Collecting thoughts for a recruitment and/or security module.
Initial thoughts:
Ability to have a list of corps, alliances, mail keywords to redflag
Those items cause an SecurityEvent to be created
Security Auditors and/or recruiters can view the SecurityEvents and mark them as OK, Flag for Follow up, or Rejected (or some such phrasing) along with notes as to what was found
The list of things to check should be flexible
Requires precaching a lot of data so API calls need to be made more intelligent as to not fetch more data then necessary
The use case is somewhat different then current seat usage, for example currently all contacts as removed from that char and rebuilt on each run, for a security tool there may be a desire for historical contacts to be kept as well.
Some thoughts on how it would work in my, non programmer, opinion
Potential Recruits View
A public facing page for recruits to put their API into. (use this perhaps:https://github.com/eve-seat/seat-recruitment, but needs some work as a slightly different scenario, i.e. vcode doesn't have to be 64chars long, and flexibility in required mask)
Included in the form is also a third box where they can state anything they wish to, i.e. short bit of text like "Spoke to Nutbolt, he told me to apply. I also love industry because spreadsheets are fun!"
This provides a status page so they can see the status of their application (Pending/Processing/Accepted/Declined). They can reach the status page by either a generated permalink which expires 7 days after the application reaches the Accepted or Declined status, or by inputting the same API info again (permalink idea is better as people get confused enough with API keys, but security issues? Or generate really random permalink? I mean anyone can see the state of my online shopping order if they guess the right link...)
Backend View
Potential recruit puts in API to form, the key gets added to the database in a potential recruit group.
If Accepted the API key gets assigned to the user when they first sign up for SeAT (confirm its their character by using EVE SSO during sign up process?)
If declined the key gets deleted from the database after 7 days (gives some leeway in case someone changes their mind)
Admins can set the required API mask for the recruitment form, and also an optional bit of text to display above the recruitment form (allowing different installs of SeAT to customise what their recruitment page says)
Recruitment Officers View
There is a sidebar dropdown menu item which contains two pages (or 2 tabs on one page): Outstanding Applications & Processed Applications
Processed Applications would display a grid/table containing the character name, any alts, their application text, application status (accepted/declined), recruitment officers note, and time application was completed
Outstanding Applications would also display a grid/table containing any outstanding applications with similar information, but ordered by and displaying the time the application was submitted.
An officer can then click on a row, or click on a Process button, which takes them to a page displaying all the API info for the character. At the top of this page with tabs (below the actual header of course) is a static header type bar which contains the application text the recruit wrote, and a text box for the officer to put their notes in. Then also a dropdown box to set the status of the application. (So theres a header which contains that info which is always there, then multiple tabs below to switch between the different information about the character, like you get on the char view page already)
As for information shown, this would be I guess everything you can from the API and then auto flag up certain things as discussed by @freedenizen above. I personally really like the way this program does it, including how they check things, such as given a potential AWOXer warning. Might provide some ideas...
Collecting thoughts for a recruitment and/or security module. Initial thoughts: