As a TOG applicant uploading location map information I'd like to add an active hyperlink to a map site so that the admin reviewing my application review is efficient.
Opened this issue · 13 comments
Notes
TOG applicant provided feedback regarding map upload process to MBS admin:
"The format for uploading maps did not permit active links to USFS maps. I ended up making a pdf with the http addresses for the two maps, but they aren't "live", and would require you to copy and paste into the url bar of your browser to bring them up."
Many TOG applicants have websites with interactive map information vs. a .pdf or .docx. This is a useful and efficient way of sharing information.
The optional field for "Map of proposed activity" should also offer an opportunity for the applicant to upload a url address for the map feature, similar to what is already built into the Applicant Information section, website field.
Acceptance Criteria
- The applicant has an option of uploading a document, or adding a url location for map
- If the applicant provides a url location for map, that map link is available in the View Application Details page for both the administrator and the applicant.
Tasks
- Define acceptable types of hyperlinks (coordinate with security Jon/Shadat)
- Mock a design of the TOG application page that includes a url address box for map with hint text describing acceptable types of hyperlinks
- Mock a design of the View Application details page that includes the website address that was entered for the map
- Build in the url box to the TOG application page
- Build in a validation recognizing acceptable urls so that it meets security protocols
- Build in the connections so that if a url is entered, it is visible and actionable on the view application details pages for admin and applicant.
- Validation of acceptance criteria completed
- PO approved
Definition of Done
- Pull requests meet technical definition of done
- Compare finished design with mockup
- Reviewed by Jon Lerner
- Usability tested
From refinement, I updated this story to include the security review components, so that we know that Security needs to review it even if Jon is not assigned specifically for the development of the story.
Here are the mockups of the input fields for the map URL:
I have updated mockups above. There are some language changes for both 'Map URL' label and supporting text of the 'Map of proposed activity'.
This is ready for development.
We should use a reputation service to check if a site that is being provided by the user has been compromised, black-listed for spam or malware, spoofing. There a few free sites and there are some that you must pay for the most current and up-to-date info. Google host one, BrightCloud host some. However, any user within the FS/USDA boundary would be vetted by the Firewall. Adding our own capability may be overkill. Also, would be just issue an alert internally or would we inform the user who provided the link, that the site they have provided has been listed as compromised?
@JonathanLerner54 lets review this when you have a chance. Thanks!
@aQuib - (this is the same comments as 1213 but it applies here as well) Per the mockup here for 1214, I'm supposed to make the labels of this section bold. However, I do not see that format throughout the rest of the application. I'm including a screenshot below to show the contrast between the change I've made and the rest of the application's labels. Do we want these labels to be bold and if so I'm wondering if I need to make a new card to convert all labels to a bold font-weight.
@Dmac26 - Sorry for the slow response. Yes, please keep it consistent with the overall application (unbolded).
@mwreiss @JonathanLerner54 -- was there any review that still needed to occur on your folks end for this?
@mwreiss @JonathanLerner54 @briandavidson - If I remember correctly, I think it was agreed that https validation should be enough security given the other layers of security on the back-end. Is that correct @mwreiss?
@Dmac26 correct, we did a review on this and are good with the current validations in place. Thanks.
@mtlaney @briandavidson - On this one I've gotten as far as creating a migration file that does instantiate a new column in the db. But, whenever I try to user-test things locally, the new field only ever gets populated with a null value.
@mtlaney @briandavidson - On this one I've gotten as far as creating a migration file that does instantiate a new column in the db. But, whenever I try to user-test things locally, the new field only ever gets populated with a null value.
@Dmac26 is there a problem with it being populated with null here? Perhaps it makes sense that it's null if it's something we expect the user to provide.