Implement User Usage Conditions in HaikuDepot
|Reported by:||apl-haiku||Owned by:||stippi|
|Keywords:||UUC conditions HDS||Cc:|
|Has a Patch:||no||Platform:||All|
Description (last modified by )
The backend now supports the concept of a document called "user usage conditions" (UUC). The UUCs are versioned so a user may agree with an older UUC which is out of date because there is a newer UUC in place. Each UUC version is identified by a code such as
UUC2019V01. It is possible that legacy users have not yet agreed to any UUC. The *latest* UUC document is available at https://depot.haiku-os.org/__user/usageconditions/latest/document.html. A specific version of the UUC can be obtained by replacing the
latest with the code of the specific UUC. The UUC maybe obtained from a URL of the similar form with the ".html" extension swapped for ".md" if Markdown is required instead of HTML.
When the user signs up, the logic should first obtain the latest UUC. This can be obtained using the JSON-RPC API
UserApi#getUserUsageConditions which provides the latest UUC code as well as the minimum age that user should be to sign up. The user GUI should ask that the user confirms they are as old or older than the minimum age and that they agree to the latest UUC. The latest UUC should be able to be displayed in a window. The user should only be able to proceed with creating a new user when they have agreed to the UUC and confirmed that they meet the minimum age requirement.
Viewing User's Current UUC
The user should be able to view the UUC that they agreed to. It is possible to use the JSON-RPC API
UserApi#getUser to find out what UUC was agreed to and then to use the URL above to obtain the Markdown data and render it in a window.
The UUC may be updated from time to time. If the user has not agreed to the latest UUC then they will not be allowed to perform many operations such as reading and writing some data; this is currently *NOT* enforced because this ticket is not completed. If the user has agreed to an older UUC then it is possible that the HaikuDepot desktop application is able to find this out by using the JSON-RPC API
UserApi#getUser which is able to indicate if the UUC that the user agreed to is the latest.
If it is not the latest then the user should be prompted to agree to the latest UUC. In this case the user should be presented with a GUI to confirm they meet or exceed the minimum age and agree to the latest UUC wording. They can store this confirmation into the HDS backend using the JSON-RPC API
This check could be done (a) when HaikuDepot starts and (b) when a user authenticates/logs-in via HaikuDepot.
Later, HaikuDepot will raise an authorisation error when the user attempts to perform some action without the authenticated user having agreed to the latest UUC. The semantics around this will need to be confirmed because it has not been finalised and then the HaikuDepot should catch this situation and inform the user correctly that this is the case. The user should be offered the opportunity to agree to the latest age restriction and UUC wording at this time.
Display of UUC
See ticket #15337