Private Consortia

[rssk]

Implement Private Consortia Feature

Overview

Add support for private consortia that are only visible to the owner (leader), members, and admins. Private consortia should be hidden from users who are not part of the consortium. Only the leader can modify the privacy setting of a consortium.

Requirements

1. Database Schema Changes

• Add isPrivate: Boolean field to the Consortium model schema
  • Default value: false (existing consortia remain public)
  • Location: centralApi/src/database/models/Consortium.ts
  • Update Consortium interface to include isPrivate: boolean

2. GraphQL Schema Updates

• Add isPrivate: Boolean! field to ConsortiumListItem type
  • Location: centralApi/src/graphql/typeDefs.graphql
• Add isPrivate: Boolean! field to ConsortiumDetails type
  • Location: centralApi/src/graphql/typeDefs.graphql
• Update consortiumCreate mutation to accept optional isPrivate: Boolean parameter
  • Default to false if not provided
• Update consortiumEdit mutation to accept optional isPrivate: Boolean parameter

3. Backend Resolver Changes

getConsortiumList Query

• Filter consortia based on privacy and user access:
  • If isPrivate === false: Include in results (public consortia visible to all)
  • If isPrivate === true: Only include if:
    • Current user is the leader (consortium.leader.toString() === context.userId), OR
    • Current user is in the members array (consortium.members.includes(context.userId)), OR
    • Current user has admin role (context.roles?.includes('admin'))
• Include isPrivate field in the returned ConsortiumListItem objects
• Location: centralApi/src/graphql/resolvers.ts (line ~40)

getConsortiumDetails Query

• Add access control check:
  • If isPrivate === false: Allow access (public consortium)
  • If isPrivate === true: Only allow if:
    • Current user is the leader, OR
    • Current user is in the members array, OR
    • Current user has admin role (context.roles?.includes('admin'))
  • If access denied, throw error: "Access denied: This consortium is private"
• Include isPrivate field in the returned ConsortiumDetails object
• Location: centralApi/src/graphql/resolvers.ts (line ~68)

consortiumCreate Mutation

• Accept optional isPrivate: Boolean parameter
• Set isPrivate field when creating new consortium
• Default to false if not provided
• Location: centralApi/src/graphql/resolvers.ts (line ~750)

consortiumEdit Mutation

• Accept optional isPrivate: Boolean parameter
• Update isPrivate field if provided
• Only allow leader to modify privacy setting - verify consortium.leader.toString() === context.userId before allowing isPrivate field changes
• When a consortium is made private, existing members retain access (no action needed)
• Location: centralApi/src/graphql/resolvers.ts (line ~899)

4. Frontend Updates

GraphQL Query Updates

• Update GET_CONSORTIUM_LIST_QUERY to include isPrivate field
  • Location: desktopApp/reactApp/src/apis/centralApi/getConsortiumList.tsx
• Update GET_CONSORTIUM_DETAILS query to include isPrivate field
  • Location: desktopApp/reactApp/src/apis/centralApi/getConsortiumDetails.tsx

UI Components

• Update consortium creation form to include privacy toggle/checkbox
• Update consortium edit form to include privacy toggle/checkbox (only visible/editable by leader)
• Note: No UI indicators (e.g., lock icons) needed in list view per requirements

5. Type Generation

• Regenerate GraphQL types after schema changes
  • Run codegen to update generated types in:
    • centralApi/src/graphql/generated/graphql.ts
    • desktopApp/reactApp/src/apis/centralApi/generated/graphql.ts

6. Testing Considerations

• Test that public consortia (isPrivate: false) are visible to all users
• Test that private consortia (isPrivate: true) are only visible to leader, members, and admins
• Test that non-members cannot access private consortium details
• Test consortium creation with isPrivate: true and isPrivate: false
• Test consortium edit to toggle privacy setting
• Test that existing consortia (without isPrivate field) default to public behavior
• Test edge cases:
  • User leaves private consortium (should no longer see it)
  • User is removed from private consortium (should no longer see it)
  • Leader changes privacy setting (only leader can modify)
  • Admin can access private consortia even if not a member
  • When consortium is made private, existing members retain access

Implementation Notes

Access Control Logic

The access check should verify:

const hasAccess = 
  !consortium.isPrivate || 
  consortium.leader.toString() === context.userId || 
  consortium.members.some(member => member.toString() === context.userId) ||
  context.roles?.includes('admin')

Privacy Setting Modification:

• Only the leader can change the isPrivate field
• When a consortium is made private, existing members automatically retain access

Migration Considerations

• Existing consortia without isPrivate field should default to false (public)
• Consider adding a migration script if needed, or rely on Mongoose defaults

Security

• Ensure context.userId is always available and validated
• Return appropriate error messages for unauthorized access attempts
• Consider logging access attempts to private consortia for security auditing

Acceptance Criteria

• Private consortia are only visible to owner, members, and admins
• Public consortia remain visible to all users
• Backend properly filters consortia based on privacy flag and user access
• Only leader can modify privacy setting
• When a consortium is made private, existing members retain access
• Users can create consortia with privacy settings
• Leader can edit privacy setting in consortium edit form
• All existing functionality continues to work for public consortia
• No breaking changes to existing API contracts (backward compatible)

Related Files

• centralApi/src/database/models/Consortium.ts
• centralApi/src/graphql/typeDefs.graphql
• centralApi/src/graphql/resolvers.ts
• centralApi/src/graphql/generated/graphql.ts
• desktopApp/reactApp/src/apis/centralApi/getConsortiumList.tsx
• desktopApp/reactApp/src/apis/centralApi/getConsortiumDetails.tsx
• desktopApp/reactApp/src/apis/centralApi/generated/graphql.ts

[rssk]

Heres my proposal for how invites work

Static Web Form for Consortia Invite Links

Overview

Create a standalone static web page that allows users to join consortia via invite links without requiring the desktop app. The form should display invite information, provide embedded login/signup functionality, automatically join users to the consortium after authentication, and include a link to download the app.

Requirements

1. Project Setup

• Create new static site project (e.g., invite-site/ directory or separate repo)
• Set up build/deployment pipeline
• Configure hosting at https://neuroflame.org/invite/{token} or similar domain
• Ensure GraphQL API endpoint is accessible from browser (CORS configured)

2. Public Invite Info Query

• Implement getInviteInfo GraphQL query call
  • Extract inviteToken from URL parameter
  • Query: getInviteInfo(inviteToken: String!)
  • Returns: consortiumName, leaderName, isValid, isExpired
• Display invite message: "{leaderName} invites you to join {consortiumName} on NeuroFLAME"
• Handle loading state while fetching invite info
• Show error if token is expired or invalid

3. Embedded Login Form

• Create login form component
  • Username input field
  • Password input field
  • "Log In" button
• Implement login mutation call
  • Mutation: login(username: String!, password: String!)
  • Store accessToken in localStorage or sessionStorage
  • Handle authentication errors (invalid credentials)
• Show loading state during login
• Display error messages for failed login attempts

4. Embedded Signup Form

• Create signup form component
  • Username input field
  • Password input field
  • "Sign Up" button
• Implement userCreate mutation call
  • Mutation: userCreate(username: String!, password: String!)
  • Returns LoginOutput with access token
  • Store accessToken in localStorage or sessionStorage
• Auto-login after successful signup
• Show loading state during signup
• Display error messages for failed signup (e.g., username already exists)

5. Auto-Join Functionality

• After successful login/signup:
  • Extract inviteToken from URL
  • Call consortiumJoin mutation with inviteToken
  • Mutation: consortiumJoin(inviteToken: String!)
• Handle join success:
  • Show success message: "You've been added to {consortiumName}!"
  • Display next steps (download app, etc.)
• Handle join errors:
  • Already a member: "You're already a member of this consortium."
  • Expired token: "This invite link has expired. Please contact {leaderName} for a new invite."
  • Invalid token: "Invalid invite link."
• Show loading state during join process

