Here are my requirements for Sprint 3. Following the completion of this Sprint, I should be fairly close to having the data needed for the rules engine. From there, it is a matter of interpreting the event I am already receiving, figuring out who should receive a message, and then integrating with Twilio. After that, some refactoring, a deployment guide, and some automated testing will finish off the project...
Sprint-3-01 - Connect to a Mongo Database
As a… developer,
I want to… connect to a database,
So that… I can permanently store data that will be used by my application.
Sprint-3-02 - Establish login sessions
As a… security minded person,
I want to… have the ability to login,
So that… some data is not readily available to non-authenticated users.
Some API endpoints will not require authentication, others will. To gain access to secure endpoints, a user will click on a login button and be brought to the login screen. Once they enter the Dexcom password, a token will be issued and kept in the sessions collection in the database. If a call is made to a secure API, the request header must have an “Authorization” and the session token provided by the login. If the system cannot find a session or the session is not present in the header, or the session has expired;, the system will return a 403 error. By default, the session will be valid for 24 hours since the last interaction with the system. Every time a secure endpoint is accessed, the last used value of the session will reflect the current time. The last used value is to be used for timeout calculations.
Sprint-3-03 - Secure Updates
As a… security minded person,
I want to… modify the existing update mechanism,
So that… I can continue to use push events, but differentiate to events that are public versus updates that are intended for admin users only.
If the client does not provide an authorization header when connecting an EventSource to the /api/update endpoint, the response will be cached on the server as it was. For push events that are considered public, all cached responses will be sent the event. However, if the EventSource has an “Authorization” in the header, the token will be compared to the sessions collection to ensure its validity. If it is not valid, a 403 should be sent. If it is valid, the response will be considered a secure event stream. When the update method is call and the adminOnly flag is set to true, only the responses cached that are considered secure will receive these updates.
Sprint-3-04 - Add/Update/Delete Message Recipients
As an… administrator to the service,
I want to… add, update, or delete someone who will receive alerts,
So that… I can maintain who is receiving alerts.
Once logged in, the UI should have a dedicated page to add, update, or delete intended recipients. This page should not be available if the user has not authenticated themselves. Basic information that should be viewable/editable includes:
- Name (minimum 2 characters)
- Phone number (must be exactly ten digits - numbers only)
- Expiration Date, checkbox for never expire - if unchecked - display a calendar to pick a date
- Include weekends and holidays
- Button to view/update current rules
Sprint-3-05 - View/Edit/Update Alerts
As an… administrator,
I want to… view, edit, update alerts for users,
So that… I can configure rules based messages.
From the user screen, I want to be able to click a button and add, delete, and/or modify existing rules. Rules should be comprised of:
- Start Hour
- Start Minute
- AM/PM indicator
- End Hour
- End Minute
- AM/PM indicator
- Message type: text, call, or both
- Checkboxes for event types:
- High and box for high value (verify only number > 150), box for repeat every x minutes (must be greater than 5)
- Low and box for low value (verify only number and > 40 and < 100), box for repeat every x minutes (must be greater than 5)
- Double Up, box for repeat every x minutes (must be greater than 5)
- Double Down, box for repeat every x minutes (must be greater than 5)
- No Data and box for minutes without data, box for repeat every x minutes (must be greater than 60)
Sprint-3-06 All edits must be “live”
As an… administrator,
I want to… see any updates made by another administrator,
So that… I am always looking at the most current data.
If I am logged in and looking at the users screen and another administrator edits or deletes data, the change should be reflected in my current view without me refreshing the browser.
No comments:
Post a Comment