fyliu / peopledepot Goto Github PK

• Part of #218

Overview

We need to improve the project configuration so that it is ready for deployment.

Action Items

• work though the deployment checklist to be able to switch the project from DEBUG to production using an environment variable
• Check off this issue's item in #218

Resources/Instructions

• deployment checklist

Overview

We need to update the event table model in django to utilize the practice area table instead of the outdated role table.

• #173 wasn't as complete as we thought it was

Details

The old model issues for this table are

• #14
• #173

Action Items

• Update existing Django model
• Write a test for the new relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project) if any.
• Update API end point
• Update API unit tests
• Document the endpoint in Swagger

Changes Needed

Columns to Remove

• must_roles - int[] (role_id)
• should_roles - int[] (role_id)
• could_roles - int[] (role_id)

Columns to Add

• must_attend - JSON[]
• should_attend - JSON[]
• could_attend - JSON[]

Additional Changes

• Add example JSON to the documentation (like the one in the ERD)

JSON Example:

[
  {
    practice_area: engineering,
    permission_level: practiceLeadProject
  },
  {
    practice_area: pm,
    permission_level: practiceLeadProject
  }
]

Resources

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Practice Areas:

• Development
• Project Management
• Design
• Professional Development

Permission Types:

• adminGlobal
• adminBrigade
• adminProject
• practiceLeadProject
• practiceLeadJrProject
• memberProject
• memberGeneral

Test suggestions

• create an "All" event for the PeopleDepot project with these attendance suggestions
  • must: adminProject, practiceLeadProject, practiceLeadJrProject
  • should: memberProject
  • could: memberGeneral
• need an example that utilizes Practice Area values

• Part of #218

Overview

We need to improve the project configuration so that it is ready for deployment.

Action Items

• work though the deployment checklist to be able to switch the project from DEBUG to production using an environment variable
• Check off this issue's item in #218

Resources/Instructions

• deployment checklist

Overview

We need to create the [name of table] table so that we can update a shared data store across hackforla.org, vrms, civictechjobs, and tables (onboarding) project.

Details

A table and a model are the same thing

Details

A table and a model are the same thing

Action Items

• identify and document table description (see spreadsheet under Resources)
  • if not, reach out to PD leads
• compare the data fields (below) against the ERD. Check off on the list and note any extras (see Resources)
• compare the associated tables (below) against the ERD. Check off on the list and note any extras (see Resources)
• create a single model in Django (defining schema)
• write a test for the relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project).
• write an API end point
• write API unit tests
• document the endpoint

Resources/Instructions

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Description

No response

Data Fields

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [name] - [type]

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • [name] - [type]

Associated Tables

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [other_table] ([relationship])

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • None

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Overview

Adjust pre-commit settings to resolve some issues

Action Items

• ignore github issue template files
• set pre-commit.ci to run quarterly from weekly

Resources/Instructions

• ignore github issue template files because mdformat is doing the wrong thing for square brackets (it should not try to escape them)

• we should unignore this when mdformat does the right thing

• set pre-commit.ci to run quarterly from weekly because weekly is too often to update syntax checkers

After changes are made for issues posted by me the API and Cognito implementation documentation needs to be updated

Overview

We need to update the event table model in django to utilize the practice area table instead of the outdated role table.

• #173 wasn't as complete as we thought it was

Details

The old model issues for this table are

• #14
• #173

Action Items

• Update existing Django model
• Write a test for the new relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project) if any.
• Update API end point
• Update API unit tests
• Document the endpoint in Swagger

Changes Needed

Columns to Remove

• must_roles - int[] (role_id)
• should_roles - int[] (role_id)
• could_roles - int[] (role_id)

Columns to Add

• must_attend - JSON[]
• should_attend - JSON[]
• could_attend - JSON[]

Additional Changes

• Add example JSON to the documentation (like the one in the ERD)

JSON Example:

[
  {
    practice_area: engineering,
    permission_level: practiceLeadProject
  },
  {
    practice_area: pm,
    permission_level: practiceLeadProject
  }
]

Resources

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Practice Areas:

• Development
• Project Management
• Design
• Professional Development

Permission Types:

• adminGlobal
• adminBrigade
• adminProject
• practiceLeadProject
• practiceLeadJrProject
• memberProject
• memberGeneral

Test suggestions

• create an "All" event for the PeopleDepot project with these attendance suggestions
  • must: adminProject, practiceLeadProject, practiceLeadJrProject
  • should: memberProject
  • could: memberGeneral
• need an example that utilizes Practice Area values

Overview

We need to add documentation for the github actions being used in this repo for the benefit of developers and maintainers so that they can understand how to read the results in the Actions page.

Action Items

• Add a page if this is a new topic
• Add documentation

Instructions

What to include in the documentation

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Overview

We need to create the [name of table] table so that we can update a shared data store across hackforla.org, vrms, civictechjobs, and tables (onboarding) project.

Details

A table and a model are the same thing

Action Items

• identify if table has a description (see spreadsheet under Resources)
  • if not, reach out to PD leads
• identify and document (below) what the data fields are and make sure the ERD and spreadsheets match (see Resources)
• identify and document (below) what other tables are associated and make sure the ERD and spreadsheets match (see Resources)
• create a single model in Django (defining schema)
• Write a test for the relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project).
• Write an API end point
• write API unit tests
• Document the endpoint

Resources/Instructions

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Description

No response

Data Fields

1. Copied from spreadsheet and checked off according to ERD. Data fields are bolded and relation fields are not. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [name] - [type]

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • [name] - [type]

Associated Tables

1. Copied from spreadsheet and checked off according to ERD (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [other_table] ([relationship])

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • None

Overview

We are planning on including row and field-level security for tables. The required permissions need to be tested before implementation. Row and field level READ privileges for certain fields and roles will be implemented to prove feasibility.

Details

Action Items

• implement code needed for FLS (tables, possibly models)
• test Practice Lead project
• create test cases for FLS

Resources/Instructions

• Use cases and tests for FLS feasibility: hackforla#150 (comment)
• Tables and test data

Overview

We need better contributing docs so that contributors know what to do and what to expect

Action Items

• Move most or all sections out of contributing page and create links to them from the page
• Keep the contributing page short but usable by experienced devs
• Link to detailed pages for clarification and for inexperienced devs
• Make sure the clarifications below are part of the docs

Resources/Instructions

• Things that need clarification
  • The supported workflow
    • fork, create feature branch, work, commit, push to fork, create PR from fork to hackforla/peopledepot/main
  • priority goals for the repo:
    • keep as much history as possible
      • prefer rebase merge over squash merge
    • keep the main branch linear for ease of debug
      • merge commits are hard to follow because commits are in another branch
    • keep the commit history clean
      • avoid fix commits if the original commit is in the same PR. Just redo the original commit to include the fix
        • use fixup messages and rebase to modify the original commits
      • changes should be divided into logical commits
  • Every commit in hackforla/peopledepot/main should be runnable.
    • No WIP commits or nonsense commits
  • The way to test GHA is also to test it in a fork
    • For tests against the project board, get a copy of the board from another team member
  • To keep the hackforla/peopledepot/main branch linear, the acceptable PR merging methods are rebase and squash. This means:
    • It's okay to do merge commits in feature branches, provided that you're okay with having them squashed during the final merge
    • The preferred way is to always do rebase to pull in new code. The individual commits in the feature branch can then be rebased during the final merge, provided they're cleaned up (each commit runs, no fixup commits).

