|Version 27 (modified by 11 years ago) ( diff ),|
Table of Contents
- Site Super Entity
- Staff Permissions
- Inventory Management
Who's doing What Where and When (4W)
This documentation needs to be moved between:
"Who, What, Where"
The Organization Registry keeps track of all the relief organizations working in the disaster region. It captures not only the places where they are active, but also captures information on the range of services they are providing in each area.
Old PHP User Guide: http://wiki.sahanafoundation.org/doku.php?id=doc:or:english
We should aim to be able to exchange data with UN OCHA's 3W. Information about the 3W database schema, possible import methods to OCHA, and 3W controlled vocabulary lists can be found at BluePrint3W More work should be done to ensure that the schema is compatible with the BluePrint3W schema.
This means having the following tables:
- Type IS_IN_SET([Government,International Governmental Organization,International NGO,Misc,National Institution,National NGO,United Nations])
- National Staff
- International Staff
- Number of Vehicles
- Vehicle Types
- Donation Phone (gives the org an incentive to be listed)
- Logo (could be displayed on the map)
Instance of the Site super entity
- Type IS_IN_SET([Headquarters,Regional,Country,Satellite Office]) (Would "Field" be a better term than "Satellite")
- Phone 1
- Phone 2
- Address 1
- Address 2 (used for Postcode)
- Needs validation (checkbox) [NEW] or Validate
- Make S3PersonAutocompleteWidget work with the filter criteria of the field.requires (this is required to ensure only unique staff can be added to each site)
Handled by the Person Registry?
- First Name
- Last Name
Projects (previously Activities)
The Project Management module will be the main repository for Projects information.
These fields are take from a WASH (Water Health and Sanitation) Cluster form
- Organization (link to Org Table)
- Sub-Sector (opt)
- Beneficiaries (number)
- Start Date
- End Date
- Funded (Y/N)
4x Many-to-Many tables to link them
- structured like
Many-to-Many table to link Sector to Organisations.
Many-to-Many table to link Offices to Organisations.
Optional validator to limit Offices as being affiliated to just a single Organisation
Many-to-Many table to link Contacts to Offices.
Optional validator to limit Contacts as being affiliated to just a single Office
Many-to-Many table to link Contacts to Organisations.
Optional validator to limit Contacts as being affiliated to just a single Organisation
Q: Is it useful to be able to have a Contact be affiliated to an Organisation but not to an Office?
- would the default 'HQ' be appropriate?
Would be nice to add these functionalities:
- Organigram creator from the Contacts
- ID cards from the Contacts
Q: Wouldn't "Staff" be a better description than contact? Q: Contact implies just a single person for each organization.
This describes the screens laid out in a way matching with the workflow.
- Organization Dashboard (will go to the organization of the current user)
- Organizations Registry
- Org. Details
- Edit Org. (Restricted)
- Add Office
- Projects (for displayed Org.)
- New Project
- List of Organizations
- Add New Organization
- List of all Projects
- Display on Map (redirects to Map, with Project filter selected)
Filterable options to display:
- We want to be able to add Proejcts by Jurisdiction (e.g. Neighborhood for PaP)...without knowing the GIS data.
- If we do have polygons for neighborhoods, these will be displayed automatically on map.
- KML/GeoRSS feeds will just be GIS Centroids.
- Key is to be able to identify Gaps
Site Super Entity
The following are instances of the site super entity:
The Site Super Entity allows the following components to be shared between these resources through the use of a single foreign key (
org_staff) can be added as components of site instances (offices, hospitals and shelters) and organisations. There are a number of Use Cases where you may want to apply permissions based on the staff of a resource:
- Only staff of an organisation have permissions (READ, CREATE, UPDATE and/or DELETE) for their organisation resource.
- Only staff stationed at a certain site have permissions (READ, CREATE, UPDATE and/or DELETE) for their site resource.
For further flexibility, there are 2 boolean fields for staff:
no_access- If this is true, this staff member has no additional privileges (labelled as 'Read-only')
supervisor- This gives the options for more permissive permissions for some staff.
This is done by the
shn_create_record_roles function in
models/05_org.py, which can be called from a org or site onaccept by configuring the onaccept for that resource as following:
# Create roles for each organisation / site instance s3xrc.model.configure(table, onaccept = shn_staff_join_onaccept_func(tablename))
(This code should be called after the resource table is defined in the model)
If a user creates a resource (Site or Organisation) then they are automatically given a staff record with Supervisor access to that resource.
Enabling Staff Permissions
deployment_settings.security.policy = 3 # Controller-ACLs. 4 & 5 will also work deployment_settings.aaa.has_staff_permissions = True deployment_settings.aaa.staff_acl = Permissions for staff role: Create, Read, Update & or Delete deployment_settings.aaa.supervisor_acl = Permissions for supervisor role: Create, Read, Update & or Delete
- When a new organisation or site instance is created:
- The current user is added as a Staff (with supervisor set) to the record [@ToDo: Remove this]
- New roles (staff & supervisor) are automatically created for that record (<tablename>_staff_id & <tablename>_supervisor_id).
- The current user is added as a member of both of those roles.
- Add staff to organisations and sites to grant them the appropriate permissions
To allow other components inherit the same permissions as the primary resource, the following function can be called, to add a onaccept function which will copy the "owned_by_role" from the primary resource. This onaccept should be added to the onaccept for the component resource.
# Update owned_by_role to the site's owned_by_role s3xrc.model.configure( table, onaccept = shn_component_copy_role_func(component_name = tablename, resource_name = "org_site", fk = "site_id", pk = "site_id") )
The staff component resource itself currently inherit permissions from sites not organisations, because this is LESS permissive. This may need to become a deployment setting.
- How to handle permissions for site resources - should they inherit permissions from an organisation resource?
- No, they have their own permissions which are more specific than the organisation permissions, but...
- Have an deployment_setting to switch between:
- Sites having their own permissions according to the staff of that site
- All sites inheriting their permissions from the organisation's staff (site's owned_by_role = org_organisation_staff role)
- Allow staff for Organisation to be marked as "admin" (or something) and have them ALWAYS have permissions for any site belonging to the organisation
- if a single person is assigned as staff to multiple sites or organisations, there will be multiple site records for this person. This may cause confusion when creating staff lists. Perhaps the data structure should be revised to accommodate this.
Inventories can be added to any site instance, by adding
shn_show_inv_tabs(r) to the rheader tabs for that site instance.