6. App Download Link

• Add prominent download link section
• Link to latest release/download page
  • Could be GitHub releases, app store, or dedicated download page
• Text: "Download NeuroFLAME to get started" or similar
• Display link after successful join or as persistent element

7. Error Handling

• Expired token:
  • Message: "This invite link has expired. Please contact {leaderName} for a new invite."
  • Disable login/signup forms
• Invalid token:
  • Message: "Invalid invite link."
  • Disable login/signup forms
• Already a member:
  • Message: "You're already a member of this consortium."
  • Show download link
• Network errors:
  • Display user-friendly error messages
  • Provide retry option

8. UI/UX Requirements

• Clean, simple, professional design
• Mobile-responsive layout
• Clear visual hierarchy
• Prominent call-to-action buttons
• Loading states for all async operations
• Smooth transitions between states
• Accessible (keyboard navigation, screen reader support)
• Branding consistent with NeuroFLAME

9. Technical Implementation

• Choose framework/stack (vanilla HTML/JS, React, Vue, etc.)
• Set up GraphQL client (Apollo Client, urql, or fetch)
• Configure API endpoint URL
• Handle token storage (localStorage/sessionStorage)
• Implement routing for invite token parameter
• Set up build process (if using framework)
• Configure deployment (Netlify, Vercel, GitHub Pages, etc.)

10. Testing

• Test invite info display with valid token
• Test invite info display with expired token
• Test invite info display with invalid token
• Test login flow: valid credentials → auto-join
• Test login flow: invalid credentials → error message
• Test signup flow: new user → auto-login → auto-join
• Test signup flow: existing username → error message
• Test auto-join after successful auth
• Test error handling for already-a-member case
• Test mobile responsiveness
• Test on different browsers (Chrome, Firefox, Safari, Edge)
• Test accessibility (keyboard navigation, screen readers)

User Flow

1. User clicks invite link → https://neuroflame.org/invite/{token}
2. Page loads → fetches invite info via getInviteInfo query
3. Displays: "{LeaderName} invites you to join {ConsortiumName} on NeuroFLAME"
4. User sees login/signup forms
5. User signs up or logs in
6. After successful auth → automatically calls consortiumJoin with token
7. Success message: "You've been added to {ConsortiumName}!"
8. Download link displayed: "Download NeuroFLAME to get started"

Technical Notes

GraphQL Queries/Mutations Needed

# Query (public, no auth required)
query GetInviteInfo($inviteToken: String!) {
  getInviteInfo(inviteToken: $inviteToken) {
    consortiumName
    leaderName
    isValid
    isExpired
  }
}

# Mutations (require auth after login/signup)
mutation Login($username: String!, $password: String!) {
  login(username: $username, password: $password) {
    accessToken
    userId
    username
  }
}

mutation UserCreate($username: String!, $password: String!) {
  userCreate(username: $username, password: $password) {
    accessToken
    userId
    username
  }
}

mutation ConsortiumJoin($inviteToken: String!) {
  consortiumJoin(inviteToken: $inviteToken)
}

Token Storage

• Store accessToken from login/signup responses
• Use for authenticated GraphQL requests
• Can use localStorage or sessionStorage
• Include in GraphQL request headers: x-access-token: {accessToken}

Acceptance Criteria

• Static web form is accessible without desktop app
• Invite info displays correctly: "{leader} invites you to join {consortium} on NeuroFLAME"
• Login form works and stores access token
• Signup form works and auto-logs in user
• After auth, user is automatically added to consortium
• Success message displays after successful join
• App download link is present and functional
• Error handling works for expired/invalid tokens
• Error handling works for already-member case
• Mobile-responsive design
• Works across major browsers
• Zero-friction onboarding: leader emails link → users join without app

Related Backend Requirements

• getInviteInfo query must be implemented (public, no auth)
• consortiumJoin mutation must support inviteToken parameter
• GraphQL API must have CORS configured for static site domain