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Dependency

• #24

Overview

We need to add seed data for the Permission Type table, because it won't be changing, it's the same for all users of people depot and the information is public

Action Items

• Read the instructions (resource 1.01)
• Find the table (resource 1.02), and add it to the resources below (resource 2.01)
• create the json file
• convert the json file to python script
• Combine the script in migration
• Update the 2.02 & 2.03 links when the pr is merged

Resources

Resources for creating this issue

• 1.01 Instruction: https://hackforla.github.io/peopledepot/how-to/create-initial-data-migrations/
• 1.02 tables folder: https://github.com/hackforla/peopledepot/blob/main/app/core/migrations/

Resources gathered during the completion of this issue

• 2.01 table: https://github.com/hackforla/peopledepot/blob/main/app/core/migrations/0015_permissiontype.py
• 2.02 json file (after commit):
• 2.03 script that adds seed data:

Overview

We need to create the role table so that we can update a shared data store across hackforla.org, vrms, civictechjobs, and tables (onboarding) project.

Details

A table and a model are the same thing

Action Items

• identify if table has a description (see spreadsheet under Resources)
  • if not, reach out to PD leads
• identify and document (below) what the data fields are and make sure the ERD and spreadsheets match (see Resources)
• identify and document (below) what other tables are associated and make sure the ERD and spreadsheets match (see Resources)
• create a single model in Django (defining schema)
• Write a test for the relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project).
• Write an API end point
• write API unit tests
• Document the endpoint

Resources/Instructions

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Description

Dictionary of roles

Data Fields

1. Copied from spreadsheet and checked off according to ERD. Data fields are bolded and relation fields are not. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • PK - id - int
   • name - varchar
   • description - varchar
   • responsibilities - varchar
   • qualifications - varchar
   • created - timestamp
   • updated - timestamp

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • none

Associated Tables

1. Copied from spreadsheet and checked off according to ERD (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • permission (one-to-many)
   • permission_history (one-to-many)
   • recurring_event (many-to-many array of IDs)
   • user (many-to-many array of IDs)
   • win (many-to-many array of IDs)

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • none

Overview

We need to create the [name of table] table so that we can update a shared data store across hackforla.org, vrms, civictechjobs, and tables (onboarding) project.

Details

A table and a model are the same thing

Details

A table and a model are the same thing

Action Items

• identify and document table description (see spreadsheet under Resources)
  • if not, reach out to PD leads
• compare the data fields (below) against the ERD. Check off on the list and note any extras (see Resources)
• compare the associated tables (below) against the ERD. Check off on the list and note any extras (see Resources)
• create a single model in Django (defining schema)
• write a test for the relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project).
• write an API end point
• write API unit tests
• document the endpoint

Resources/Instructions

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Description

No response

Data Fields

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [name] - [type]

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • [name] - [type]

Associated Tables

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [other_table] ([relationship])

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • None

Overview

We need to create an explanation page for the project directory structure so that new devs can understand where everything is and should go.

Action Items

• Add a new page, something like project_structure.md and lay out and explain the project structure

Resources/Instructions

• docs/ for documentation
• app/ for the django application and also where the docker container's project root is
• scripts/ to store helper scripts callable from outside docker
• etc.

All the project files (some project-specific content omitted)

