-
Notifications
You must be signed in to change notification settings - Fork 23
Django Admin (managing users, using Clips)
Accessing the admin functionality within the Clear My Record App requires a
user account with the necessary privileges. is_staff, is_superuser and
permission groups are used to manage privileges.
New users can be invited at /invitations/send-invite. When logged in as a
staff user, a link to invite new users can be found at /accounts/profile/.
Users must be linked to the correct organization and added to groups that
correspond to their expected permissions.
When users access email invitation links, they encounter a sign-up form that fills in details for their profile.
If a user needs to added to staff or designated as a superuser, those
changes need to be made by clicking the "staff" and "superuser" checkboxes in
the Django admin site (under /admin/auth/user/) after they have activated
their account.
-
application_reviewers.
application_reviewersare users who need to access and review applications. All org users are application_reviewers. - performance_monitors. This is a now-deprecated group that was used for giving access to private aggregate statistics without giving access to review applications.
- followup_staff. These are users who directly communicate with applicants and need to review the status of their cases with each assisting county partner. The handle replies to automated followups with applicants. They are able to add notes and tags to form submissions. This group generally includes cfa staff who are allowed to engage in appicant support.
- clips_users. These are users who are allowed to run SQL queries on a copy of the database that has been cleared of personally identifiable information. All CfA staff with user accounts are generally clips users. See below for more information about the clips app.
Django has a built in admin site that is accessible by any user with
is_staff = True. You can access the site at /admin/ using your login
credentials.
Accessing the admin site is necessary for marking new users as staff or superuser, or for changing their groups or permissions.
When we need to "delete" a user, whether a legal aid partner or CFA staff, mark them as inactive in the Django console. Do not delete them.
To mark them inactive:
- Log into Django admin (see Using the Django Admin
- Find the user's profile on the User administration page, and click to view
- Uncheck the 'active' box and click 'Save'
The user will lose the ability to log in and will no longer receive notifications.
At /clips/ there is a minimal app for running custom queries on a copy
of
the database purged of sensitive info, intended to mimic the functionality
of
Heroku's Dataclips feature.
Users must be in the clips_users group to access the page, and there are
currently no links to the URL. The URL must be accessed directly.
Front is used for general correspondence & customer support, as well as handling applicant replies to SMS status updates and followup messages. No one needs access to Front unless they are engaging in direct communications with applicants. Front charges us based on the number of accounts, so we should limit to only those necessary. Front has limited auditing and account access controls, and an incomplete security policy.
We have two email accounts on Gmail:
-
[email protected], used as a central point of contact for communicating with both applicants and county partners. This email is managed by Front, but you can login to the account using the password stored in LastPass. -
[email protected], used for testing email functionality. This email is used for all fake seed data applicants and fake county partner accounts. The login information is stored in LastPass.
We have two mailing lists setup using Code for America's Google Org account.
-
[email protected], used for sending important alerts about bugs, errors, performance issues, or anything else. -
[email protected], used as a point of contact for partnerships communications.