Open mvl22 opened 8 years ago
+1 from GMCC
I've not used CiviCRM, could someone explain what is required here? Would it be that Rails would poll a CiviCRM server somewhere and be given the current membership list, it looks like there is a REST API https://wiki.civicrm.org/confluence/display/CRMDOC/Using+the+API#UsingtheAPI-REST? Or is it that someone would download the membership list and upload a file?
I propose we implement #50 first, as I think that will be more useful for more groups and provide a basis for implementing this issue.
Would it be that Rails would poll a CiviCRM server somewhere and be given the current membership list
Yes, but only store them as hashes, to avoid various data protection issues. Essentially it would be an automated replacement (via the REST API as you say) of the manual copy-and-paste stage outlined (as step 1) in #50, but the rest of the logic is the same.
I've been working my way though https://github.com/cyclestreets/cyclescape/milestone/8 and #50 isn't on it, should I add it?
should I add it?
Done, yes - sorry, it should have been there.
To take this forward, we would want an active partner to work with us on this and test it. Any takers?
I would be willing to help in principle, but I foresee problems with LCC top brass in getting access to our membership email list.
Up until very recently we have managed communication with members of the Camden sub-section (aka Camden Cycling Campaign) ourselves using Mailchimp and other tools. But following all the fuss about the introduction of GDPR we have been handed an ordinance from Ashok Sinha that we may no longer store or use list of members emails or other details and must use LCC's CiviCRM server, for which we have no details as yet.
A way forward might be for Cyclestreets provide a CiviCRM hashing tool that will process a list of emails to produce the required list of hashes.
Our we could perhaps test with a list of fictitious emails.
Cheers, George
On 29 Apr 2018, at 14:24, Martin notifications@github.com wrote:
To take this forward, we would want an active partner to work with us on this and test it. Any takers?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cyclestreets/cyclescape/issues/455#issuecomment-385251309, or mute the thread https://github.com/notifications/unsubscribe-auth/AAeKRP3rKOl1UcIuv9nKSdvP8Zg__RpSks5ttb8RgaJpZM4GjYWT.
A way forward might be for Cyclestreets provide a CiviCRM hashing tool that will process a list of emails to produce the required list of hashes.
Yes, see above and #50 re hashing.
As was always planned, we definitely don't want to be storing e-mails speculatively - only the minimum purposes of (a) having a confirmed account and (b) e-mailing thread discussions if they have switched that on, are the uses.
Yes, I understand your intention to handle email hashes only. But on what system will the list of hashes be produced? For LCC I think they would require that it be done on their CiviCRM system.
On 30 Apr 2018, at 11:45, Martin notifications@github.com wrote:
A way forward might be for Cyclestreets provide a CiviCRM hashing tool that will process a list of emails to produce the required list of hashes.
Yes, see above and #50 https://github.com/cyclestreets/cyclescape/issues/50 re hashing.
We definitely don't want to be storing e-mails speculatively - only the minimum purposes of (a) having an account and (b) e-mailing thread discussions if they have switched that on, are the uses.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cyclestreets/cyclescape/issues/455#issuecomment-385364568, or mute the thread https://github.com/notifications/unsubscribe-auth/AAeKRHz1kglil9yAOietcRfrqDwWy2Fgks5ttutXgaJpZM4GjYWT.
At the moment we are storing the SHA256 hexdigest version of the users' email address so: "my@example.com" would be stored as "ccb016fba1fd129ff9c8f58d51d140f41a4496b64f602b67ff84132d12f37279"
but I think really if you want to be confident we could upgrade the use bcrypt. Then I could make an API endpoint where you could push bcrpyt'ed versions of members' email addresses. Cyclescape could then return an ID which LCC could store so if the person ceased to be a LCC member you could then send a DELETE call using that ID back to Cyclescape. Even with all this I assume you would want the person to additionally consent to this, something like:
"We can work with Cyclescape to link your account to LCC without sharing your email with them, do you consent to this?"
in which case we might as well ask them to just share the email and skip the whole thing!
Really I think it makes most sense if Cyclescape is able to use CiviCRM to be an OAuth2 provider and users to authenticate using them. On the sign-up page we could have a drop down with: "are you in any of these cycle groups?" and try OAuth2 with them if they are, like we have with Google and Twitter. I'm basing this on the assumption that CiviCRM has OAuth2 provider capabilities.
Add support in the membership system for CiviCRM API integration to streamline the signup process for people already in groups.
See also #50.
CiviCRM API format: https://github.com/civicrm/civicrm-core/tree/4.5/api/v3/examples