├── app                                                                                                                                                                                                                                        
│   ├── core                                                                                                                                                                                                                                   
│   │   ├── admin.py                                                                                                                                                                                                                           
│   │   ├── api                                                                                                                                                                                                                       
│   │   │   ├── permissions.py                                                                                                                                                                                                                 
│   │   │   ├── serializers.py                                                                                                                                                                                                                 
│   │   │   ├── urls.py                                                                                                                                                                                                                        
│   │   │   └── views.py
│   │   ├── apps.py
│   │   ├── initial_data/
│   │   ├── migrations
│   │   │   ├── 0001_initial.py
│   │   │   ├── ...
│   │   │   └── max_migration.txt
│   │   ├── models.py
│   │   ├── scripts/
│   │   ├── tests
│   │   │   ├── conftest.py
│   │   │   ├── test_api.py
│   │   │   ├── test_models.py
│   │   │   └── test_permissions.py
│   │   └── utils
│   │       └── jwt.py
│   ├── data
│   │   └── migrations
│   │       ├── ...
│   │       └── max_migration.txt
│   ├── Dockerfile
│   ├── entrypoint.sh
│   ├── erd.png
│   ├── manage.py
│   ├── peopledepot
│   │   ├── asgi.py
│   │   ├── settings.py
│   │   ├── urls.py
│   │   └── wsgi.py
│   ├── requirements.in
│   ├── requirements.txt
│   ├── scripts
│   │   └── convert.py
│   ├── setup.cfg
│   └── tmp.md
├── CONTRIBUTING.md
├── docker-compose.yml
├── docs/
├── LICENSE
├── mkdocs.yml
├── pyproject.toml
├── README.md
└── scripts
    ├── buildrun.sh
    ├── check-migrations.sh
    ├── createsuperuser.sh
    ├── db.sh
    ├── erd.sh
    ├── lint.sh
    ├── loadenv.sh
    ├── logs.sh
    ├── migrate.sh
    ├── precommit-check.sh
    ├── run.sh
    ├── start-local.sh
    ├── test.sh
    └── update-dependencies.sh

• scripts, docs, initial data should be documented in their own pages

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Overview

As an administrator I want to be able to log into People Depot using my SSO account so I don't have to remember the People Depot username and password.

Action Items

• Implement using allauth package

After changes are made for issues posted by me the API and Cognito implementation documentation needs to be updated

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Dependency

• Someone having a question

Overview

We need a place for new project team members to annotate their questions so that we can answer them in writing and then update the wiki

Action Items

• Add question to a new comment below
  • Move the issue to the questions column on the project board
  • add the label question
• If you are answering a question, edit the comment and write A: and then the answer.
• Evaluate if this requires a wiki update.
• Edit wiki

Resources/Instructions

https://github.com/hackforla/peopledepot/wiki

Overview

We need better contributing docs so that contributors know what to do and what to expect

Action Items

• Move most or all sections out of contributing page and create links to them from the page
• Keep the contributing page short but usable by experienced devs
• Link to detailed pages for clarification and for inexperienced devs
• Make sure the clarifications below are part of the docs

Resources/Instructions

• Things that need clarification
  • The supported workflow
    • fork, create feature branch, work, commit, push to fork, create PR from fork to hackforla/peopledepot/main
  • priority goals for the repo:
    • keep as much history as possible
      • prefer rebase merge over squash merge
    • keep the main branch linear for ease of debug
      • merge commits are hard to follow because commits are in another branch
    • keep the commit history clean
      • avoid fix commits if the original commit is in the same PR. Just redo the original commit to include the fix
        • use fixup messages and rebase to modify the original commits
      • changes should be divided into logical commits
  • Every commit in hackforla/peopledepot/main should be runnable.
    • No WIP commits or nonsense commits
  • The way to test GHA is also to test it in a fork
    • For tests against the project board, get a copy of the board from another team member
  • To keep the hackforla/peopledepot/main branch linear, the acceptable PR merging methods are rebase and squash. This means:
    • It's okay to do merge commits in feature branches, provided that you're okay with having them squashed during the final merge
    • The preferred way is to always do rebase to pull in new code. The individual commits in the feature branch can then be rebased during the final merge, provided they're cleaned up (each commit runs, no fixup commits).

Overview

We should rename the sponsor_partner table to something like affiliate. And the project_sponsor_partner_xref table to affiliation or similar. This would simplify and clarify the ideas behind these tables.

Also more clear would be converting the project_sponsor_partner_xref.is_sponsor field to type. See discussion below.

