Backend for MASKES using Django and RestFramework. Mutual Aid South King County and East Side formed at the beginning of the COVID-19 pandemic to provide support to those impacted by the pandemic.
Security is not my forté, but: on all user fields, we should make sure that SQL and XSS injections are not possible by validating or sanitizing the input.
This might already be the case, but we should make sure to set a max upload size on receipts to make sure they don't end up eating too much disk space. Likewise with profile pics and other things that get uploaded.
It seems like the requests are displayed in no particular order for now. Ideally we should sort them by urgency and submitted date, so that older urgent requests are shown first.
It's a minor issue, but some cultures don't have two names, others have "mandatory" middle names, etc. Unless there's a specific reason we want to separate first and last name (like emailing with only the first name?), it might be best to have a single "Full name" field.
Very minor, but this:
Seems to imply that there are only 3 pages. In reality there are 12. Usually this is shown by having something like:
[1][2]...[12]
Instead of having the user look through a long list of locations, maybe we could use the City field in the address below?
If the location are more like "service areas", an ambitious solution would be to calculate the correct area from the zip code. This could also let us automatically forward out-of-area requests to the correct Mutual Aid groups.
Right now the family size selector only lets you select a minimum family size:
Some volunteers might only have limited cargo size/time to shop/amount they want to donate, and would prefer to deliver to smaller families. We should let people set both a minimum and a maximum family size.
For example here:
If I click on the "Phone number - text" string, it will enable the radio button of the "call" option. In general it seems to always enable the first option only.
Fields that have a defined format (like phone numbers and zip) could benefit from being validated to ensure that they're correct. For phone number, we should make sure we allow country code for people with foreign numbers.
Stretch goal: look into these address-validation libraries that some online stores use to make sure the address is correct as well :)
This is a lot to read and looks somewhat worrying:
Maybe we could skip this step, and instead contact out-of-area people to get their consent afterwards? That way only the people who need to agree to this will have to take that step.
It's maybe just me, but when I see a grayed out option like here:
My first thought is that the toggle is disabled (as in, it can't be changed). Also I'm not sure if it makes sense that the colored, "on"-looking design is private, and the grey out is public?
Some info (like phone number) is useful for both volunteers and requesters. And some info (like address, allergies, etc.) will most likely not change between requests. Consider having these in the profile to speed up request entry.