P20-57: Add pre-lockdown parent permission modal

[artem-vavilov]

Summary

The modal will appear daily for students who are not compliant with the Child Account Policy until parental permission is requested at least once, and while the CPA experience is cpa_all_user_lockout_warning.

Note: Use the parameter ?show_parental_permission_modal to force the display of the modal.

Screenshots

New parent permission request

Resend parent permission request

Update parent permission request

Links

• JIRA ticket: P20-57
• Feature flag task: P20-880
• Related PR: Allows parent permission request from account email if parent created account #54038

[mgc1194]

I liked placing the new components under a new directory.
I am also working on some components, however, I placed them under apps/src/templates/ChildAccountPolicy.
I'd like to hear Dayne's opinion on what directory name we should use, and stay consistent.
I don't mind changing my PR and I'd love to hear more about the pattern used here, with index.tsx and _modal.js

[wilkie]

It seems pretty reasonable to place CPA components within that existing namespace. The policy_compliance would be named after the controller that supports it. Much like how there is a sessions path and a rubrics path that similarly group components that are backed by those controllers. Hmm... I think all three of these directories are entirely my fault... I just like congruence between controller namespaces and view/component namespaces when possible.

I applied my own opinion there because ultimately we have no actual convention. (nor is there a perfect answer anyway) Seems like another strategy that teacher tools is employing is to namespace them by project feature. (sectionProgressV2) That also makes sense as a logical way to handle the cognitive load of understanding the interactions between different modules and components... especially in cases that might require a coördinated effort across different systems.

And then there are just honestly way too many that just exist in the templates root. Then again, I'm guilty of putting something in the src root rather recently. heh.

[mgc1194]

I will be taking these considerations in my PRs :) Thank you Willkie for al the context.

[mgc1194]

I've already created some strings under the namespace childAccountPolicy_.
Would it be reasonable to stick to that namespace? If you feel strongly about using policyCompliance_ I'm okey switching the strings I've added, but eitherway we should stay consistent.

code-dot-org/apps/i18n/common/en_us.json

Lines 412 to 413 in 9cb8ea1

	"childAccountPolicy_CreateSectionsWarning": "If you have students under 13, they may require parental consent to use a personal login. Please go back and use picture password, secret word, or school-managed sections to avoid any interruptions for students under 13.",
	"childAccountPolicy_LearnMore": "Learn more about parental consent",

[wilkie]

I think if your ChildAccountPolicy component were in the policy_compliance path, a good name for the string key would then be policyCompliance_childAccountPolicy_learnMore, etc. I generally didn't use an _ when I would do this... that seems nicer though.

That said, I don't think I care too much that the actual name of the component is there... just the major grouping. These strings end up moving around as things are updated (or reused elsewhere) that they shouldn't be too tied to the component name, in my opinion, and be more focused on their relationship to their function. So, for the LockoutPanel, which I put within the sessions grouping because at the time it was supported by the sessions controller, I think I made strings like sessionLockoutNewAccountHeader, etc. So, I expect this to be used by stuff within the sessions path, so session... they have to do with the "Lockout" function... and then the general key.

If I was redesigning everything from scratch, I'd probably want to define the strings in the components themselves and then pull them out instead of trying to define every string in one file. Haha what can you do though.

[mgc1194]

I'm very pro this change.

[wilkie]

It makes sense to have the images be near the components that they are used uniquely within and then update them when the images are used in a second container by moving them to the common path.

I am considering namespacing this path so is at least slightly clearer what the context of these images are, but maybe that's not too necessary. A common path just becomes a swamp of random images... which might be nice to avoid. Not a very important problem, though.

[mgc1194]

Does this mean we are not surfacing the locale anywhere else in the front end?
This will also allow tacking client-side events with language data.

[wilkie]

We do in the homepage/script data and appOptions.localeCode often via the localesRedux which this kind of replaces by looking at the language_ cookie instead of the locale set within the rendered page. It might be nice to update the redux instead to use the default locale on its initial state (I think it is hard-coded there) and then update the redux to setLocaleCode to the cookie value.

The one complication that I'm not fully thinking through is that the locale on the ruby side is in the form en-US and on the JS side it is en_us. Not sure how much that matters in different situations.

[artem-vavilov]

window.appOptions are set only on lab pages:

[mgc1194]

I see why you have been using the policy_compliance namespace. I think the Child Account Policy is definitely a type of policy compliance, so it is FERPA or GDPR.
I'm not sure what would be the best term to use across all components @daynew.

[carl-codeorg]

One option could be doing a sub-namespace like:

namespace :policy_compliance do
  namespace :child_accounts
    get :pending_permission_request
    get :consent
    post :consent, action: :consent_request
  end
  namespace :gdpr
    get :information_request
    post :deletion_request
  end
end

But since we don't actually seem to have any GDPR or other complaince-related routes, it might be YAGNI.

[mgc1194]

Just a note for all reviewers, I'm not sure what the scheduled dates are, but we all need to make sure the dates are accurate. I'm seeing 2023 and I want to make sure it is not supposed to date in 2024.

[wilkie]

These are in the tests and they just need to be more or less in an order. This is the proper order. Seems good to have them be a set of dates that is easy to think about and understand quickly.

[mgc1194]

Cool! I was wondering if there was something preventing students from spamming with permission requests.

[mgc1194]

I left a few comments I'd like to address before giving approval.
I addressed everything I'm familiar with but this is a big PR with a lot of important changes and optimizations, so I would still want some more senior engineer to review the changes.

[wilkie]

Took me a good while to review as it is touching a lot of different things, so apologies.

Looks really really good. I like the adoption of the Forms namespace and I like the cleanup around the code that is dealing with those STATE_POLICY constants.

The modal itself looks very well-engineered. Good work!

[carl-codeorg]

[daynew]

This was a lot of work, thank you! Having all the tests written really helped me be confident it works.

[daynew]

Did @alivira request we send these events to Statsig?

[artem-vavilov]

You are right, it should be Amplitude only

[artem-vavilov]

code-dot-org/apps/src/templates/policy_compliance/ParentalPermissionModal/index.tsx

Lines 58 to 60 in 6b83cf1

	const reportEvent = (eventName: string, payload: object = {}) => {
	analyticsReporter.sendEvent(eventName, payload, PLATFORMS.AMPLITUDE);
	};

[daynew]

Could you also update CPA README with any query string params and DCDO configs you added?