CUNY Academic Commons

The only way I could reproduce was by interpreting your third step - "logged in" - as "clicked the "Log In toolbar button at the upper-right". After logging in via this interface, you're redirected back to the URL where you initiated the login, which in this case had the URL params ?status=forbidden&doc_url=.... So the error message appears again.

My first question is: Why did the Commons think you were logged out? Were you clicking a link in a browser tab after the browser'd been idle for a long time, so that you lost your login session? Or perhaps you had multiple tabs; had viewed https://commons.gc.cuny.edu/groups/cac-community-team-project-planning/ while logged in in one tab; logged out in a different tab; then tried clicking a link in the first tab? This seems like a scenario that's hard to reproduce, since you shouldn't see the link if you're not logged in.

Second question: What behavior do we want? Currently, if you try to access a private file URL, you're redirected to the group's home page with the error message in question. This behavior dates back to #646 and #563. Users who are dropped onto the group home page in this fashion must then perform some additional action to get the document: they have to click the 'Log In' link in the red message, or the 'Log In' toolbar button like Matt did, and then they have to navigate to the document. This feels clunky to me. At the same time, simply serving up the document immediately after login also feels weird, because you'd still be looking at the logged-out view while your browser prompts you to download the file. Here's a proposal for a redesigned flow:

a. As a non-logged-in user, visit the file URL
b. Redirect to wp-login.php, with a generic 'You must log in to access the page you requested' message. (a and b together better match what happen when you try to access other kinds of private group content, like Docs and Forums). See screenshot 'wp-login.php message'.
c. On successful login, redirect to the group's Files page. On that files page, show a success message with a download link. See 'success message' mockup. This way, the user can either click the link to download, or if they don't notice the link, they can browse through the file list to find it.
d. Optionally, after the Files list is loaded in c, we can trigger the file download via JS. IMO this could potentially be jarring, but happy to hear what others think.

This is just a proposal, based on making the flow clearer and more consistent with other parts of the Commons. If others have better ideas, I'm all ears.

Ray, could you please take this one on? It looks like we might need a slightly better understanding of the way users are redirected when they're logged in and when they try to access files from private groups of which they aren't a member. Then we'll need to change the way the redirection happens in each relevant case. (Note that groups no longer have a Files tab; we'd be redirecting to Library.)

(Note that groups no longer have a Files tab; we'd be redirecting to Library.)

Boone, I tried to add the success message by adding a template notice as in https://redmine.gc.cuny.edu/attachments/13070/Screenshot_2019-11-25_13-41-42.png. However, on the Library tab, the Vue app wipes out any HTML markup after the library is loaded.

Here's a quick GIF: https://redmine.gc.cuny.edu/attachments/15930/library-wipeout.gif.

You will see the template notice very briefly before the Library wipes it out. Since you wrote the Library Vue app, do you have any pointers? Or should I inject the template notice via JS instead?

In commit 844e617, I've added some code to address how a private group document is downloaded and accessed.

This is what the commit does:

• If not logged in and a user is accessing a private group doc, the user is redirected to the WP login page. After login, the user will get redirected to the group's Library page with a message to download.
• If logged in and a user is accessing a private group doc without group membership, the user is redirected to the group homepage with a notice
• If logged in and a user is accessing a hidden group doc without group membership, the user is redirected to the group directory with a notice.

cac-group-library requires the 'template_notices' hook so the notice can be shown. I've added a PR here, but feel free to use another approach.

What you have offered in this PR is about 10x simpler than what I was going to suggest :-D I've merged it and pinned to CAC in https://github.com/cuny-academic-commons/cac/commit/be0bff4a8f76b0d6424440781a8b1e487414a9f1.

I've tested the redirect fixes and they look good, with the exception of a small syntax error in the template notice markup, which I fixed here https://github.com/cuny-academic-commons/cac/commit/ca81bb9798e898874fb03648ac038f1e52edb769

Let's call this one good. Thank you for your quick work on it!

The Vue app still needs to be updated so the message from 'template_notices' hook isn't wiped out as in https://redmine.gc.cuny.edu/attachments/15930/library-wipeout.gif.

Need your Vue expertise here!

Thanks for the details, Ray!

Here's my solution: https://github.com/cuny-academic-commons/cac-group-library/commit/885a176c4511a0caf51fbd69eccfd326d4345e89 In short, when the Vue app is mounted, we check to see whether BP has left any template notices in the DOM (id="message"). If so, we get the content of the message, and add it to cac-group-library's own successMessage UI. There's a brief flash of differently-styled content, but I think it's minor. See gif.

Note that I had to make a change to the way that successMessage is populated so that HTML is not escaped. In other words, we are now trusting that the content of the 'message' div is already sanitized.