Comments (4)
my first impression is that while the data of the attachment_url itself isn't an issue, the linked object itself could serve to re-identify a record as belonging to a particular person, right? i.e. the receipt for a plane ticket has the passenger name. It's not as dangerous as PII on the object itself, but I'm still wary of exporting it. I would lean towards either not exportable, or exportable as 'has attachment/does not have attachment' boolean.
I agree with your exportable calls on the other objects.
from dcaf_case_management.
yeah that's definitely true. I'll check with the fund and see what they think on this and make sure it doesn't cut too much value. My instinct is probably not, as hopefully by this time it's in quickbooks and not needed anymore.
from dcaf_case_management.
Here's the response from client:
for it to be usable on my end I would want to be able to download the receipt itself. We're required by the state to do an audit of our finances each year and one of the things that the auditor does is randomly select expenses from the year for me to back up. I need to be able to link each expense that he pulls to a work purpose (i.e. this McDonalds meal was for a client on March 5th, 2023 after their appointment) and provide him with a receipt. If I can't download the receipt from DARIA to provide to the auditor we would need to save it in two places, at which point being able to save it in DARIA sort of becomes moot.
So I think that is an argument for linking straight up and accepting the risk.
Maybe what I would suggest is:
- Including the URL in export
- Making it extremely clear somehow (config?) that there's an added risk for this, and that clientele should make sure to permission their shit defensively (e.g. in a google drive that only a few people have access to)
@lomky do you think that's a good medium here?
from dcaf_case_management.
Okay, my plan of attack:
- Add a config for 'turn on including attachment URL'
- add attachment_url as an encrypted field, and fulfilled as a boolean field on practical supports table
- add those both to the practical supports views
notes has also been requested, but I think that might be a larger UI change, so I'm gonna keep my powder dry on that for right now
from dcaf_case_management.
Related Issues (20)
- Practical support: Practical support notes?
- "Can't verify CSRF token authenticity" HOT 2
- Practical support: When mode on, don't display budget bar or fulfillment page
- batched dependency updates
- flaky tests HOT 2
- upgrade `acts_as_tenant`
- ActiveRecord::RecordInvalid: Validation failed: Amount must be greater than or equal to 0 (ActiveRecord::RecordInvalid) HOT 1
- Recent production issue -- investigation required HOT 1
- Deprecation Warning: `Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` HOT 1
- Change node installation for local dev setup HOT 2
- Upgrade node 18 -> 20
- Rails deprecation warnings
- translation missing: en.activerecord.attributes.patient.support_date HOT 1
- Allow initial call date to be after the appointment date HOT 1
- Add Ultrasound Cost field to Abortion Information
- How to track practical support money?
- Add "Procedure Type" to Patient HOT 3
- Add config option to show a patient's daria identifier
- Code for DC => Civic Tech DC
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dcaf_case_management.