covidwatchorg / portal Goto Github PK
View Code? Open in Web Editor NEWCovid Watch Portal web app for diagnosis verification
License: Apache License 2.0
Covid Watch Portal web app for diagnosis verification
License: Apache License 2.0
According to figma v2 flow, non-admins capabilities and restrictions:
The Covid Watch App can get a list of organizations the user may select from. See #3 for some security requirements on the API.
Org admins can set a logo for the organization on the settings screen. Logo shows up on the organization login screen
This would include reporting back data both from the Exposure Notification Dashboard and the Post Exposure Notification survey.
Need to figure out design and infrastructure to implement. Will require data storage, comms between End User apps and backend, etc.
Don't need UI for reporting in v3- this is tracked with a separate Github issue.
Covid Watch needs to be able to pull data out, but can require manual DB pull in v3.
I expect we can use this same infrastructure/design for the results of Post Exposure End User surveys
Needs security/privacy review.
If a user is an organization admin, they should have navigation that lets them choose between the permission validation screen, the user management screen, and the organization settings screen. Non-organization admins should only see the permission validation screen and my settings screen (should not be able to change roles here).
Can page through by 100 users.
Can enter the beginning of a name and see a shorter list of users. Can clear the filter.
A login route with the organization's slug in it, show's the organization's name, logo, and allows login only through the organization's approved login methods, and for users of that organization.
Per Apple/Google specs, public health agencies are expected to provide and configure different variables that will define the Risk Scoring of a potential contact event. This includes weighting of each element, definition of the classification buckets for each element, etc.
More description in the link below.
For testing and development purposes, at least, we'll be using AWS. Set up staging and production servers. Should auto deploy from dev branch to staging.
This is likely to get replaced as we build either more complex login screens, or an integration with Okta or Auth0, but we need a basic login screen for the POC.
Super admins, when they login:
Also Super admins should only see a super admin organization listing and management screen.
Need a way to extend Exposure Notifications past the day that the positive test is validated, or determine that this is not the correct behavior
As an Org Admin, I should be able to enter in various text strings (as required by specifications in the Apple/Google protocol) in the UI of the Permission Portal to properly configure any instances of the End User app that are associated with my organization.
See link below for required fields.
When a user logs in, they are presented with the permission validation screen for their organization. There are several possible designs for this screen, so don't spend too much time on this for v0.1 - the most basic version simply lists the potential permissions to be validated, and lets the user select one to validate.
Permissions that can be validated must be:
As an End Users, I need a way to configure my End User app and associate it with a particular organization so that I can get the correct information in the app around things like who to contact for validation of my positive test result.
As an Org Admin, I need a way to make sure that the text and configurations that I provide are pushed down to users associated with my organization so that I'm trying to help everyone in my responsibility and not getting overloaded with requests from End Users outside my area of responsibility.
I expect this will require a technical design as this can have broad-reaching architectural implications depending how we implement.
After determining a technical design, we expect changed to be required in the End User app- Github issues have not yet been created for these changes.
Workflow:
1 Covid Watch creates a new region (?)
2 We create the admin user(s) that can add other Contact Tracer users
3 Those admin user(s) add their Contact Tracer users (ideally we can add an excel file import function).
As an Org Admin, I need the ability to delete user accounts of other users in the Permission Portal so that I can clean up the user store. We need to figure out a way to maintain some record or association with users if we want to have an audit trail. It may be implemented that "deleted accounts" stay in the system for auditability but are no longer visible to admins. Email uniqueness will need to be dealt with in this case as well.
On 5/15/20 we agreed to postpone this feature to after v3.
As an Test Validator, I want to be able to validate a positive test requested by an Affected User by entering a code into the Permission Portal so that the RPIs of the Affected User are uploaded to the server and their contacts receive an Exposure Notification.
The Covid Watch App can get name and contact phone number and logo to display (stubbed out) for an organization.
Expose aggregate data from End Users in a single organization in privacy protecting fashion within Permission Portal
Should build on what was delivered in v2
Also requires backend work and technical design to figure out storage of data, and how we initially report (can be just pulling from the DB initially)
Also requires security review for privacy concerns.
Currently, admins are directed to Manage Members screen. This needs to be changed to Code Validation screen according to the new user flow on Figma.
See figma user flow here
APIs that the Covid Watch User App can use:
An organization can be connected to one or more login methods, the methods that are allowed for a user to login to the Permission Portal. Examples:
Password
Magic Link
Google OAuth
A specific SAML provider
Org admins can change a user to an admin or remove admin status. They cannot change their own status.
