Open sebastiangaertner opened 2 years ago
@sebastiangaertner Would the login account be enough? Or are multiple people going to be using one login? In that case we wouldn't be able to verify it but we could require the person initiating the process to add their name in a field when they submit. This would be good to discuss next meeting.
The login account is fine. We record capture verification transactions in the audit
table, but don't yet make records available to Admin Panel users.
This may be a job for treetracker-api
, or even a new audit API.
Admins also need to be able to filter captures by who approved/rejected them.
(After conversation with @sebastiangaertner) I have found that it is very inefficient (read "unusable"!) to query the trees
table with a join to info in the JSON structure in the audit
table. E.g., find all trees with a species determinations made by login person X that have been subsequently changed by login person Y. The nested SELECT on the audit table data takes forever.
So... as the logging methods for the admin panel are upgraded, my hope/need is that logging info (login, timestamp, tree.id, species.id, approve, tag...) be in fields in a standard table in the DB. Not in a JSON structure, and not in an external system.
Oh, I was considering this when I design the auth system with keycloak, the thing is the verifying action will be a API on the server side, so we can use Keycloak dashboard to find out who did what on the whole system, including login, action against resources, and so on, there are some document: https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/events.html
Please also consider writing some elements into a main DB table.
Please see this PR in the tt-decisions
repo; a PR review would be appreciated. This PR concerns species determination decisions, but tags and verifications could be written to the same table (called det
in the PR).
We need a log system to identify who approved or rejected a tree.