop application is able to find this out by using the JSON-RPC API UserApi#getUser which is able to indicate if the UUC that the user agreed to is the latest.

If it is not the latest then the user should be prompted to agree to the latest UUC. In this case the user should be presented with a GUI to confirm they meet or exceed the minimum age and agree to the latest UUC wording. They can store this confirmation into the HDS backend using the JSON-RPC API UserApi#agreeUserUsageConditions.

This check could be done (a) when HaikuDepot starts and (b) when a user authenticates/logs-in via HaikuDepot.

Failure

Later, HaikuDepot will raise an authorisation error when the user attempts to perform some action without the authenticated user having agreed to the latest UUC. The semantics around this will need to be confirmed because it has not been finalised and then the HaikuDepot should catch this situation and inform the user correctly that this is the case. The user should be offered the opportunity to agree to the latest age restriction and UUC wording at this time.

Display of UUC

See ticket #15337

Change History (3)

comment:1 by stippi, 5 months ago

Thanks for the detailled write up, Andrew! I am busy myself, but having such a clear description of what needs to be done is very helpful and motivating.

comment:2 by waddlesplash, 4 months ago

Most of this was done in hrev53447.

comment:3 by apl-haiku, 3 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.