Allow WRC to make incident logs visible to staff only

[dunkOnIT]

Request email: "[WRC-WST] Incident Log Viewing Permissions"

This could be done via a visibility enum which would replace the resolved_at timestamp - enum could have the following properties:

• draft
• staff
• public

[MichaScant]

Hi, could I work on this issue please?

[dunkOnIT]

Certainly! Please let us know if you need any help/guidance

[MichaScant]

Hey, what do you mean by "Request email: "[WRC-WST] Incident Log Viewing Permissions""

Do you want me to add the option for them to send an email as well asking for permission?

Certainly! Please let us know if you need any help/guidance

[dunkOnIT]

That's the name of the internal email thread where the request came through - you can safely ignore it!

[MichaScant]

Thank you!

In addition, how would you suggest I detect if someone is a staff member, is there a table I can search through by ID to tell if they have the correct access? Also, the issue says "Allow WRC", in that case, how should the WRC make incident logs visible to only staff, should they be able to change it back and forth (request/toggle button) or allow for only specific incident logs to be visible by staff (can be set upon creating log)

That's the name of the internal email thread where the request came through - you can safely ignore it!

[dunkOnIT]

(It is worth mentioning this is a non-trivial Rails change - it's definitely doable, especially with some coaching from ChatGPT, but if this is your first time touching Rails you might want to pick up a "good first issue" PR tagged with tech: ruby first, to get generally acquainted with the concept of models, controllers and routing in Rails)

user.rb:464 defines a staff? method, which you can use to check if someone is staff - it would end up looking like if user.staff?

Within an incident log, we probably want a "Visibility" dropdown which allows selection between the following states: draft, staff, public. The values for that dropdown would be stored in an enum called visibility on the incident_log model.

Then, in controllers/incident_log#show, you'll probably want some code that looks something like:

# Note: This is completely pseudocode/has been written from memory - worth consulting the User model for the exact names of these methods, and ChatGPT for better ways of structuring this/how to check the value of an enum
redirect_to_root if visibility == 'draft' and !user.can_manage_incidents?
redirect_to_root if visibility == 'staff' and !user.staff?

In terms of restricting this permission to WRC, you don't need to worry about that in the scope of this PR - the only people able to view an unpublished incident log at present should be WRC and admins.

[MichaScant]

Ok, thank you! I believe I misunderstood the assignment originally and overcomplicated it by mistake. I apologise, the PR should be open right now. t you should be able to change each incident log by going through a drop-down menu inside them which only appears if you have permission to edit the incident logs.