EPIC: Management of the initiatives by the promoters from the front-end

[carolromero]

ref: PP016

User story

Is your feature request related to a problem? Please describe.

As an administrator of Decidim, I'm worried that users who have to promote an Initiative can access the admin panel (although limited to only their initiatives). I'm worried about security and usability reasons:

• Security:
  • our backend forms are not that well sanitized as our frontend forms
  • if there's an issue with our Authorization strategy a user could potentially access to all the administrator
• Usability: as a user is weird to have access to the administrator panel

Describe the solution you'd like
To migrate these forms from the backend admin panel to the frontend.

The actions that need to be available on frontend are:

• View Initiatives
• Edit Initiative
• Accept promotor committee members
• Print form application
• Manage Attachments
• Send to Technical Validation

For contractual and time constraints we're not handling some actions, so it'd still be accessible the admin panel backend, but the logic will change, as the participant would access the backend once an admin has technically validated her initiative. The actions we will not support for the moment are:

• Manage Meetings
• Manage Pages

Describe alternatives you've considered
It's difficult especially for usability reasons, as this couldn't be solved in other ways.

The lists of the initiatives that I've created should be listed on the "My initiatives" filter on the Initiatives list.

If we didn't have the time constraints, it'd be awesome to have all the actions so no participant can access the admin panel.

Additional context

🎨 Frontend

Last step of Initiative creation wizard

This is the last step of the wizard to create an initiative. We have to modify the text that until now said that the author must access the administration panel to manage it. In this mockup there are the texts to be displayed from now on

Initiative edit form

If the author clicks on "Edit my initiative" the editing form of the initiative is displayed with all the actions integrated in it, except the button "Send to technical validation". You can see that we have included the management of the attachments, the promotion committee and the action of printing.

If the initiative doesn't require a promotion committee or does not require attachments, they will not be shown on the form (these options are configurable settings according to the type of initiative).

Initiative page created pending technical validation

This is the page with the actions to be taken when an initiative is not published.

Initiative page published

Once the initiative is published, there is no point in showing the action buttons because the author can no longer modify it. That's when the signature counter and comments are displayed.

Does this issue could impact on users private data?
No

Acceptance criteria

• As an admin I can manage from the admin panel any initiative as before
• As a promoter of an Initiative I see an updated explanation of the steps to follow in the last step of the initiative creation wizard
• As a promoter of an Initiative I can see all my Initiatives through the filter "My initiatives", regardless of the status they're in
• As a promoter of an Initiative I don't have access to admin panel
• As a promoter of an Initiative I can edit the Initiative on the frontend
• As a promoter of an Initiative I can manage (Create, Read, Update, Delete) attachments if applicable, through the edition form
• As a promoter of an Initiative I can manage members of the promotor committee if applicable, through the edition form
• As a promoter of an Initiative I can print the form application
• As a promoter of an Initiative I can send to technical validation
• As a promoter of an Initiative when I send to technical validation I see a modal confirmation of "Are you sure?"
• As a visitor I only see open and closed initiatives

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. @carolromero & @xabier feel free to chime in.

[mrcasals]

@decidim/product I have some doubts about this. Here's what I understand it should look like:

• The admin will have the initiative types section, only admins can handle this part
• Initiatives section will no longer be accessible in the admin section. But there are some sections and features than can only be performed on the admin side, what should we do with those?
  • Export initiatives
  • Answer a given initiative
  • Moderate content from meetings

We could leave access to the initiative list, so admins can answer an initiative, and export them, but the problem with moderations would still exist.

How should we proceed? This affects the effort of the task.

[carolromero]

@mrcasals about your questions:

The admin will have the initiative types section, only admins can handle this part

Correct!

Initiatives section will no longer be accessible in the admin section

Not really. The current flow to create an initiative is complex for its promoter (a participant), because there are some actions that she has to do in the frontend and in the backend.

The idea with this issue is that all the actions that a participant must do to create her initiative can be done from the frontend and she doesn't have to access the admin panel. But the admins still need access to all initiatives from the backend to manage them, not only export and reply, but also create the meetings if needed for a given initiative (this is done by the admins as well).

In case it's useful, here's a flowchart (it's a WIP) that we've made to better document all the flow.

In summary, the admins will continue to have access as before. What changes are the actions that a participant can perform, which until now were done in the backend.

[mrcasals]

We talked this offline and agreed to this:

• All features in the admin dashboard will be left untouched, none will be added or removed
• Initiative creators will not be able to access the admin dashboard
• These features need to be copied/ported to the public area, only accessible by initiative creators:
  • Edit my initiative
  • Print
  • Manage committee members
  • Manage attachments
  • Send initiative to Technical Validation

@carolromero can you confirm, please? 😄

[carolromero]

Perfectly summarized, thanks @mrcasals!

[htmlboy]

@carolromero hi, @eva-sl mentioned this issue required some design validation.

Since these call to action buttons are not designed to be grouped together, I'd suggest using a drop-down menu of actions instead. So something like "Actions" that displays a menu with all these options. It also allows longer copies and adding extra options afterwards. If there's any action that is core to this interaction (i.e. it won't be published) we could reinforce this core action alone, perhaps inside the call out/alert.

Thoughts?

[andreslucena]

Thoughts?

I think that'd be better than the current proposal of having group buttons, as:

• Group buttons don't scale
• AFAIK we don't use these kinds of buttons on other places of the app

The only issue that I see with the dropdowns buttons is that they're not defined on the frontend UI, or at least I don't remember any place where it's used on the frontend. Also, at the design app I can't find them.

[mrcasals]

Perhaps we could reuse the component dropdown?

Closed:

On hover:

[htmlboy]

@mrcasals yes, we might work with that :-)