Skip to end of banner
Go to start of banner

UXPROD-36 Profile pictures

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Submitted

 

Approved
Status

DRAFT

Impact

LOW

Arch Ticket

ARCH-164 - Getting issue details... STATUS

Prod ticket

UXPROD-36 - Getting issue details... STATUS

Glossary


Executive Summary

The purpose of the Patron Profile pictures feature in the Users App is to enable the secure storage, display, and management of profile photos for individual patrons within the FOLIO platform.

Requirements

Functional Requirements

Functional requirements are described in the UXPROD ticket

Non-Functional Requirements

Configurability:

  • Storage type for pictures should be configurable (e.g. database, S3-like storage)

Security: 

  1. Patron Profile Photos should be accessed by permissioned staff via the Users App.
  2. Authorized library staff can view and manage (upload, view, update, delete) photos for patron accounts.

Encryption:

  • Patron photos should be securely stored with proper encryption and access controls to protect sensitive information.

Assumptions

  1. External sources for profile pictures should have public access. No support for authentication/authorization mechanism is planned for such picture sources.
  2. No migration is required from previous sources of profile pictures

Target Architecture

The target solution implementation consists of the following:

  • Storage abstraction layer to allow configurability through environment variables. Storage interface must be implemented with read and write methods. Implementations in spring should be configured through @ConditionalOnProperty 
  • Following Object storage should be supported:
    • AWS S3 (for cloud installations)
    • Minio (for on-premise environments)
  • For database storage files should be encrypted with AES-256 algorithm, and object storage should support native encryption (minio, s3)
  • Thumbnails generation must be done during the upload process and persisted in the same storage as the pictures themselves
  • If the profile picture is provided as an external link, then the file should be uploaded and treated the same way as a regular file upload

Sequence diagram of profile picture upload:

Sequence diagram for fetching profile picture:

Open Questions

#QuestionAnsweredAnswer
1Do we need to store the original image?Yes
Amelia Sutton : no need to store the original image, only store the scaled image.
2What scaled resolutions do we need to store?
3Does anyone use FOLIO from mobile browsers?

4Do we maintain the picture after a user has expired? Yes
5Do we support profile picture detention?Yes
6How thumbnails should be generated? Cropping or Resizing?

Steve Ellis : Better to have a cropping mechanism on UI.

Amelia Sutton : Resizing on the longer side with whitespace on the sides. Cropping might be a future feature

Priyanka Terala : Cropping might require communication with Stripes core team. 

Kalibek Turgumbayev : Let's estimate the cropping approach.

Amelia Sutton : The SIG requests that images be scaled (without distortion) to fit within the space allotted in the relevant area of the UI. This would mean that there might be whitespace surrounding images that have a significant difference between their height and width, but will allow institutions to upload the images that they use in other systems without concern for adjusting for size. In the documentation for the profile pictures feature we will include recommended limits to aspect ratio that would not be enforced by the system. Even with this scaling it would be useful to allow images to be cropped using a cropping modal. So if you are able to find a React library that would allow for that to be implemented easily, it should be included in this initial feature.

7File size limitations?Yes

Kalibek Turgumbayev : The recommended limitation is 10MB

8Can external links should be stored in FOLIO?

Amelia Sutton : No. One of the institutions has a requirement not to store pictures on FOLIO side. Detailed requirements should be investigated

Steve Ellis : Cropping will not be possible.

Amelia Sutton: As per Thomas Trutt at Cornell (the primary institution that requires external storage for profile pictures), for their externally hosted images they will be using SSL with a static token supplied in the url so we do not need any considerations for authentication by FOLIO for externally hosted images. 

9Should FOLIO support any export of data related to profile pictures?
10Do we need to support profile picture enabling on the fly? If yes, then it would be more complex then a single checkbox, because it will require to provide storage type configuration

  • No labels