nus-mtp / cs-modify Goto Github PK

A few things to tweak for the search function:

1. Leaving the AY-Semester field blank can invoke search in the current AY-Semester
2. Leaving the left-interval for class size blank should search for all modules with class size <= right-interval
3. Leaving the right-interval for class size blank should search for all modules with class size >= left-interval

Currently the 'delete module' function is inside module listing.

Suggested changes:

1. Remove the Action column completely from module listing. Make the module code link to the module view.
2. Create a new page for deletion of module. Page will be same as module listing, except it only lists the modules that can be deleted (i.e. the new modules). Will have a 'Delete' column for the delete buttons.

line 137 of components/handlers/module_edit.py:
elif quota < 0 or (quota is not None and type(quota) != int):
Causes all tentative module mountings to fail as:

1. Python evaluates None < 0 == True (fail if mounted -> unmounted)
2. type(quota) = unicode (fail if unmounted -> mounted)

Not urgent - only occurs if malicious user edits

Currently, user sessions are shared across all users, which should not happen.

To be fixed.

This feature is to show all modules taken prior to an internship in specific AY-Semester.
Currently, /moduleTakenPriorToInternship page is now defaulted to show those modules taken prior to internship in "AY 17/18 Sem 1".
The AY-Sem value is passed in via modules_taken_prior_to_internship.py
Please implement the UI for this feature, thanks.

The files associated are:
components/handlers/modules_taken_prior_to_internship.py
templates/modulesTakenPriorToInternship.html

During the Think Aloud Protocol, it was discovered that some users could not locate the page, as it is currently only available from a module overview page.

This can be remedied by making it a top-level page as well.

Users are able to modify quota to large numbers at edit mounting page

AY-SEM -> AY- Semester

During the Think Aloud Protocol, some users were unsure of the '(saved)' message after editing prerequisites, but before submitting changes.

This can be remedied by making prerequisites only save upon submitting changes, instead of saving upon leaving the prerequisite edit page.

Currently, clicking on the logout button will log the user out immediately.

Should have a pop-up confirmation that asks the user "Are you sure you want to log out?" and the user has to press 'OK' to log out.

module_view_in_ay_sem.py
module_edit.py
module_overview.py
currently has retrieved data from database with regards to preclusions and prereqs,
please help to add them to the RENDER() and do up the UI. Thanks.
They are found in queries2 branch.

This issue was detected by ZAP in the POST methods of login and register pages.
The description by ZAP is : A Format String error occurs when the submitted data of an input string is evaluated as a command by the application. The script closed the connection on a /%s

Solution ZAP provided: Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

Reference given by ZAP:
https://www.owasp.org/index.php/Format_string_attack

A common comment was that too many clicks are required to navigate from one feature to the other.
This was particularly noted with the functions for editing module information.

This can be remedied in several ways:

• Addition of keyboard shortcuts for advanced users.
• Re-grouping of certain functions
• Making the 'Edit' function available alongside each module entry shown in the 'Module Information' page
• Extracting the 'Edit' functions out from the 'Actions' drop-down menu and making them explicitly accessible in the 'View Modules' pages

Commit message/changelog for modifying modules
Restore module button -> undo icon
Bold important info (module information)
Group changes into sections
Table Old Module and New Module

E.g. '/viewModule?code=cs1010' should be acceptable, instead of returning 404

include warning message and action button for user to update database state at the start of a new ay-

Need to implement check for invalid module code and AY-Sem for the 'Modules overlapping with this module' page and the 'Students planning to take module' page.

The color for not-hovered-on links need be changed to lighter color to increase contrast with sidebar background color.

Buttons says mounting tentative/fixed when home pages says mounting for current AY/next AY, fix inconsistency.

Front-end input validations do work when using a web browser.

The concern, however, is when the user manages to by-pass the front-end, in which the back-end is missing validations.

I observe that some POST methods, as well as the database insertion functions in model.py do not employ input validation. Additionally, the database schema itself does not contain certain data-integrity checks (e.g. illegal characters and numerical constraints in number of MCs).

All these needs to be implemented eventually to guard against data-contamination in the database.

Here's something for reference for implementing regex check:
https://www.postgresql.org/docs/8.3/static/functions-matching.html

On branch 'currentUser'

on each page and set timeout to 10 minutes

Since no pages invoke the POST method for View Modules, remove it.

Taken out from #26

This issue is raised as per the professor's comments on Modified Modules feature. (Given use case: "User can specify a message explaining/detailing reasons for the change applied to a module")

@helloqx @nlzz22 @xaterz @a0129998
Requires addition of change-log message attribute in back-end, and this will affect Edit Module and Modified Modules features.

This issue is not a high priority currently.

use the available function in models to do this test

Make it more 'popz'
Currently the error message looks like part of the generic instructions, easily overlooked

The box containing the 2 navigation buttons is taking up too much space on this page. You can barely see the table on page load.

As a general rule of thumb, the header, description and navigation buttons of a page should not take up more than half of the page.

Suggestions for what to be changed:

• Remove the 'Options' header (the buttons are self-explanatory enough)
• Change the 2 buttons' display to inline-block
• Reduce the top and bottom padding of the box

allow users to input small letters, but capitalize the letters for them with .upper()

After SUS and Think Aloud Protocol, it was discovered that users might face some initial difficulty in discovering some features (e.g. tooltips appearing on hover, where to find certain features, etc.).

This can be resolved with a quick guide that shows when users register a new account, or upon clicking a help button.

/overlappingWithModule?code=MM1006
Page gives overlapping modules for All Semesters, but help message says for a specified semester.

Change in UI for Modified Module Details for specific module will show the target module's original state and modified state (includes name, description and MCs) side-by-side.

Currently, back-end not supporting this. Will require the back-end to return full module data for original and modified state.

Sidebar has headers that behave like links (change colour on hover) but are not actually links/do not actually do anything but close sidebar.

Load testing using apache benchmark revealed that the postgres database has a very high chance of crashing when more than one requests of the same type are sent concurrently. Meaning if more than one user try to access the same page at the same time, the app might crash.

To prevent this, need to make every database 'get' function able to:

• Catch internal error returned by postgres
• Retry after 1 second when query failed
• Redirect to home page / error page after too many failed attempts

Handler class for Modified Modules page should render the 404 page upon invalid module code detected in URL.

Implementation for rendering empty table for valid module code but invalid change is correct.

Currently there are 2 problems with handling 404 error:

1. There is no proper redirect to a 404 page. For example in Module Overview, when the module code in the URL is invalid, the 404 page is rendered, but the URL remains the same.
   The correct way to do this is to have a general URL for the 404 page (localhost/404), and create a new class to handle the rendering of the 404 page (instead of calling RENDER directly).

2. So far we are only able to catch invalid code and AY-Sems in the GET input of the page, but there's no catching of REAL 404 error. E.g. 'localhost/asdfghjk' will print a 'not found' on the page instead of directing to our customised 404 page.

Accessing a URL such as /individualModuleInfo?code=BT5110&targetAY=AY+16%2F18+Sem+1 should fail but actual outcome is that users are directed to a page where the AY-Semester is displayed as AY 16/18 Sem 1.

Current implementation doesn't support retrieving overlapping modules in specific ay-sem for specific module.

Currently, POST method is used for both retrieving page and for form submission.

As per the feedback given during the usability evaluation, advanced users would like to be able to modify certain parameters in the URL to access a certain page more easily.

Please implement a GET method for page request. This fix request is not urgent and current sprint features take precedence.

Currently, list is only updated after app is restarted.
List should be updated every time a module is added or deleted.

currently the current sem for non-overlapping modules by semester is hardcoded to be AY 16/17 SEM 1. modify it to make the time dynamic

Please add a restore button to the page to restore the modified details of the specific module.

Uncaught TypeError: Cannot set property '_DT_CellIndex' of undefined

This error is preventing javascript codes from being executed on this page.

E.g. '/viewModule?asdfgh=BT5110' or simply '/viewModule' will cause AttributeError (because the required attribute 'code' is not found). Should return 404 page instead.

Need to fix this for all the affected pages.

Newly created modules are added to the Modules table, which is subsequently reflecting inside the Fixed Module Mounting view when it should not.

Please fix.

This is needed at near the end of the project.