Action Items

ERD, spreadsheet, code changes for each of these

• rename sponsor_partner to affiliate
• rename project_sponsor_partner_xref to affiliation. Made part of #65
  • convert the is_sponsor field name to type and make it a choice or enum. Made part of #65

Resources/Instructions

Proposed Changes

• Rename the project_sponsor_partner_xref table to affiliation or a more appropriate descriptive term for the relationship.
• Rename the sponsor_partner table to affiliate.
• Make is_sponsor is a choice like choose between sponsor or partner, and call it type

What the changes give us

Mostly simpler naming for these concepts.

Clearer code when working with the relationship and model.

Example to create a project-affiliate relation

Affiliation.objects.create(project="PeopleDepot", affiliate="Code for America", type="partner")

The current way would look like this

ProjectSponsorPartnerXref.objects.create(project="PeopleDepot", sponsor_partner="Code for America", is_sponsor=False)

Originally posted by @fyliu in hackforla#270 (comment)

Overview

We should rename the sponsor_partner table to something like affiliate. And the project_sponsor_partner_xref table to affiliation or similar. This would simplify and clarify the ideas behind these tables.

Also more clear would be converting the project_sponsor_partner_xref.is_sponsor field to type. See discussion below.

Action Items

ERD, spreadsheet, code changes for each of these

• rename sponsor_partner to affiliate
• rename project_sponsor_partner_xref to affiliation. Made part of #65
  • convert the is_sponsor field name to type and make it a choice or enum. Made part of #65

Resources/Instructions

Proposed Changes

• Rename the project_sponsor_partner_xref table to affiliation or a more appropriate descriptive term for the relationship.
• Rename the sponsor_partner table to affiliate.
• Make is_sponsor is a choice like choose between sponsor or partner, and call it type

What the changes give us

Mostly simpler naming for these concepts.

Clearer code when working with the relationship and model.

Example to create a project-affiliate relation

Affiliation.objects.create(project="PeopleDepot", affiliate="Code for America", type="partner")

The current way would look like this

ProjectSponsorPartnerXref.objects.create(project="PeopleDepot", sponsor_partner="Code for America", is_sponsor=False)

Originally posted by @fyliu in hackforla#270 (comment)

Overview

We are planning on including field-level security for tables. The required permissions need to be tested before implementation.

Action Items

• implement code needed for FLS (tables, possibly models)
  • create tables
  • add test data
• test Practice Lead project
• create test cases for FLS

Resources/Instructions

• PostgreSQL documentation for field-level security policies
• Django multitenancy
• Use cases and tests for FLS feasibility: hackforla#150 (comment)
• Tables and test data
• Ethan's proposal and documentation on the wiki: https://github.com/hackforla/peopledepot/wiki/Security:-Field-Level-Proposal-(using-Github-Copilot)

Overview

We are planning on including row and field-level security for tables. The required permissions need to be tested before implementation. Row and field level READ privileges for certain fields and roles will be implemented to prove feasibility.

Details

Action Items

• implement code needed for FLS (tables, possibly models)
• test Practice Lead project
• create test cases for FLS

Resources/Instructions

• Use cases and tests for FLS feasibility: hackforla#150 (comment)
• Tables and test data

Overview

As a user I want my information protected by having an administrator in charge of who gets to view my information.

Solution

Add this code to views.py:

class IsStaffUser(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        print("Debug user", request.user.is_staff, request.user.is_authenticated, request.user.is_superuser, request.user.is_active, request.user.is_anonymous, request.user.username, request.user.email, request.user.first_name, request.user.last_name, request.user.is_staff, request.user.is_superuser, request.user.is_active)
        print(request.user.__dict__)
        return request.user.is_staff
    
class IsStaffUserOrReadOnly(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        return request.user.is_staff or request.method in SAFE_METHODS 
    
Then change permission_classes[IsAuthenticated] to permision_classes[IsStaffUser]

Overview

As a user I want only authorized users to update information so that the information is accurate.

Solution

• Sample code for preventing unauthorized updates

    if not request.user.has_perm('core.change_practice_area'):
        # If the user doesn't have permission, return forbidden response
       return HttpResponseForbidden("You don't have permission to update practice area.")

