Allow users to opt-in for automatic subscription to shares
Description
Evaluate different approaches to implement the feature of automatically subscribing external users to a share.
On share form any user can invite watchers:
We will send email invite to users.
We create account if email is not in DB.
We need to track all invites.
Email with link that render share and automatically subscribes to ticket.
We track if user accepted invitation.
We only send 1 invite to email.
If there is no subscribe_auto record - we send invitation email.
We create subscribe_auto record with NO_DECISION.
If there is subscribe_auto record with NO_DECISION / REJECT - we do not send invitation email.
we do not send more invitations via email from atlassian_host.
We do not create more subscribe_invitation for that user.
This will ensure our service wont be used as spam tool.
If Jira instance has more than 50 un-accepted invitations in last 30 days, we do not send more invitations via email.
User can see on dashboard new tab with invitations. Accepted, rejected, without-decision.
subscribe_invitation |
||
---|---|---|
id |
bigint |
|
host_id |
int |
|
share_id |
bigint |
|
invited_user_id |
bigint |
user to whom we send invite |
sender_user_id |
bigint |
user who did send invite |
atlassian_sender_user_id |
||
status |
enum {ACCEPTED, NO_DECISION} |
by default NO_DECISION |
create_date |
date-time |
|
action_date |
date-time |
date when ACCEPT |
subscribe_auto |
||
---|---|---|
id |
bigint |
|
host_id |
int |
|
invited_user_id |
bigint |
user to whom we send invite |
status |
enum {ACCEPTED, NO_DECISION, REJECTED} |
by default NO_DECISION |
create_date |
date-time |
If user rejects all watch invitation - he can get another invitations notifications.
We base our spam protection based on NO_DECISION.
What happens during the invite action:
-
New record inserted to subscribe_auto (if no record)
by default NO_DECISION -
New record inserted to subscribe_invitation,
status NO_DECISION - if subscribe_auto is NO_DECISION or REJECTED
status ACCEPTED - if subscribe_auto is ACCEPTED
Example invite email
Subject: You are invited to subscribe to {SHARE_NAME}
Hello,
You can subscribe to {SHARE_NAME} by clicking:https://jira.external-share.com/subscribe/{id-hash}
Thanks,
Externals Share for Jira Team
Link:https://jira.external-share.com/subscribe/{id}/{hash}
{id} - invitation id
{hash} - hash(invitation id + share.secret_key)
Action - the link is clicked, then:
we change the status in subscribe_auto to ACCEPTED
status in subscribe_invitation to ACCEPTED.
If the user has an unconfirmed account (i.e. registration status is initial or pending),
then we redirect to the registration completion page https://jira.external-share.com/activate.html?code={code}
.
If user has confirmed account, redirect to share /issue/{share-uuid}
Dashboard - 2 new tabs/tables.
1. Subscribe invitations
Share name |
Invited by |
Invited from |
---|---|---|
Example Roadmap |
John |
example.atlassian.net |
Example Roadmap 2 |
Emilli |
example2.atlassian.net |
In case Invited by is atlassian_sender_user_id then:
we retrieve the name asynchronously.
In the table we insert <div atlassian-acconut-id='12345'>12345</div>.
In html header:
<meta name="atlassian-acconut-id-fetch" content="{signed-url-to-fetch-all-account-ids}">
signed-url-to-fetch-all-account-ids
= /atlassian-user/{jwt}
jwt
→ payload - list of atlassian-acconut-id - signed. Example - status change on share ticket.
2. Subscribe permissions -
A list of hosts from which we allow an external user to be added to the subscription automatically (without confirmation). With the ability to undo this.
Jira name |
Status |
Action |
---|---|---|
example.atlassian.net |
Allowed |
<Block> |
example2.atlassian.net |
Blocked |
<Allow> |
If user is logged to account A and gets invite for account B, we should show error page with message like: “Subscription invitation is for another account”. Subscription invite should not be accepted.
Additional notes:
-
Pagination should be done on Subscribe invitations and Subscribe permissions tabs.
-
In Subscribe invitations and Subscribe permissions tables status should look like a status in subscriptions tab.
-
Invitation date should be added to Subscribe invitations table.