fmtm icon indicating copy to clipboard operation
fmtm copied to clipboard
verified publisher icon hotosm

If org has no default ODK creds set, do not allow user to select this and explain why

Open DanielJDufour opened this issue 1 year ago • 10 comments

Is your feature request related to a problem? Please describe. When I want to create a new project and I click on the red next button on the first project details page, nothing happens. After adding some logging to ./src/frontend/src/components/createnewproject/validation/CreateProjectValidation.tsx , I see that my error is that I don't have an odk central connection set up. I didn't see this error, because I left the "Use default ODK credentials" checked.

Image

Describe the solution you'd like My best guess is that this is an issue with my .env file and I need to update it. However, I think if the user interface would make some more indication of where the error is, that would be nice. Maybe if there is no default ODK central connection available, then someone shouldn't be able to keep the "Use default ODK credentials checked"?

Describe alternatives you've considered One could add a console.error or console.warn statement to the code, so at least a developer would see the errors.

Additional context I recently pulled down the latest changes on development. I haven't updated my .env since then, so my hunch is that I need to update something and the issue is technically on my end. However, I think making the errors a little more discoverable, would be a nice thing :-)

DanielJDufour avatar Feb 01 '25 14:02 DanielJDufour

Dotenv Issues

You could be right its to do with the dotenv 👍

When FMTM first starts, the HOTOSM organisation is created. If no env vars for ODK credentials are set in the dotenv, then the org won't have any default ODK credentials.

(you can create a .env file from the .env.example using https://github.com/a8m/envsubst, as standard envsubst does not have support for default values configured there)

Project Creation (actionable)

On the frontend, you are right it would be great to have a warning to the user if the org has no default ODK creds set.

Expected behaviour:

  • For the selected org, if no default ODK creds are available, grey out the 'Use default org creds' checkbox and force the user to enter credentials manually.

  • If there are default creds available, allow the use to toggle with the checkbox as normal (use either default creds, or custom creds)

I edited this functionality slightly recently to fix another problem, so apologies if this behaviour was in place and I ended up breaking it somehow

spwoodcock avatar Feb 01 '25 16:02 spwoodcock

Expected behaviour:

  • For the selected org, if no default ODK creds are available, grey out the 'Use default org creds' checkbox and force the user to enter credentials manually.

I wouldn't agree with this functionality, We cannot force user to enter credentials manually if they don't have their own; not every organisation would have their own odk Central implemented. We could check env for default creds (but it is not of any problem since we would have env set up in the server anyway right?) and provide warning msg if necessary and only allow them to provide custom creds anyhow, which is n't great from users perspective.

Sujanadh avatar Feb 03 '25 07:02 Sujanadh

We have three scenarios for organisation creation:

  • Manager adds their own ODK Central instance creds as default.
  • Manager requests to use HOTOSM ODK Central instance creds as default.
  • Manager sets no default ODK Central instance.

Do you think there might be a scenario when we do not wish to fallback to the variables set in the dotenv?

  • Say a huge organisation is created in FMTM, with lots of their own resources.
  • They need to map many projects with many users and we can't support the load on our small HOTOSM Central instance.
  • We wouldn't want to give them free reign to use our server as they wish, but instead make an agreement for fair usage.
  • Usage of the globally configured Central instance should probably be discretionary.

So my suggestion is that during project creation, if there are no default organisation credentials set (because they have none, or have not asked permission to use the global instance), the user should have to provide their own. Do you think this makes sense?

spwoodcock avatar Feb 03 '25 13:02 spwoodcock

Current Behavior:

  1. Manager adds their own ODK Central instance creds during organisation creation and use default to create projects: The default credentials are automatically ticked but I can't go next. The odk fields are just hidden not filled (BUG)
  2. Manager requests to use HOTOSM ODK Central instance creds as default - Add button for requesting HOT's odk credentials during organisation creation. But what will happen to the organisation that already exists?? How can they request for HOT's credentials? (we may need organisation editing page for this) The super admin will review the request too during organisation request review and provide access. What happens after that? Will user be able to use it by ticking 'use default odk credentials' checkbox??
  3. Manager sets no default ODK Central instance and doesn't request for odk credentials of HOT. If so, I agree with Sam that the user should have to provide their own credentials during every project creation. But saying so, I can't imagine if they have to add it manually during every project creation then why won't they add it during organisation creation.

