Why did I make the approvals system so complicated?!
Posted by Thomas Young in category

at 18:56 on 15/02/2023

---

I am currently working on a whole range of functionality improvements for this website, to address issues that have arisen during its 2 years of use. One of the things on my list is to make the editing of notes easier. At present, users can edit a note they have posted but can only do so within a one hour period from the time of posting. This now seems unnecessarily restrictive and I am making it simpler. But this means getting my head into the rather complex approvals model that I have used.

When I created this website I knew that I wanted it to be collaborative, whereby users could post their own sightings, information or comments. But I knew that this would have to be controlled in some way, to prevent posts that were inappropriate, incorrect or just rubbish. The safest way would have been to require somebody (me!) to check every post before it becomes visible to other users. However, I had no idea how much use the site would get in this respect and I thought this could become rather onerous. So I came up with a scheme whereby users could register for an account and then effectively 'earn' trust by having their posts approved by others.

For this to work I needed two things. A set of permission levels for members, and a set of approval levels for postings. The permission levels are quite straightforward. When you register for an account, you have no permissions until you activate your account by entering a code that is automatically e-mailed to you. This serves to verify that the e-mail address supplied is genuine. The user then becomes a 'Trainee', and can post things in various areas (such as sightings, notes etc), though these will not be instantly visible. Instead, they must first be reviewed by another member (who is not themselves a Trainee). After a user has had a number of items (I think it is 25) approved, their permission level is automatically increased to 'Contributor'. Anything they post subsequently will be visible to all users straight away. There are two further permission levels. Selected users may be chosen to be made into an 'Editor', with additional rights to change some of the key data tables. Finally there is 'Admin', who can do anything, included launching the missiles!

The approval levels are slightly less obvious. An item that is posted by a Trainee will have a level of 'Pending Approval'. These will not be visible to all users, though they will be visible to the poster (so they can see - and if needed, change - their contribution) and to anyone with a permission level of 'Contributor' or higher (so that they can approve it if appropriate). Once a user becomes a 'Contributor', anything they post will have an approval level of 'Semi-Approved' (also known as 'Self-Approved'). This means it will be visible to all users (and to people who are not logged in). Items at either of these two levels can be approved by another member, at which point they become 'Manually Approved'. Approving a 'Semi-Approved' item has no real affect, other than increasing the poster's approval count, while approving a 'Pending Approval' item will make it visible. A post can also be 'Rejected', which is analogous to deleted but with the benefit that it does not just disappear. The person rejecting the post can say why, which the poster can then see. Anything posted that is inappropriate or incorrect can be rejected, but it can also be used for stuff that is no longer relevant. For example, user A might post a sighting. User B might notice an error and post a note with details. If user A then corrects the sighting, the note is no longer required. Finally, there is an approval level of 'Admin Approved', which means that stuff I post does not need to be approved by anyone!

Given the relatively low number of active members, this approvals model is perhaps more complex than strictly necessary, but it generally works and I would prefer to stick with it than to have to re-write the code on a lot of pages.

Back to the current job, and I was considering who should have the right to edit, approve or reject a note. Obviously, the person who posted the note should be able to edit it, or reject it (if they have changed their mind or made a mistake), but they should not be able to approve it. If you could approve your own stuff, the trust model falls apart. However, if they edit a note that has already been manually approved by another member, what then? If user A posts that '47522 was apple green', then user B approves it but then user A edits the note to say that '47522 was banana yellow', the approval will have to change. If not, it would give the impression that user B endorses the revised note. So, if the contents are changed, the approval will revert to the appropriate lower level (either 'Pending Approval' or 'Semi-Approved').

How about a note that is rejected? This should only be visible to the original poster, the person who rejected it, and to Editors and Admin (ie not visible to other Contributors and users who are not logged-in). And what if that note is then edited by the original poster? Should this 'un-do' the rejection and revert the approval to what it would have been before? If so, does the fact that the post had previously been rejected need to be apparent? And should one Contributor be able to over-ride another by (for example), rejecting something that had already been approved or vice versa? A further complication is that all edits on LTSV-RD can be marked as either public or private. There were various reasons for this but the main one was that, if a user was simply correcting a spelling error, there seemed little point in announcing this fact to everyone else, whereas if the user had added some new information, that might be more of interest.

I am perhaps over-thinking this, though I have learned that (when designing interactive web pages) you need to consider every combination of actions that a user might take, however unlikely. Also, when creating pages such as the ones to view notes, you need to be careful that postings - and controls to do things like edit or approve - are only visible to the appropriate people.

I do have an alternative model for ensuring inappropriate content is not displayed, and I used it on the new version of my original LTSV website (which was built after LTSV-RD launched in 2021). In this model, all contributions by users are fully visible by default, though Editors and Admin have the right to hide individual items if required. I did actually use this model on the forum added to LTSV-RD, which was perhaps not very sensible as I now have one website with two different security models!

Anyway, I have now made the changes that (among other things) allow notes to be edited at any time, albeit only on the offline copy at present. I have done some testing, but it will be interesting to see if it all works when I upload the changes in a couple of days time...