search

WildAid / o-fish-realm

Realm application code and sample data for the Officer's Fishery Information Sharing Hub (O-FISH). The mobile app allows fisheries officers to document and share critical information gathered during a routine vessel inspection. The web app allows agencies to gain insights from the aggregated information.
Apache License 2.0
23 stars 9 forks source link

Schema - partner agencies should be able to access an agency's data #86

Open am-MongoDB opened 4 years ago

am-MongoDB commented 4 years ago

Use the partnerAgencies attribute in an Agency document to indicate which other agencies this agency grants permission to read their boarding reports.

An Agency document should be able to contain an array of sub-documents containing a partner agency name and (optionally) a start and/or end date.

These attributes should be checked by the rule that controls whether a user can read a BoardingReports document.

am-MongoDB commented 4 years ago

@Sheeri Need to understand the functionality behind this - e.g., can all members of the partner agency see all attributes of all of the agency's reports

Sheeri commented 4 years ago

Yes, a partner org would see a partner's boarding report information as if it was their own. They cannot modify users or user groups in the partner agency.

Sheeri commented 3 years ago

The way this works is - once a global administrator verifies that data sharing is allowed (there are contracts that need to be signed and filed), that global administrator can go into the sharing org's profile and mark that it will share data with another agency.

Note that the MVP for this is just sharing the whole boarding record. The design and video show a more granular functionality. The schema change should be designed with an eye to adding that in later on. (though I think partnerAgencies as an array of subdocuments with agency_name and sharing dates will work, we can add more to the array of subdocuments later).

The design also shows segmentation by date, which should also be in the MVP. Once the data is shared, it cannot be un-shared - it can be stopped, but the partner agency should still be able to see the other data.

The partnerAgencies and date fields cover what the global administrator does in this video: (again, ignore the more granular field-level permissions, that's for later): https://www.awesomescreenshot.com/video/1094782?key=c14f27874b3cf532f09d806b1bf664df

The feature depends on only sharing the data with anyone in the agency administrator role by default. If the Agency Administrators want the field officers to see the data, they have to set that, as per this video: https://www.awesomescreenshot.com/video/1094843?key=46506494ff04643e33277fe1090816b9

Again, for this MVP, we are only going for the whole record itself, not any particular fields. I don't know if the feature that a field officer can only see their own records is something that dovetails nicely with this schema change, so if it does not, it's OK to consider this closed even if that's not done.

In an ideal world, this would apply to what is seen on the mobile app too, but I believe that's not currently possible as we partition on agency. It's OK that it's not in the mobile app for the MVP of this issue.

o-fish-wildaid commented 3 years ago

WildAid - Realm. Add start and end dates for partner agencies