gatekeep #408
gatekeep #408
Conversation
shaeespring
force-pushed
the
feature/vote_role
branch
3 times, most recently
from
34f9f43 to
c874b46
Compare
shaeespring
force-pushed
the
feature/vote_role
branch
from
c874b46 to
25d43f2
Compare
|
Would it be better to, in addition to the result, expose the expected and actual counts for each thing? That way things like vote could explain to you why you're ineligible to vote. You may also want to add a banner to the conditional dashboard page telling you you're ineligible to vote. Also I don't see a check for the date here... Presumably you only need to meet these requirements by week 6? Sometimes we need to do elections or spending presentations early in the year. Lastly... How does this interact with members who were on coop in the fall? Are they just ineligible to vote until they do a bunch of meetings? That might be a problem with the amendment itself though. Would it be better to reuse the "house meetings missed" logic for the dashboard of conditional? Unfortunately that doesn't fix the other requirements, but it gets the house meeting one dealt with. |
shaeespring
force-pushed
the
feature/vote_role
branch
from
5855285 to
b9cb4fc
Compare
Correct, they are ineligible to vote until the following semester, where for the first 6 weeks, everyone will be able to vote, and then ALL members must fulfill the requirements again if they want to vote during the semester Unfortunately, the way the constitution is worded, currently in order to vote you must have six house meetings. That amendment is currently in the process of being ratified (hopefully). The way I wrote the gatekeep function is based upon the assumption that that amendment would fail, and I will update it in the future |
This will be implemented into vote via a toggle. Doing it here would spread false information that a member has passed gatekeep when they haven't... Would it be better to add that maybe to the dashboard in "member statistics"? |
Conditional does not return to 0 HM attendances, seminars, and directorships for spring semester. Your current code would allow anyone who has passed gatekeep at any point in the operating year, not just the current semester. |
|
Whoops that put my thing in as a review rather than a comment... Oh well. |
To me, this seems like it's a lot of room for human error... What happens when some votes have the switch flipped and others don't? I think conditional has the brains to know when an intro eval has happened, so you could probably key off of that? If you want a separate line item for passing the requirements I'd say that's fine, but I do think you should also have SOME way to expose whether or not you can vote right now... This would account for things like coop, gatekeep, activeness, etc. |
Huge! Thank you for that catch because I never would have seen that. Thank you |
This has to happen, otherwise all votes would require gatekeep, even if a member wants to make a vote about what type of cheese is best for grilled cheese. That member might want all people to vote, not just voting active members. The toggle will default to on though, since most votes will require gatekeep
I'm looking at how conditional gives member the "voting" tag right now. It's literally a mess I will organize that code better (it's in dashboard.html). Basically, it says "if voting" which connects to the get_voting_members function (and returns that same voting list that the "voting members" shows) if a member is in that list, it gives them the voting tag, otherwise it gives them a "non-voting" tag. If they have questions about why they should look at the constitution |
shaeespring
force-pushed
the
feature/vote_role
branch
from
da0f397 to
7f22ae2
Compare
shaeespring
force-pushed
the
feature/vote_role
branch
from
7f22ae2 to
af307ee
Compare
|
That's outside the scope of this PR. Alumni members are not my concern. I'm adding implementation for specifically active members following ComputerScienceHouse/Constitution#260. |
|
|
||
| @app.route("/gatekeep/<username>") | ||
| def gatekeep_status(username): | ||
| token = request.headers.get("X-VOTE-TOKEN", "") |
There was a problem hiding this comment.
I think limiting access to this call is better done with a service account - we already have ones for services like drink and selfservice, and you could do a check on the username/email/whatever.
Personally I don't really understand why this call is being limited to vote - it would be pretty easy to pull the relevant information from LDAP + scrape /spring_evals to get the information anyway.
Regardless, I think giving vote a service account to give it authentication is a more robust solution for access control to API calls.
There was a problem hiding this comment.
It would be "pretty easy" to do that, but the number of people that will do that is very little (historically probably 0), considering we all rely on our Evals Director to run the queries year after year.
Having an accessible endpoint would make it significantly more convenient, and I would imagine people would actually start looking at it.
As far as the service account vs token is concerned, a token is fine... It's "more robust" but if we are hard-coding a username in as a check, that completely 180's the robustness of it. The way this works, the token could even be shared as one shared secret/configmap in OKD, and then we can mount the same secret across multiple Deployments, so it can be rotated once in all the places.
There was a problem hiding this comment.
Oh, I didn't consider that it could be shared as a secret/configmap in OKD. Good enough, I guess.
There was a problem hiding this comment.
In what application is the /gatekeep endpoint used? I feel like that could also dictate if an account or token makes more sense
There was a problem hiding this comment.
Token feels fine then tbh
|
Everything else looks good to me (in hindsight i should've just done a review lol mb) |
|
|
||
| @app.route("/gatekeep/<username>") | ||
| def gatekeep_status(username): | ||
| token = request.headers.get("X-VOTE-TOKEN", "") |
There was a problem hiding this comment.
Oh, I didn't consider that it could be shared as a secret/configmap in OKD. Good enough, I guess.
|
#410 has been merged, all set 👍 |
Issues attributed to commits in this pull requestThis pull request was merged and Sentry observed the following issues:
|
6 participants
Add gatekeep requirements to follow ComputerScienceHouse/Constitution#260