gathio icon indicating copy to clipboard operation
gathio copied to clipboard
verified publisher icon lowercasename

user can bypass capacity if using Mastodon bridge

Open alifeee opened this issue 1 year ago • 9 comments

if you create an event with a maximum capacity of 4, you cannot click "Add Me". This makes sense.

if you follow the event on https://mastodon.social/, and reply to this poll…

Image

…you are added to the list of event attendees even if the event is at capacity

this does not seem intended.

thank you all for this great software :]

alifeee avatar Feb 07 '25 15:02 alifeee

the code to send this message is here

https://github.com/lowercasename/gathio/blob/2d7507a4fde247ea3e67c2d49df157abd60d6599/src/activitypub.js#L731-L798

the code to add the user to the event is here

https://github.com/lowercasename/gathio/blob/2d7507a4fde247ea3e67c2d49df157abd60d6599/src/activitypub.js#L900-L984

the latter should be modified to reject the user if the event is full

alifeee avatar Feb 10 '25 14:02 alifeee

this line should have a conditional statement

https://github.com/lowercasename/gathio/blob/2d7507a4fde247ea3e67c2d49df157abd60d6599/src/activitypub.js#L924

alifeee avatar Feb 10 '25 14:02 alifeee

Thank you for the detective work! Your fix should work, I'm just worried about the UX - if I click 'yes, please add me', and then the request silently fails because the event is at capacity, I may come away confused/assume I've been added when I haven't been. I think the instance should at that point send another Mastodon message saying "Unfortunately we couldn't add you to the event because it's at capacity."

lowercasename avatar Feb 11 '25 22:02 lowercasename

From a UX standpoint, wouldn't it be best to not give people the option to add themselves in the first place if the event is at capacity?

dev-nicolaos avatar Feb 12 '25 01:02 dev-nicolaos

The issue is the following flow:

  • I follow an event via Mastodon
  • I get a 'will you attend?' poll
  • I wait a day, during which time more people sign up for the event. The event is now at capacity.
  • I finally click 'yes' on the poll.

We could try deleting the poll message once the event is at capacity, but deleting AP messages is imperfect, and what if the event once again goes below capacity? Do we send another poll?

lowercasename avatar Feb 12 '25 09:02 lowercasename

this is what I think too - it seems simplest to me to send the poll regardless, and the same as you'd reply…

"Thanks for RSVPing! ..."

…you instead reply something like…

"Sorry! The event is now full. Check the numbers on [link] and subscribe to updates on [link]" (perhaps the 2nd is not possible but you get the gist)

alifeee avatar Feb 12 '25 10:02 alifeee

there is also this TypeScript code that looks to do the same thing

https://github.com/lowercasename/gathio/blob/2328376182e3dea74c10eaeaa7f14841030342a0/src/lib/activitypub.ts#L165-L184

and in-fact, I believe is what sends the message. The JS is old code

alifeee avatar Feb 12 '25 16:02 alifeee

I had a hack at this but using Mastodon takes quite a while for each test. Got to a point where I created a branching path if the event was full, but no message was sent. Perhaps a badly formed request.

alifeee avatar Feb 18 '25 15:02 alifeee

hm... perhaps I could have a hack at creating a Cypress test...

alifeee avatar Feb 18 '25 15:02 alifeee