Create a Recipe for securing storing student profile information
| Project: | Google Highly Open Participation Contest (GHOP) |
| Component: | Task idea |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
Jump to:
As a member of the DrupalEd group, one of the features I'd like to see is students and parents as users of a Drupal site, with their own profiles (Node Profiles?). One problem is that one wants to be able to show the parent when they log in, some blocks associated with their child (grades, recent blog entries, whatever) which requires a node reference.
Of course any student information posted online has to be secure, it can't be visible to the whole world. So I propose the following task:
Create a recipe for:
1. Creating parent and student profiles with fields appropriate for the parents, and fields appropriate for the students.
2. Add node or user references to these profiles so that students are linked to their parents and parents are linked to their students. Note that one parent may have several children in a school, and one student is likely to have 2 parents.
3. Explain in detail how to make this information secure from prying eyes.
#1
This is a really neat idea. I'm in favor of making this into a task, but I think you need to provide some additional information as to what exactly the recipe should include and what it needs to be able to do.
Specifically:
1. Give some examples of what profile fields are appropriate for students and parents.
2. What kind of information should the recipe create that is associated with students that the parents might see? You mentioned grades and blog posts. Should the recipe include steps for how to set up the relevant modules to provide these? Did you have a certain module in mind to keep grade information, for example?
3. For this to be useful, there would also need to be some role for teachers, at least for entering grades. Should that also be part of the recipe?
4. Should parents and/or students be able to change any of their profile information themselves? In the real world this information might come from some external database or perhaps a LDAP server, so it might not be desirable to allow them to change this information. Should that be included in the recipe?
This could get pretty complicated, so I want to make sure we're appropriately limiting the scope so that this is something that can be done within a week.
I'd say work on making this a formal task here, and then we can review it a little better before officially adding it.
Again, nice idea!