A login page that only superadmins can login at.
An organization admin should be able to see a page which shows the organization's name and contact phone number. The admin should be able to change the name and the phone number.
As an Affected User, I want to be able to submit a request for a positive diagnostic COVID test and have that test validated by a Test Validator so that my RPIs are uploaded to the server and my contacts receive an Exposure Notification.
Org admins can reset users' passwords
See #20
This allows users to login via Google OAuth
When I try to log in on the dev branch ([email protected]) I run into the following error:
Error: [mobx-state-tree] Error while converting `{"uid":"[email protected]","isActive":true,"isAdmin":true,"uuid":"ISJlDOgBP7S4jYsBrinwqvaxsOU2","isSuperAdmin":false,"lastName":"Allen","prefix":"Mr.","firstName":"Barry","organizationID":"14gcjXheoe1ptjpn28ZN"}` to `(AnonymousModel | null)`:
snapshot `{"uid":"[email protected]","isActive":true,"isAdmin":true,"uuid":"ISJlDOgBP7S4jYsBrinwqvaxsOU2","isSuperAdmin":false,"lastName":"Allen","prefix":"Mr.","firstName":"Barry","organizationID":"14gcjXheoe1ptjpn28ZN"}` is not assignable to type: `(AnonymousModel | null)` (No type is applicable for the union), expected an instance of `(AnonymousModel | null)` or a snapshot like `({ uid: string; isAdmin: boolean; isSuperAdmin: boolean; prefix: string; firstName: string; lastName: string; role: string; organizationID: string } | null?)` instead.
at path "/role" value `undefined` is not assignable to type: `string` (Value is not a string).
snapshot `{"uid":"[email protected]","isActive":true,"isAdmin":true,"uuid":"ISJlDOgBP7S4jYsBrinwqvaxsOU2","isSuperAdmin":false,"lastName":"Allen","prefix":"Mr.","firstName":"Barry","organizationID":"14gcjXheoe1ptjpn28ZN"}` is not assignable to type: `(AnonymousModel | null)` (Value is not a null), expected an instance of `(AnonymousModel | null)` or a snapshot like `({ uid: string; isAdmin: boolean; isSuperAdmin: boolean; prefix: string; firstName: string; lastName: string; role: string; organizationID: string } | null?)` instead.
at fail$1 (http://localhost:8080/dist/app.bundle.js:65149:12)
at typecheck (http://localhost:8080/dist/app.bundle.js:64796:15)
at typecheckInternal (http://localhost:8080/dist/app.bundle.js:64782:9)
at Array../node_modules/mobx-state-tree/dist/mobx-state-tree.module.js.ModelType.willChange (http://localhost:8080/dist/app.bundle.js:66852:13)
at interceptChange (http://localhost:8080/dist/app.bundle.js:71527:37)
at ObservableObjectAdministration../node_modules/mobx/lib/mobx.module.js.ObservableObjectAdministration.write (http://localhost:8080/dist/app.bundle.js:72541:26)
at Object.set [as user] (http://localhost:8080/dist/app.bundle.js:72774:29)
at http://localhost:8080/dist/app.bundle.js:2913:17
at Generator.next (<anonymous>)
at http://localhost:8080/dist/app.bundle.js:65586:51
"Test mode" setting so that organizations can try out the service before committing to a full production deployment
More requirements detailed here
Implementation details TBD
Organization admins should see a screen that lists all users within the organization and allows the user to create a new user.
Creating a new user should require the user to input a name, email address, and password, and should store appropriately. User creation in this version does not email the user, does not have a pending status, does not have any of the standard complexity to it.
As an Org Admin, I will be able to preview how text and settings I choose in the Permission Portal will impact the End User app look and feel before move those changes into full production for all End Users in my organization, so that I can make sure it works and looks as expected.
This could be a feature within the Permission Portal or a slight extension on the "testing mode" concept.
Change the window height and these logos will change size
Standard user setup flow, creating the user emails them, they get to set up their own password, the admin does not have to enter a password.
Org admins can activate and deactivate users
User listing shows a filter for active or inactive users, defaults to active users.
The entire frontend must be build with i18n in mind. Use a library, probably i18next unless you have experience with something you like better.
Users can reset their password.
The front end is dependent on the technical design selected (#59). It could be as simple as providing a drop-down pick list in a "Settings" menu on the end user mobile app. We'd also need a way for different organizations to access their own versions/tenant of the Permission Portal.
Set up schema and database migrations necessary to configure the database and code to have the following models:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.