-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invited User: Force new user to choose to accept terms and conditions #1238
Comments
@kasugaijin I'll work on this one since I've got it fresh on my mind from the meeting 🙂 |
@mononoken thanks Ken! |
One small consideration we need to make is in the org create service we actually mark the tos_agreement on that user we create as true. So we might want to remove that so they actually have to go through this flow as well. |
Good thinking |
Acceptance Criteria
|
Looks good! Adopters cannot sign up without checking the TOS box on the sign up form, so they 'should' be acounted for. For invited users, I like the idea of asking to accept ToS when they reset their password. It's a more efficient approach than the ApplicationController solution above, providing they cannot access the app manually changing the URL (I don't think they can as they should not be authenticated at this point) and the user context should be set using the URL token from Devise, so we can check their tos_agreement if necessary. The only exception to handle is the user we create when we create an Org. We create a password and send them an email asking them to change it, but don't enforce this like we do for the invitees. One option is that we refactor how we do this in the |
SuperAdmin have the ability to invite staff and fosterers to the application. These invite flows create a new User. We have a boolean on user
tos_agreement
that we use to track if the user accepts, or not, the terms and conditions and privacy policy. This value isnil
when a user is invited.We want to make sure that invited users (staff, fosterers) have to check true for these when they first log into the application.
I think the simplest approach is to add a filter on
ApplicationController
- we check the user'stos_agreement
and if it isnil
, orfalse
we boot them to a page that asks them to agree to the T&C etc., and only when they do this, can they access other routes.You will also need to create a new controller to show this new page, and accept the submission of the response (to update the
tos_agreement
attribute).The text was updated successfully, but these errors were encountered: