The following APIs list all which match the criteria instead of paginating. For this MVP, not an issue but would be a nice future enhancement for scaling up.

• Get all Users
• Get all Teams
• Get all Users that are members of a team

On view report

• Button which calls CTRL+P to print to PDF
• Remove some elements from the printing, search hide from print css or mui on google.

@media print
{    
    button
    {
        display: none !important;
    }
}

todo assign to Sprint 3 milestone

If a user tries to access a page, for example /test/123
when the user gets redirected to /login, add the parameter ?redirect_back=/test/123 and then redirect the user back to this page on successful login

Dashboard Admin List(Admin)

• Backend API Routes
• Frontend API Data Processing
• Secure API (Check admin/logged in etc.)
• Add/Remove/Rename Team
• Change Member Roles (Team Leader, Admin)
• Reassign Team Leader

A user can enter data into the edit report page while the data is being loaded
Solution: Disable form while data is being loaded and enable once data is populated in the form, also put a spinner or something to show it is loading

User must manually call quickstart.sh when the image is created for the first time. Instead call it automatically so the user can enter details such as an admin account

• remove flask-login from packages list
• check if flask-wtf is still needed
• remove all legacy stuff from backend
• add error highlight to login page when no email/password is input
• logout page + endpoint
• protect registration endpoints with superuser required
• integrate registration with the admin-dashboard branch
• convert make-superuser command to a secure API endpoint and integrate with admin-dashboard
• create interface for admin to resend signup request email
• password recovery with email
• password recovery interface
• password request email spam protection/exp backoff (maybe for the MVP assume good actors). Alternatively, have the password request be an admin only feature

no description given in req doc, please fill out

Only option for now is the TIMEZONE

"Australia/West"

User and record items.

Related to #6.

Create automated tests for the following cases:

• Login
  • User with no JWT token cannot access a secure page (http://localhost:3000/access).
  • Login with user not present in db => {"err": "invalid_credentials","msg": "Bad email or password, or user does not exist",}
  • Login with wrong password => {"err": "invalid_credentials","msg": "Bad email or password, or user does not exist",}
  • Login with correct user and pass => Get JWT token and refresh token
  • Test JWT and refresh token can login to a secure page (http://localhost:3000/access).
  • ~~~Test JWT token expiry / refresh token works~~~ Feature not implemented yet
• User signup requests
  • Call API with no email => jsonify({"err": "bad_request", "msg": "email is required"}), 400
  • Call API with a long-ass email => jsonify({"err": "long_email", "msg": "email is too long"}), 400
  • Call API with a reasonable email => Check database row for user is created with registered flag as FALSE AND email sent to target address
    • Check email is received ** optional due to difficulty, unless you'd like to create a gmail acc to automate this test
• User signup
  • No token => jsonify({"err": "bad_request", "msg": "token is required"}), 400
  • No password => jsonify({"err": "bad_request", "msg": "password is required"}), 400
  • BS token => ... "err": "invalid_token",...
  • Already registered in database => ..."err": "user_already_registered",...
  • Good token and password => Check user is set to registered and can login, and password is set. Test login cases again with this newly signed up user.
  • ** TODO investigate if there's a test needed for this codepath which triggers ..."err": "user_already_registered",...

yellow background like for autofilled form text boxes

The year and time of failure boxes will be automatically filled to the current time

Try see if yup has a "field touched" feature like formik you can use to clear this autofill status

const useStyles = makeStyles((theme) => ({
  autofilled: {
    '&:-webkit-autofill': {
      '-webkit-box-shadow': '0 0 0px 1000px white inset',
      '-webkit-text-fill-color': 'inherit',
    },
    '&:-moz-placeholder': {
      color: 'inherit',
      opacity: 1,
    },
  },
}));```

Record View (Edit Mode)

Validation section, editable to only TL:
Validation:

• Record Checkmark
• Analysis Checkmark
• CAP Checkmark
• Reviewed Checkmark

Metadata

Meeting started: 13:25
Meeting ended: 13:45

Present: Peter, Insan, Haoyuan (Online), Igor, Nick, Harsha

Apologies: Erwin

Key takeaways from the meeting

Melinda: Alternative signup page (security...) good, append only comment good.

Melinda: Don't do reset password from admin page.

Melinda: Put agreed requirements in a document for the submission to have a record about.

Agenda

• Discuss features to cut
• Notification feature, alternative
• Learning assignments

Good stuff

Harsha: Currently focusing on frontend.

Melinda: Start with positives, don't start with negatives (what I can't deliver to you)

Harsha: We took frontend and backend together, but integration is needed

Melinda: be specific - write notes ahead of the meeting

: start with good news, then mediocre news then finish with good news. Starting with bad news sets the tone

Harsha: We have the option to implement the features later.

Melinda: I want more certainty. If it removes a pain point and allows it to finish, happy to remove it. Need to write a report with features for future work, with the client's acceptance

Melinda: Good job on the checklist.

Harsha: <Demonstrating the checklist>

Harsha: We decided that the signup page

Peter: <Talking about action items>

Melinda: Alternative signup page (security...) good, append only comment good.

Melinda: Don't do reset password from admin page.

Notifications

Harsha: Notify user by email as a compromise

Learning assignments

Harsha:

Mobile friendliness

Insan: We need to add parameters to make the page mobile friendly.

Nick: I've started on mobile responsiveness. I want to ask for the record list pages (tables), is it okay if the table has less important columns omitted from mobile? To prevent scrolling

Melinda: yeah that's okay. I don't want scrolling.

Harsha: We have issues as to why alignment might not work so easily.

Harsha: <Demo>

Melinda: Yeah you need to make it work.

Harsha: We propose the tables are small size but with a slider. So the unimportant cols are available but you need to scroll over.

Melinda: Think about mobile friendliness in the figma earlier on.

Action items

• Put sprint 3 goals/stories in teams.
• Igor to do talk next week
• Following week Melinda may not be here - set up a different time.

Add this to the start of each source file

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) 2023  <name of author>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.

Add this to the logs when the server starts:

    Better FRACAS Copyright (C) 2023 Better FRACAS team
    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

We're using sqlalchemy and sqlite, so the database does not enforce the string lengths. Need to add guards for these checks manually

• Create APIs for
  • retrieving a user's own reports
  • retrieve types of reports GROUP BY team
• Integrate APIs into frontend

The pin functionality will be disabled for sprint 2.

• Save submit and discard button (Save and submit does the same thing LMAO, discard just goes back) record creation
• Save submit and discard button (Save and submit does the same thing LMAO, discard just goes back) record creation
• #58
• Demo
• Install guide video
• Filtered searching (low priority)
• Stop admin deescalating themselves
• #33
• Help documentation on github

• VIEW1 UI layout to for record viewing GM MVP
• VIEW4 Edit Button (Fields will change state to accept input and become editable edited) GM MVP

Ignore VIEW2 and VIEW5 for MPV

Sprint 3 issue - TODO

• Check new models entry are working (autogenerated)
• Team apis
• UserTeam apis
• Failure apis
• Comment apis
  • create comment
  • edit comment
• Notification apis
• Bookmark apis
• LearningAssignment apis

• Merge with new UI
• Integrate bookmarking system (#43 )

Right now we're using just bare virtualenvs, would be nice to use poetry

Metadata

Attendees: Insan, Haoyuan, Igor, Harsha, Peter, Nicholas
Scribe: Peter

Started: 2023-08-11 13:04 +0800
Ended: 2023-08-11 14:04 +0800

Agenda

• Sprint 3 timelines
• Prep client

Sprint 3 timelines

Insan: if it's 100% done goes to testing no more features

• #35

Insan: Only encountered bad password, something wrong.

Peter: Do we need to make it human readable

Insan: Only CORS issues

Peter: Let's label it as complete

• #36
  Signup page.

Peter: We haven't tested it too much. User already exist, weak passwords are not handled

Insan: How much to commit

Peter: 30 mins or something, pretty low priority honestly.

Peter: Do you want an admin link?

Insan: When deploying to client, have one admin for the client.

Peter: I would put it in one day but at the end

• #37
  Insan: have you worked on database over weekend?

Peter: No

Peter: I would provision 2 days to be safe.

Insan: I'll get it done by monday.

Peter: The validation you want only team leaders to do it right? yes you'll need to add more checks.

Insan: Validation bool already in.

• #38

Insan: When a record is created, owner needs to be set by default. Frontend fields to reassign owner. Haoyuan can you do this?

Haoyuan: sure I can do that.

Insan: You might want to use some of my code for selecting subsystem and copy paste that for selecting users.

Insan: Haoyuan hasn't touched the report section. Let's say it takes another 2 days. 4 days.

Haoyuan: I can give an answer tonight on how long that will take.

Insan: Let's say by friday have a look at everything. Whole thing next wednesday, review friday

• #39

Insan: delete functionality not in the gui

Peter: I'd be happy to work on that. Monday I can get this done.

• #40

Insan: You need to merge to the frontend.

Harsha: Page element - change div to pages. In typescript, no classnames.

Peter: Do you want it for the demo

Insan: Yes.

Insan: Hours to take

Nick: On the dashboard, there's the larger table (reports you have made or owned), the other table is assigned tasks but we aren't doing it anymore.

Insan: That table needs to be cut or repurposed. Can you get this done by friday

Peter: Yes but I will cannot work on the other features

Nick: Can we repurpose it for bookmarked reports?

Insan,Peter: LGTM

• #41

Insan: Multi search should be good but I havent tested it

• #42

Igor: Do you suggest going through admin for that.

Peter: I want to change flow so that the admin requests a link

Peter: If we rehash the registration it could be quicker. I'd say 6 hours

• #43

Peter: There's nothing here.

Nick: There's frontend for the bookmark buttons.

Insan: explanation of bookmarks - see story

Insan: Let's say 5 hours. I'll handle the bookmarks

• #44

Insan: I have error messages and handlers, but to put in all pages?

Peter: Can't you edit the base page and put the error in every page?

Insan: sounds possible but needs to be looked at.

Insan: Not sure if we can get hours on that until other pages sorted

• #45

Insan: Not sure if we can get hours on that until other pages sorted

• #46

Insan: Someone needs to look at that for our current pages. Which one?

Nick: I can do it.

Harsha: Both until

Insan: Both look at it separately. Try to split tasks?

Insan: Do we work on Peter's branch?

Peter: Do it on your branch

• #47

Insan: Igor, figure out what needs to be on there. Description of app, how to run it, set up templates

Peter: Try running the app from the documentation, if you can't then it doesn't have utility. User manual needs to happen for end users.

Insan: Make a table of contents, for each section assign an estimate for each section

Igor: 3 hours for now to make TOC

• #48

Insan: Start to work by next week. Not confident working on it final week [12 hours]

Peter: I have docker containers, not sure how they work with networking. Domain, port forwarding, etc.

Insan: You need a web proxy to redirect, etc.

Insan: 12 hours of work

Insan: That's it for now.

Peter: Prep client meeting.

Insan: No need for full demo, but need to show what we've done. and for proposing changes.

Who wants to run the client meeting this week?

Harsha: I can do that

Insan: Merge off my MVP branch.

Dashboard Member List(Admin)

• Backend API Routes
• Frontend API Data Processing
• Secure API (Check admin/logged in etc.)
• Add/Remove Member
• Change Member Roles (Team Leader, Admin)
• Reassign Team
• Link to signup flow

Implement the minimum features proposed to the client

• A user can write text in a text box, press "Comment" and the text will be added to a list of comments with a timestamp and user name ("[2023-10-04 11:46] Hello")
• A user can open a report and see all the previous comments they and other users made on it as a big text field. They cannot edit their or other's previous comments

Currently it is the default pyproject.toml template, only filled out license for licensecheck

Investigate the use of blueprints, since the routes file is getting large with only auth code in it so far

• REC1 Record Creation Button on sidebar, on every page. GM MVP
• REC2 Fields shall be set according to client provided example record (see 5.2 Object Models) GM MVP
• REC3
  Auto filled fields:
• Creation Date (time when pressed submit)
• Team (by default, member’s assigned team, but
  can be changed to other teams
• Car year (current year)
• Creator name & email (prefilled with current
  user’s name and email)
  GM MVP
• REC5 Buttons to save & close (incomplete), discard and
  publish. GM MVP

Ignore REC4 for MVP

• #10
• #2
• #19
• #18
• #17
• #16
• #15
• #14
• #13
• #12

• LIST1 An ordered list of all available reports GM MVP
• LIST4 Item extra options (Bookmark, Open) GM MVP

Ignore LIST2, LIST3 AND LIST5 for MPV

If a user loads a previous state of the page (back button or something) it resends the data, causing a "double submission/edit".

• On the client side, disable the submit button while a transaction is occurring and we don't know if it failed or is successful
• If it is successful, disable the button
  Alternatively, a more robust solution
• Use a server-generated idempotency token for each transaction and invalidate it on submit to prevent resubmit,,

Notably this happens on the create page where spamming the button results in multiple entries in the database

Currently using sqlite which is not optimized for this task

Started: 14:00
Ended: 15:10

Present: Peter, Insan, Haoyuan (Online), Igor, Nick, Harsha

Last meeting's Action item

*

Insan: Tick off stuff in the reqs doc.

Insan: have you done the README?

Igor: No, I'll have done in the weekend

Sprint 3 goals

• If a user logs in and is unsuccessful, display a human-readable error in a popup
• If a user signs in and is unsuccessful, display a human-readable error in a popup
• If a user forgets their password, they can ask an admin to request a password reset link which is emailed and when they click the link they go to a reset page where they can input a new password
• Users can see validation status and leaders can validate records which checks the validation checkmark
  • Insan: Validation checkmark is done clientside, need to copy code from view report
• A leader can edit a report and click a dropdown to change the owner of a report, which is displayed in the report information
  • Insan: Not sure where Haoyuan is with that
• An leader can click a delete button on the report list view and the report will be marked as deleted in the database and hidden from view (but the data is still present in the database, just hidden)
• A user can see the reports they own on their dashboard
• A user can see a breakdown of open reports on their dashboard
• A user can parametrically search the list of reports on the list report view page
  • Insan: Worked on adding car year to search.
• A user can click a bookmark button for a report on the list report view page, which will make the report bookmarked for the user only.
• [~] A user can see their bookmarked reports on their dashboard.
  • Nick: Not connected to backend but changed layout.
  • Insan: I haven't touched bookmarks yet but can do monday.
• If a user submits a report and is unsuccessful, display a human-readable error in a popup
• If a user edits a report and is unsuccessful, display a human-readable error in a popup
• [~] If a user views the website from a mobile device, the page will be mobile-friendly and adjust to make the best use of screen space
  • Nick: I've modified the dashboard so it stacks the boxes on mobile.
• If a user needs help, they can consult the GitHub README.md for documentation
• An admin can deploy the site on an AWS instance.

Rest of meeting - Reviewing requirements document - see updated one with percentages

Action items

DASH1 - change to only open reports pie chart. Let clients we changed it
Catch up on email notifications requirement next meeting - see if we need to omit it
Can we remove database backup to gdrive