Similar code can be written for creating and deleting.

Action Items

• Implement code
• Write tests

Overview

As a developer, I want to be able to deploy docker without any fatal errors.

Solution

Remove the line that installs postgres. It may not be needed. Otherwise, update 13+225 to an appropiate value.

Overview

We need to add documentation for how to combine migrations before merging a PR for the benefit of developers so that they can refer to the guide as needed.

Action Items

• Add a page if this is a new topic
• Add documentation

Instructions

When doing PRs involving django models, sometimes the requested changes cause django to generate more migration files. To keep things simpler, it's recommended to combine migrations as much as possible at the end of the PR process so that there's one or very few migrations to merge. Follow these steps to merge all the PR migrations into one.

1. Check the new migrations created for the PR

   ls app/core/migrations/
   

   Let's say the PR created 0022-0027 in the core app

   ...
   Applying core.0020_rename_is_sponsor_sponsorpartner_is_org_partner_and_more... OK                                                                                                                                                            
   Applying core.0021_sdg... OK                                                                                                                                                                                                                 
   Applying core.0022_alter_sponsorpartner_table_affiliation_and_more... OK                                                                                                                                                                     
   Applying core.0023_rename_sponsorpartner_affiliate_and_more... OK                                                                                                                                                                            
   Applying core.0024_rename_is_sponsor_affiliation_affiliation_type... OK                                                                                                                                                                      
   Applying core.0025_remove_affiliation_affiliation_type_and_more... OK                                                                                                                                                                        
   Applying core.0026_alter_affiliation_created_at_alter_affiliate_table... OK                                                                                                                                                                  
   Applying core.0027_alter_affiliation_created_at... OK                                                                                                                                                                                        
   ...

2. Undo the migrations back to before the PR

   docker-compose exec web python manage.py migrate core 0021
   

3. Delete the migration files

   rm app/core/migrations/{0022*,0023*,0024*,0025*,0026*,0027*}
   

4. Reset the max_migration.txt back to before the PR branch (assuming that's the current upstream/main)

   git checkout upstream/main -- app/core/migrations/max_migration.txt
   

5. Generate the combined migration file and apply it

   docker-compose exec web python manage.py makemigrations
   docker-compose exec web python manage.py migrate
   

Dependency

• #24

Overview

We need to add seed data for the Permission Type table, because it won't be changing, it's the same for all users of people depot and the information is public

Action Items

• Read the instructions (resource 1.01)
• Find the table (resource 1.02), and add it to the resources below (resource 2.01)
• create the json file
• convert the json file to python script
• Combine the script in migration
• Update the 2.02 & 2.03 links when the pr is merged

Resources

Resources for creating this issue

• 1.01 Instruction: https://hackforla.github.io/peopledepot/how-to/create-initial-data-migrations/
• 1.02 tables folder: https://github.com/hackforla/peopledepot/blob/main/app/core/migrations/

Resources gathered during the completion of this issue

• 2.01 table: https://github.com/hackforla/peopledepot/blob/main/app/core/migrations/0015_permissiontype.py
• 2.02 json file (after commit):
• 2.03 script that adds seed data:

Overview

We need to add documentation for the github actions being used in this repo for the benefit of developers and maintainers so that they can understand how to read the results in the Actions page.

Action Items

• Add a page if this is a new topic
• Add documentation

Instructions

What to include in the documentation

Overview

We are planning on including field-level security for tables. The required permissions need to be tested before implementation.

