search

google-code-export / sandy-disaster-recovery

Automatically exported from code.google.com/p/sandy-disaster-recovery
2 stars 2 forks source link

Limited Access to Work Order and Client Information #145

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Currently, all organizations have access to all client data.
This needs to change.  There should be three levels of access:
* Full Access: Access to all client personal data, all work order data, and 
geolocation data.
* Limited Access: Access to all work order data, all client personal 
information EXCEPT that all numbers related to contact information is redacted 
(e.g. "123 Main St. Apt. A5" becomes "XXX Main St. Apt. AX", and "(987) 
654-3210" becomes "(XXX) XXX-XXXX". Only Blurred geolocation data is available, 
instead of the actual physical location.
* Public Access: A public map showing basic work order data (e.g. the icon 
illustrating the work order type), and only blurred geolocation data.

An organization has the access to the following types of information:

* Unclaimed Work Orders: Full Access.
* Claimed Work Orders: Full Access.
* Work Orders Claimed by another Organization: Limited Access.
* Work Orders Claimed by an Affiliate, Sister, Parent, or Child organization: 
Full Access. (See Issue 141)

Members of the Public have Public Access to work orders on the map.

Requires completion of organizational relationships outlined in Issue 141.

Original issue reported on code.google.com by v...@aarontitus.net on 14 Jan 2013 at 12:54

GoogleCodeExporter commented 9 years ago 
* Work Orders Reported by the Organization: Full Access.
* Work Orders accessible during the Duplicate Merge process: Full Access.
* Search Function: The search function should search against the entire 
address/ phone number, rather than the redacted version.  So the address "123 
Main Street" should appear in the search field, even though "XXX Main Street" 
appears everywhere else. The goal is to try to prevent fraud by mass-exporting 
all client data, not prevent a volunteer from searching for the client data 
(especially if they call in and ask for help, but are already in the system).

Original comment by v...@aarontitus.net on 14 Jan 2013 at 1:04

GoogleCodeExporter commented 9 years ago 
Issue 89 must be completed prior to this issue- parent/child and affiliate 
relationships.

Original comment by v...@aarontitus.net on 22 Feb 2013 at 1:41