CoreWiki icon indicating copy to clipboard operation
CoreWiki copied to clipboard

Published 20 hours ago verified publisher icon csharpfritz

[Discussion] Direction Notifications/Extensibility

Open erwindevreugd opened this issue 6 years ago • 2 comments

Bringing together idea's raised by:

@nmalocic in #218

i wanna force that all users on wiki use company email, or enforce some special password policy.

@ashleybroughton in #223

IDEA: Make [NotificationService] an extensibility module, we should only be creating a comment here (single responsibility principle)

Issue

The CoreWiki Notifications and CoreWiki Extensibility have an overlap in functionality or are moving in a direction where they will likely provide identical features.

CoreWiki Notifications currently implements:

  • Sending email address verification emails.
  • Sending forgot password emails.
  • Sending new comment notification emails.

CoreWiki Extensibility (Depending on which data we provide to external modules) could provide:

  • Sending email address verification emails.
  • Sending forgot password emails.
  • Sending new comment/article/recent articles notification emails.

Considerations

  • Currently there is no ability to disable CoreWiki Notifications sending of new notification emails. In which case if somebody adds a module that also sends notifications for the same events users will get multiple emails.
  • We would need to provide additional data to the extension modules. This could have implications with regards to security or regulations.
    • We control what data is provided to 3rd party modules, idealy a site owner has control over which modules are installed, but we have no control over what 3rd party modules will do with the data they are given. Emails and passwords could be sent off to external sites.
    • Is sharing a users' email address or other personal data with 3rd party modules allowed under GDPR.

Suggestions

  • CoreWiki Nofications will handle sending of core/required functionality notifications (Change password, email address verifications, login attempt notifications etc.)
    • Or, we also let these notifications be handled by a default extension module. In which case we could provide extension modules with a default implementation of an email sender.
    • We can also provide limited data access to extension modules.
  • Notifications about CoreWiki content (new article, new comment etc.) will be handled by default extension modules which can than be replaced by administrators if they so want.

erwindevreugd avatar Jul 25 '18 05:07 erwindevreugd

So you're right on the money separating out core notifications. In fact, you've isolated a great way of deciding what to put into Ex modules. If the app cannot do without it (password reset, forgot password, etc) then it should be core. If it can do without it or if you predict a tenant may prefer not to have that feature (new article email notification), then it should be part of the extensibility model. Even if said module is "shipped" with the app, it should have the option of not being installed.

miguelcastro67 avatar Jul 25 '18 19:07 miguelcastro67

I think that sharing personal info to 3rd parties is not forbidden by GDPR but you need to clearly say what information is used, where and how. So as far as extensions go, i think it would be harder to check what it is doing, and updating our register page.

Good example

I posted my 500th article and owner of the wiki wanna send me gift, so he will share my info to shipping company or something

Bad example

Every time i read or post something is shared to Cambrage Analitycs ( or what ever is the name of the compay)

nmalocic avatar Jul 25 '18 20:07 nmalocic