manjitapandey avatar Feb 04 '25 04:02 manjitapandey

My suggestion would be to allow users to use HOTOSM credentials for now. And we can implement the second steps when organisation editing page is ready. But not being able to go next for now has been blocker for me.

manjitapandey avatar Feb 04 '25 04:02 manjitapandey

Let's finalize this:

Manager requests to use HOTOSM ODK Central instance creds as default.

NSUWAL123 avatar Feb 05 '25 05:02 NSUWAL123

Do what you think is best guys 👍

spwoodcock avatar Feb 05 '25 08:02 spwoodcock

Revisiting this. What is being suggested essentially makes the custom ODK credentials part a bit unnecessary.

From my understanding, everyone is suggesting:

  • An organisation can have their own ODK credentials
  • If an org has no credentials set, we fallback to using HOTOSM credentials

So if we suggest an organisation should always have ODK creds set, then what is the point of the option to use custom ODK creds?

We can go one of two routes:

ODK Credentials Are Always Taken From Organisation (change)

  • This simplifies the project creation.
  • We essentially remove any reference to adding ODK credentials in the frontend.
  • Instead this is moved to organisation creation.
  • All projects in the org use the connected credentials.

This is actually quite a nice change from a user experience perspective, but reduces flexibility a bit.

Organisations Can Be Configured With No ODK Credentials (what we have now)

  • As in my comment above, we have three scenarios:
    • Org created with ODK credentials
    • Org created with HOTOSM ODK credentials (request to instance admin during creation, not automatic)
    • Org created with no credentials - all projects in this org must provide their own credentials

Let me know what you think is best @ramyaragupathy @manjitapandey & everyone involved 👍

spwoodcock avatar Mar 11 '25 08:03 spwoodcock

So if we suggest an organisation should always have ODK creds set, then what is the point of the option to use custom ODK creds?

I understand this is in cases where organisation have multiple odk credentials and they want to use different credential for that specific project. This may be rare condition but helps such organisation.

Org created with no credentials - all projects in this org must provide their own credentials

Ultimately, yes all orgs should have odk credentials but i think instead of forcing them during project creation. We should provide option to fill up during organisation editing (Ideally before any project is created). We restrict project creation until odk credentials is added but this buys them time to setup odk until the org is being approved.

manjitapandey avatar Mar 18 '25 05:03 manjitapandey

Image

manjitapandey avatar Apr 29 '25 07:04 manjitapandey

Created a separate issue https://github.com/hotosm/fmtm/issues/2563 to address the request to use HOT's ODK server 👍

I think this issue should solve one thing:

  • Prevent an error from occurring if the user selected 'Use Default ODK Credentials', but there are no default creds set.
  • The frontend can see if there are default credentials for the organisation I believe. So if odk_central_url: null, then simply disable the 'Use Default ODK Credentials' box.

spwoodcock avatar May 29 '25 11:05 spwoodcock

Created a separate issue #2563 to address the request to use HOT's ODK server 👍

I think this issue should solve one thing:

  • Prevent an error from occurring if the user selected 'Use Default ODK Credentials', but there are no default creds set.
  • The frontend can see if there are default credentials for the organisation I believe. So if odk_central_url: null, then simply disable the 'Use Default ODK Credentials' box.

When default creds are not set during org creation, the Use default ODK credentials checkbox has already been hidden. And yeah, we are checking it based on odk_central_url value. So the issue you are mentioning is already solved.

However, when creating an organization, when the Fill odk creds checkbox is checked and user doesn't enter odk creds and tries to submit the form, the form doesn't submit (which is intended) but doesn't show the error message on their corresponding fields. So, I'll address this issue here!

NSUWAL123 avatar May 30 '25 03:05 NSUWAL123