Open NilsG-S opened 7 years ago
There are a couple of issues here:
mentees
data. One solution would be restricting write permissions on that category to coordinators. Another would be allowing mentors to create events for any student and not worry about restricting them to specific mentees.I think it would be confusing for students to be able to see events that aren't for them. Couldn't this be solved client-side? Events could all have a list of groups they're visible to (e.g. 'all', 'mentees of x', etc) and irrelevant events could be filtered out on the client. Even if a bad actor were to tinker around to reveal other events mentors could easily ensure only their students got the confirmation code for the event.
@NilsG-S what causes you to think that the mentor will have write permission over the mentee?
@StephanieKeck you're right, server-side can handle all of that.
@asclines Sorry, I meant mentees
as in the data associated with the mentor
object, like their first name, last name, and email.
@StephanieKeck Perhaps I phrased that badly. I didn't mean that mentors should be able to create events that can be seen by anyone (coordinator events), but rather that we wouldn't try to restrict them to creating mentor events for specific students. The possibility that I mentioned would have them being able to create mentor events for any student, and trusting that they wouldn't create them for anyone but their mentees.
@NilsG-S I don't think that will be a problem. We can structure the database in a way to prevent that. I'll be making another issue soon for structuring Activity & Events in the database
Update: The issue has been created and is #29
@asclines Sounds good!
As of the latest discussions with Patty, we did want to include mentors as a user role.
Mentor Data:
Mentor Abilities: