Manage Access Control

Answers recorded by an account might be used in anonymized aggregated reports for other accounts, but are only individually nominatively accessible by the recording account. That is until these answers are explicitely shared with another account (grantee).

While Portfolio instances record answers that have been explicitely shared, PortfolioDoubleOptIn manages the double opt-in process by which an account grants access to their answers to a grantee account.

class survey.models.Portfolio(*args, **kwargs)

Share an account’s answers with a grantee up to a specific date.

class survey.models.PortfolioDoubleOptIn(*args, **kwargs)

Intermidiary object to implement double opt-in through requests and grants.

A double opt-in can be initiated by an account to share their answers with a grantee (grant), or by a account to request answers from another account.

The non-initiating account for the double opt-in will have to accept the request/grant before the workflow is completed, a Portfolio is created and answers are shared. The non-initiating account can also deny the request/grant. In which case no data is shared and the double opt-in workflow is also considered complete.

In case the non-initiating account does not accept or deny the request/grant within a specific time period (i.e. before ends_at), the double opt-in workflow is marked expired and also considered complete.

invoice_key is used as a identity token that will be passed back by the payment processor when a charge was successfully created. When we see invoice_key back, we create the Portfolio records.

State definition (bits)

request/grant

expired

accept/denied

completed

grant initiated

1

0

0

0

grant accepted

1

0

1

1

grant denied

1

0

0

1

grant expired

1

1

0

1

request initiated

0

0

0

0

request accepted

0

0

1

1

request denied

0

0

0

1

request expired

0

1

0

1
survey.settings.BYPASS_SAMPLE_AVAILABLE = False

When set to True the application will bypass access control and an http request user will have access to all samples. Outside very simple projects, this flag will most likely be used only for debugging purposes.

Request to update or share a survey response

When an account received a request to share answers to a survey, it will first have to determine if sharing the previous answers is acceptable or if the account should update its answers before sharing them.

To create, update or share a response is based on the dates of last frozen sample, the latest accessible sample by the requestor and the date the request was created.

By definition the latest accessible sample date is always older than the latest initiated request, so it means we have 5 cases:

Condition

Expected response

last_frozen_sample is None

Create

last_frozen_sample is not None and portfolio.ends_at is None

Share

last_frozen_sample is not None and portfolio.ends_at is not None and last_frozen_sample.created_at

< portfolio.ends_at < doubleoptin.created_at

Update

last_frozen_sample is not None and portfolio.ends_at is not None and portfolio.ends_at

< last_frozen_sample.created_at < doubleoptin.created_at

Share

last_frozen_sample is not None and portfolio.ends_at is not None and portfolio.ends_at

< doubleoptin.created_at < last_frozen_sample.created_at

Share