On 11/24/2013 01:41 PM, Daniel Berteaud wrote: >> email you sent and put the link in the signature like you said? > > Using DL for Thunderbird would have pro and con. Main problem I see: > it would restrict this feature to TB users
Yes, that's indeed a limitation. >> When creating the grant, I can automatically assign the identity in some >> other field, so you can track from whom the file was sent. I can also >> tag the grant differently, such as "automatically created" so that it >> doesn't clutter the grant list and/or has different/shorter expiration >> settings. > > This add another problem: how to handle muli-recipient emails ? This is also another limitation. First-come-first-serve? ;) You also don't want to sent these links to mailing lists. > What about this workflow: > > - DL generate a uniq, fixed URL per internal user > - When an unauthenticated user goes on this URL, he's asked for an > email and a captcha (no upload form yet) I didn't get this correctly when I read "email verification" in your first message. It makes a lot of sense. I don't think you need a captcha at all, since a valid email is required to take further action, and all you could do automatically is send you (and only you) some files, which is next to useless (I could just as well send you an email directly). > The delete page could also show a box "Check this to ban this email > address" so users could blacklist email addresses Indeed, some extra controls would be required, but not so many: - First, enable/disable "grant page" on a per-user basis (I need a good name for this page). - Some form of black-list, like you say, to control abusers. Implementing this page would actually be not that hard, since all I need to do is a page to generate a grant on behalf of a fixed user, and proceed normally. The black list would require another table in the db, which is easy, but the user interface is a bit more painful. As for the "grant page", I think you can get away with a simple user-name tree: dl.example.com/[something]/user After all, this is a fixed URL. Once the URL is send via e-mail to somebody, it's "officially" public.