Moving our procurement process into phabricator requires a few things. This task will outline the proposed workflow for a procurement task, and the relevant security settings.
Workflow:
- User creates a hardware-requests task for the hardware.
- If hardware needs to be ordered, Rob creates a procurement task in the S4 Vendor Quote space for each quote/vendor combination.
- Example: We need a new database system on task A (hardware-request). Then we create Task B in the S4 procurement for Dell quote, and Task C in the S4 procurement for HP quote.
- Rob deals with Dell on Task B, they email back with quotes and options.
- Rob deals with HP on Task C, they email back with quotes and options.
- Ops determines which specification/quote to go with, and escalation of the task begins for approvals.
- Task for approval has to be viewed by Mark, and upper management for approval. Mark tends to comment on task, where upper management will likely email their approval back into task or to Mark (who then forwards it into the task.)
- Once order is placed, the S4 procurement task is assigned to the on-site tech to scan the packing slip.
- On-site receives in order, and resolves the task with relevant details and resolves. If there are issues, onsite notes issues and assigns back to Rob.
- S4 procurement task has to be able to directly email to task T###@phabricator.wikimedia.org
- S4 procurement has to be locked down by view/read/edit/everything to ONLY WMF staff
- We don't want to maintain a full staff list, so we'll include the ops team by default and then add others on a case by case basis.
- Any email attachments into task should automatically have security settings applied to ONLY be viewable to those who can view the task.
- This is confirmed now working, as @chasemp updated our emailbot importing to have attachments owned by emailbot, and only viewable via the task they were imported from.
- ALL procurement tasks should be placed into the S4 space, as they may include confidential pricing.
Task creation steps & tests :
- - generate a new S4 procurement task & ensure its creation doesn't leak private info.
- T110566 was created in the S4 space without issue.
- - email an attachment into the task & ensure its attachment isn't viewable to anyone not in the NDA group.
- After @chasemp's work on emailbot, T110566 now has emailbot imported files that are confirmed only visible via the task linking. (Direct linking fails.)
- - test if someone not a memer of the acl*procurement group can be assigned to S4 procurement tasks.
- Cannot test until after we create the acl*operationsteam and acl*procurement groups.