Action Items

• implement code needed for FLS (tables, possibly models)
  • create tables
  • add test data
• test Practice Lead project
• create test cases for FLS

Resources/Instructions

• PostgreSQL documentation for field-level security policies
• Django multitenancy
• Use cases and tests for FLS feasibility: hackforla#150 (comment)
• Tables and test data
• Ethan's proposal and documentation on the wiki: https://github.com/hackforla/peopledepot/wiki/Security:-Field-Level-Proposal-(using-Github-Copilot)

Dependency

• Someone having a question

Overview

We need a place for new project team members to annotate their questions so that we can answer them in writing and then update the wiki

Action Items

• Add question to a new comment below
  • Move the issue to the questions column on the project board
  • add the label question
• If you are answering a question, edit the comment and write A: and then the answer.
• Evaluate if this requires a wiki update.
• Edit wiki

Resources/Instructions

https://github.com/hackforla/peopledepot/wiki

• Part of #218

Overview

We need to improve the project configuration so that it is ready for deployment.

Action Items

• work though the deployment checklist to be able to switch the project from DEBUG to production using an environment variable
• Check off this issue's item in #218

Resources/Instructions

• deployment checklist

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Overview

We need to create the [name of table] table so that we can update a shared data store across hackforla.org, vrms, civictechjobs, and tables (onboarding) project.

"#### Details"

A table and a model are the same thing

Details

A table and a model are the same thing

Action Items

• identify and document table description (see spreadsheet under Resources)
  • if not, reach out to PD leads
• compare the data fields (below) against the ERD. Check off on the list and note any extras (see Resources)
• compare the associated tables (below) against the ERD. Check off on the list and note any extras (see Resources)
• create a single model in Django (defining schema)
• write a test for the relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project).
• write an API end point
• write API unit tests
• document the endpoint

Resources/Instructions

• See People Depot Resources wiki page for links
  • ERD
  • Table and Field Definitions
  • API Endpoint

Description

No response

Data Fields

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [name] - [type]

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • [name] - [type]

Associated Tables

1. Copied from spreadsheet and checked off according to ERD. (unchecked items indicate a mismatch between ERD and spreadsheet, which requires a review)

   • [other_table] ([relationship])

2. In ERD only (having items here indicates a mismatch, which requires a review)

   • None

Overview

As a user I want only authorized users to update information so that the information is accurate.

Solution

• Sample code for preventing unauthorized updates

    if not request.user.has_perm('core.change_practice_area'):
        # If the user doesn't have permission, return forbidden response
       return HttpResponseForbidden("You don't have permission to update practice area.")

Similar code can be written for creating and deleting.

Action Items

• Implement code
• Write tests

Overview

Briefly describe the purpose of this issue.

Action Items

If this is a new issue, describe what research and documentation are likely needed.

If this is an existing issue, describe the steps and course of actions. If this is a complex issue, maybe it'd be helpful to divide into separate issues.

Resources/Instructions

Documentation or websites that can be helpful.

Overview

This is a knowledgebase requirement to allow synchronization of users table without having to rely on permissions of a user.

Overview

We need to add documentation for how to combine migrations before merging a PR for the benefit of developers so that they can refer to the guide as needed.

Action Items

• Add a page if this is a new topic
• Add documentation

Instructions

When doing PRs involving django models, sometimes the requested changes cause django to generate more migration files. To keep things simpler, it's recommended to combine migrations as much as possible at the end of the PR process so that there's one or very few migrations to merge. Follow these steps to merge all the PR migrations into one.

1. Check the new migrations created for the PR

   ls app/core/migrations/
   

   Let's say the PR created 0022-0027 in the core app

   ...
   Applying core.0020_rename_is_sponsor_sponsorpartner_is_org_partner_and_more... OK                                                                                                                                                            
   Applying core.0021_sdg... OK                                                                                                                                                                                                                 
   Applying core.0022_alter_sponsorpartner_table_affiliation_and_more... OK                                                                                                                                                                     
   Applying core.0023_rename_sponsorpartner_affiliate_and_more... OK                                                                                                                                                                            
   Applying core.0024_rename_is_sponsor_affiliation_affiliation_type... OK                                                                                                                                                                      
   Applying core.0025_remove_affiliation_affiliation_type_and_more... OK                                                                                                                                                                        
   Applying core.0026_alter_affiliation_created_at_alter_affiliate_table... OK                                                                                                                                                                  
   Applying core.0027_alter_affiliation_created_at... OK                                                                                                                                                                                        
   ...

