Many departments are reporting being logged out during usage of the app
This may be because they present differing IP addresses to Notify on different requests due to outbound proxies and so on
Swicthing session protection to None means and IP change won't log a user out.
in the NotifyAdminAPIClient, which all api traffic goes through, return
403 for any stateful requests (post, put and delete), if the following
criteria have been met:
* a current_service is set
(this prevents checks being carried out on non-service related
updates, eg editing user details)
* the service is not active
* the current user is not a platform admin
so platform admins can still update anything.
Note: Without any specific error handling, the user will see a generic
403 page. This is fine, probably - it's a relatively niche case that
you'll be editing a service you can't get to anyway
in the NotifyAdminAPIClient, which all api traffic goes through, return
403 for any stateful requests (post, put and delete), if the following
criteria have been met:
* a current_service is set
(this prevents checks being carried out on non-service related
updates, eg editing user details)
* the service is not active
* the current user is not a platform admin
so platform admins can still update anything.
Note: Without any specific error handling, the user will see a generic
403 page. This is fine, probably - it's a relatively niche case that
you'll be editing a service you can't get to anyway
This addresses part of the ‘is Notify dependable’ group of needs.
The ones it specifically and partially addresses are:
- is it reliable
- how is it supported
There’s more to come in this section, we’re doing this bit now because
it’s a nice conclusion to the page.
Also reword some of the `<p>`s so that they flow better from the
headings.
This was a bit me, and a bit sitting down and hammering this stuff out
with Stephen and Sheryll.
This is the first step towards a fully-fledged ‘product’ page.
The needs for the top, blue section of the page are:
- what is Notify?
- can I use it?
- can I test it out?
- how do I create a log in
The needs for the next section of this page (which is the only one added
by this commit) are:
- how will Notify help me work?
- will it work with my service?
This commit shows 4 features of Notify on the home page which address
those needs. They are illustrated because:
1. We want to catch people’s attention – users are reluctant to scroll
on this page because they just want to click the ‘create account
button’. But we hypothesize that they will get on better
with Notify if they look at some of this stuff first.
2. The concepts that they’re talking about are hard to explain with just
words because they’re quite abstract. The illustrations help us be
more specific.
3. Feedback we got from user research was that the product page didn’t
give users any sense of what it was like to actually use Notify.
This copies the style that Tim and Stephen have been developing for all
product pages.
It also pulls out the CSS for this into its own file, so that it could
potentially be reused.
This is part of the new header style that Tim, Stephen et al have been
working on.
This means that we lose the feedback link, so I’m trying out having it
in the top right.
Suppliers need to be invited by people who work for the government.
People who work for the government can invite anyone to join their team,
no matter what their email address is.
So there’s no need for these domains to be in the list now.
> I cannot register as the Email address field will not accept my email
> address format (.org.uk). Natural England is a non-departmental
> government body sponsored by Defra (Department for Environment, Food
> and Rural Affairs). Can you register me on the system or change the
> system so it will accept my email address?
– Deskpro ticket
> Natural England is an executive non-departmental public body,
> sponsored by the Department for Environment, Food & Rural Affairs.
– https://www.gov.uk/government/organisations/natural-england
***
Checks out…
We don't want large numbers in Production to start overlapping other columns
in the tables when they have less space available, and putting these messages
at the top of the page under the h1 means that we don't need an extra column
on the page yet.
This link looked odd floating above the left column, and although we may want
to have admin navigation on the left we aren't sure what that would include
yet, so move this link to the header alongside the Platform admin link.
When we make the numbers on this page more filterable the date range will be
one of the options to change, so it makes sense to move it to the side now
instead of leaving it above the big numbers.
This page currently includes all notifications for all services, including
those sent using a test key. Stats on all other pages exclude test key usage,
though, which can lead to confusion for admins comparing numbers between
pages. Adding the option to toggle between including and excluding test key
usage on the platform admin page gives context for this difference, and allows
admins to see live usage of the platform as well as load associated with test
key usage.
