Potentially add optional password to orders #9

New issue

Open

opened 2024-04-19 02:58:18 +02:00 by Theresa · 0 comments

Theresa commented

2024-04-19 02:58:18 +02:00

Owner

Note: This feature is in response to a participant of the current game night survey wanting people to be inable to edit orders other than their own. We also talked with P. about it.

We could add an optional password to orders.
When one is given, it needs to be entered to be able to edit that order. Otherwise everyone can edit that order without the password.
We would need to add the ability for admins to edit any order through the admin pages.
The password should not be editable afte the order has been placed.

The upsides:

People who do not want others to be able to edit their order can protect it
People who have common names can use this feature to eliminate the risk of others with the same name accidentally editing their order (we often have multiple Simons or Pauls)
Keeping it optional would mean, that no one is forced to use the feature. This would mostly preserve their current experience

The downsides:

Although the basic functionality is not too complicated, it still takes time to implement. The admin functionality might take especially long
While the feature can be ignored, another input field makes the order page more complicated for users

Concrete proposal:

a plaintext password is attached to each order
if none is provided by the user, the password is an empty string
upon opening an edit page, if the corresponding order has a password with length >=1, the user is prompted to enter it.
- if the password is wrong, the user is redirected to the list
- if the password is correct, the user is allowed to edit the order
since we have no admin accounts, the admin panel should have a button to get to a page with a special list, where the edit buttons open pages which do not need the password (maybe add an optional parameter to the edit page)

Note: This feature is in response to a participant of the current game night survey wanting people to be inable to edit orders other than their own. We also talked with P. about it. We could add an optional password to orders. When one is given, it needs to be entered to be able to edit that order. Otherwise everyone can edit that order without the password. We would need to add the ability for admins to edit any order through the admin pages. The password should not be editable afte the order has been placed. The upsides: * People who do not want others to be able to edit their order can protect it * People who have common names can use this feature to eliminate the risk of others with the same name accidentally editing their order (we often have multiple Simons or Pauls) * Keeping it optional would mean, that no one is forced to use the feature. This would mostly preserve their current experience The downsides: * Although the basic functionality is not too complicated, it still takes time to implement. The admin functionality might take especially long * While the feature can be ignored, another input field makes the order page more complicated for users Concrete proposal: * a plaintext password is attached to each order * if none is provided by the user, the password is an empty string * upon opening an edit page, if the corresponding order has a password with length >=1, the user is prompted to enter it. * if the password is wrong, the user is redirected to the list * if the password is correct, the user is allowed to edit the order * since we have no admin accounts, the admin panel should have a button to get to a page with a special list, where the edit buttons open pages which do not need the password (maybe add an optional parameter to the edit page)