The plaform will require users to log in to gain access. These users will mostly be created by a default admin. The default admin should be created automatically when the system is deployed. The password will also be changed if after signing in for the first time, it is still using the default password. The default login details should be admin / ChangeThisPassword!.
All users should login with their mobile numbers and a password. We believe this will be easier to remember than usernames.
The default admin will be responsible for adding other users to the plaform. Farmer onboarding is described in detail here. Below are the fields to collect when adding users. Required fields are in red.
| Field | Description |
|---|---|
| First name | The first name of the user. If they fail to enter a value for this show the message "Please enter a first name" |
| Last name | The last name of the user. If they fail to select a value for this show the message "Please enter a last name" |
| The user's email address. Ideally this should be the corporate address. If they fail to enter a value for this show the message "Please enter a valid email address". | |
| Mobile | The mobile number of the user. We need to indicate to the user this is what they will use to sign in. If they fail to enter a value for this, show the message "Please enter a mobile number" |
| Gender | The user's gender. Should be male, female, other. If they fail to select a value for this, show the message "Please select a gender" |
| Department | This will be a dropdown of all departments already created in the platform. If they fail to select a value, show the message "Please select a department" |
| Role | This will be a list of roles defined in the system for Maphlix. If they fail to select a value, show the message "Please select a role for this user" |
You will notice the admin does not enter the password of the user they just added. An email should be sent to users once the admin adds them to the system. The email should contain a link to activate their account. It is during the account activation process that they set a password. Users should automatically be signed in once they activate their accounts.
The sign in page should have a password reset link. Clicking on this should send the user an OTP via email and SMS. Entering the correct OTP should take the user to a page where they can enter their new password. The new password needs to be confirmed.
Roles will be defined by the developers of the Traceability platform but need to mimic roles of users expected to use the platform. We will need to be able to know how to validate the roles in code thus this cannot be defined at the discretion of Maphlix.
A role will only have a name. Example, admin, field officer. A role can then be assigned various persmissions.
Maphlix will have the following roles.
| Field | Description |
|---|---|
| Admin | Responsible for adding other users (except farmers) to the platform and making entries under setup. |
| Farmer | Owns fields and performs activities on those fields and initiates traceability. |
| Field Officer | Records and supervises field activities. |
| Export Manager | Responsible for oversseing entries after harvest. |
| Supervisor | Responsible for overseeing all user entries. |
Permissions are also defined by the developers of the system and used internally to enforce users can only acceess what their roles permit. The following fields are required to create permissions.
| Field | Description |
|---|---|
| Name | The user friendly name of the permission. Example: can create new users. If they fail to enter a value for this show the message "Please enter a permission name" |
| Slug | The immutable version of the permission name. This is what will actually be used in code to enforce the rules. This needs to be unique and must be generated by the system. The admin should not be able to enter this. Example: can-create-users. Once created, the slug can never be updated. |
Permissions need to be assigned to roles and roles assigned to users. The user then inherits all the permissions tied to their role.
In This Document