2. Undo the migrations back to before the PR

   docker-compose exec web python manage.py migrate core 0021
   

3. Delete the migration files

   rm app/core/migrations/{0022*,0023*,0024*,0025*,0026*,0027*}
   

4. Reset the max_migration.txt back to before the PR branch (assuming that's the current upstream/main)

   git checkout upstream/main -- app/core/migrations/max_migration.txt
   

5. Generate the combined migration file and apply it

   docker-compose exec web python manage.py makemigrations
   docker-compose exec web python manage.py migrate
   

Overview

We need to create an explanation page for the project directory structure so that new devs can understand where everything is and should go.

Action Items

• Add a new page, something like project_structure.md and lay out and explain the project structure

Resources/Instructions

• docs/ for documentation
• app/ for the django application and also where the docker container's project root is
• scripts/ to store helper scripts callable from outside docker
• etc.

All the project files (some project-specific content omitted)

├── app                                                                                                                                                                                                                                        
│   ├── core                                                                                                                                                                                                                                   
│   │   ├── admin.py                                                                                                                                                                                                                           
│   │   ├── api                                                                                                                                                                                                                       
│   │   │   ├── permissions.py                                                                                                                                                                                                                 
│   │   │   ├── serializers.py                                                                                                                                                                                                                 
│   │   │   ├── urls.py                                                                                                                                                                                                                        
│   │   │   └── views.py
│   │   ├── apps.py
│   │   ├── initial_data/
│   │   ├── migrations
│   │   │   ├── 0001_initial.py
│   │   │   ├── ...
│   │   │   └── max_migration.txt
│   │   ├── models.py
│   │   ├── scripts/
│   │   ├── tests
│   │   │   ├── conftest.py
│   │   │   ├── test_api.py
│   │   │   ├── test_models.py
│   │   │   └── test_permissions.py
│   │   └── utils
│   │       └── jwt.py
│   ├── data
│   │   └── migrations
│   │       ├── ...
│   │       └── max_migration.txt
│   ├── Dockerfile
│   ├── entrypoint.sh
│   ├── erd.png
│   ├── manage.py
│   ├── peopledepot
│   │   ├── asgi.py
│   │   ├── settings.py
│   │   ├── urls.py
│   │   └── wsgi.py
│   ├── requirements.in
│   ├── requirements.txt
│   ├── scripts
│   │   └── convert.py
│   ├── setup.cfg
│   └── tmp.md
├── CONTRIBUTING.md
├── docker-compose.yml
├── docs/
├── LICENSE
├── mkdocs.yml
├── pyproject.toml
├── README.md
└── scripts
    ├── buildrun.sh
    ├── check-migrations.sh
    ├── createsuperuser.sh
    ├── db.sh
    ├── erd.sh
    ├── lint.sh
    ├── loadenv.sh
    ├── logs.sh
    ├── migrate.sh
    ├── precommit-check.sh
    ├── run.sh
    ├── start-local.sh
    ├── test.sh
    └── update-dependencies.sh

• scripts, docs, initial data should be documented in their own pages

• Part of #218

Overview

We need to improve the project configuration so that it is ready for deployment.

Action Items

• work though the deployment checklist to be able to switch the project from DEBUG to production using an environment variable
• Check off this issue's item in #218

Resources/Instructions

• deployment checklist

Overview

Adjust pre-commit settings to resolve some issues

Action Items

• ignore github issue template files
• set pre-commit.ci to run quarterly from weekly

Resources/Instructions

• ignore github issue template files because mdformat is doing the wrong thing for square brackets (it should not try to escape them)

• we should unignore this when mdformat does the right thing

• set pre-commit.ci to run quarterly from weekly because weekly is too often to update syntax checkers