diff --git a/src/content/docs/BACaudit/AuditReport:BAC.md b/src/content/docs/BACaudit/AuditReport_BAC.md similarity index 97% rename from src/content/docs/BACaudit/AuditReport:BAC.md rename to src/content/docs/BACaudit/AuditReport_BAC.md index 4f37f725..b5915a2f 100644 --- a/src/content/docs/BACaudit/AuditReport:BAC.md +++ b/src/content/docs/BACaudit/AuditReport_BAC.md @@ -1,155 +1,155 @@ -# Web Security Audit: Broken Access Control Vulnerability Report - -## Introduction - -Broken Access Control is a critical security vulnerability where an application fails to properly restrict access to resources, allowing users to perform actions beyond their intended permissions. This vulnerability is ranked #1 in the OWASP Top 10 Web Application Security Risks (2021) due to its prevalence and severe impact. - -Examples of Broken Access Control include: - -- A regular user accessing administrator functionalities -- A user viewing or modifying another user's data by manipulating resource identifiers -- Using authorization tokens across different user contexts -- Bypassing access controls through URL manipulation -- Accessing sensitive API endpoints without proper authentication - -In the context of Doubtfire, these vulnerabilities could allow students to view other students' submissions, modify grades, access administrative functions, or view sensitive institutional data. - -## Test Cases - -Our security audit focused on the following test categories: - -1. **Vertical Privilege Escalation**: Testing if regular users can perform administrator-only actions -2. **Insecure Direct Object References (IDOR)**: Testing if users can access resources of other users by manipulating identifiers -3. **Session Token Misuse**: Testing if authentication tokens can be used across different user contexts -4. **URL Manipulation**: Testing if modifying URL parameters can bypass access controls -5. **Missing Access Controls**: Testing if sensitive endpoints can be accessed without authentication -6. **HTTP Method Manipulation**: Testing if changing HTTP methods can bypass access controls -7. **Function Level Access Controls**: Testing if sensitive functions are properly protected - -## Methodology - -### Tools Required - -- Bash shell environment (Linux/macOS, or Windows with WSL/Git Bash) -- cURL command-line tool -- Access to test environment with admin and regular user credentials - -### Testing Procedure - -1. **Setup**: - - Clone the repository containing the test script - - Make the script executable: `chmod +x broken_access_control_test.sh` - - Configure the API_URL variable in the script (default: `http://localhost:3000`) - -2. **Execution**: - - Run the script: `./broken_access_control_test.sh` - - The script will output results to the console and save detailed logs to a timestamped file - -3. **Understanding Results**: - - **PASS (Green)**: The test confirmed proper access controls are in place - - **FAIL (Red)**: The test identified a security vulnerability that requires attention - - **INCONCLUSIVE/SKIPPED (Yellow)**: The test requires further investigation or manual verification - - The script differentiates between various response types: - - 401/403/419 responses for authenticated requests (expected denial) - - 405 Method Not Allowed (acceptable for certain tests) - - Empty arrays/null responses (potential information disclosure) - -4. **Manual Verification**: - - For UI-related vulnerabilities, manually check if regular users can access `/#/admin/units` - - Verify path traversal protection by testing various URL patterns in the browser - - Test endpoints that returned inconclusive results with different parameters or methods - -### Script Details - -The `broken_access_control_test.sh` script: - -1. Performs authentication to obtain admin and regular user tokens -2. Systematically tests each access control category -3. Interprets responses based on HTTP status codes and content -4. Provides a detailed report of findings with recommendations -5. Logs all results for future reference and compliance documentation - -The script is designed to be comprehensive, testing all API endpoints documented in the Doubtfire API specification. - -## Results - -After running the security audit, we identified the following issues: - -### Critical Vulnerabilities - -1. **Insecure Direct Object References (IDOR)**: - - Users can access other users' data by manipulating the user ID - - Status 200 was returned with full user profile information - - This allows any authenticated user to view sensitive information of other users - -2. **Missing Access Controls on Sensitive Endpoints**: - - The `/api/settings` endpoint returns configuration data without authentication - - This reveals system configuration including external integrations - -3. **Path Traversal Risk**: - - While API path traversal tests returned 404 status codes, further manual verification confirmed that regular users can access the admin creation page in the UI - - This frontend vulnerability allows unauthorized access to administrative functionality - -### Inconclusive Results Requiring Investigation - -1. **Endpoints Returning Empty Results Without Authentication**: - - `/api/activity_types`, `/api/campuses`, `/api/teaching_periods`, and `/api/tii_eula` return 200 status with empty arrays/null values - - These endpoints should require authentication even when returning empty data - -2. **Function Level Access Controls**: - - Teaching period creation attempts resulted in validation errors (400) rather than permission denial - - The endpoint processes the request and fails on validation instead of rejecting due to insufficient permissions - -3. **Regular User Resource Access**: - - Test user couldn't access permitted units (403 "Unable to list units") - - This may be legitimate if the test user has no assigned units, but should be confirmed - -### Successful Controls - -The application successfully implemented: -- Protection against vertical privilege escalation attempts -- Session token binding and validation -- HTTP method restrictions (405 responses for inappropriate methods) -- Access controls on many critical API endpoints - -## Required Actions - -Based on our findings, we recommend the following actions: - -### Immediate Actions - -1. **Fix IDOR Vulnerability**: - - Implement proper authorization checks in the user controller - - Ensure users can only access their own profile information - - Add role-based access control for user data access - -2. **Secure Settings Endpoint**: - - Require authentication for the `/api/settings` endpoint - - Implement role-based access to configuration data - - Consider moving sensitive configuration to a protected admin-only endpoint - -3. **Fix Frontend Access Controls**: - - Implement proper route protection in the frontend application - - Prevent student accounts from accessing `/#/admin/units` - - Ensure admin components are not rendered for non-admin users - -### Recommended Improvements - -1. **Consistent Authentication Checks**: - - Add authentication requirements to all API endpoints, even those returning empty results - - Implement uniform authorization checks that run before request processing - - Return consistent 401/403 responses instead of empty data arrays - -2. **Enhance Function Level Controls**: - - Ensure permission checks occur before parameter validation - - Return clear authorization errors rather than validation errors for unauthorized requests - -3. **Implement Comprehensive Logging**: - - Add detailed logging for all access control failures - - Set up alerts for potential authorization bypass attempts - - Include sufficient context in logs to identify potential attack patterns - -4. **Regular Security Testing**: - - Include access control testing in the CI/CD pipeline - - Re-run the security test after implementing fixes to confirm remediation - - Expand tests as new endpoints are developed +# Web Security Audit: Broken Access Control Vulnerability Report + +## Introduction + +Broken Access Control is a critical security vulnerability where an application fails to properly restrict access to resources, allowing users to perform actions beyond their intended permissions. This vulnerability is ranked #1 in the OWASP Top 10 Web Application Security Risks (2021) due to its prevalence and severe impact. + +Examples of Broken Access Control include: + +- A regular user accessing administrator functionalities +- A user viewing or modifying another user's data by manipulating resource identifiers +- Using authorization tokens across different user contexts +- Bypassing access controls through URL manipulation +- Accessing sensitive API endpoints without proper authentication + +In the context of Doubtfire, these vulnerabilities could allow students to view other students' submissions, modify grades, access administrative functions, or view sensitive institutional data. + +## Test Cases + +Our security audit focused on the following test categories: + +1. **Vertical Privilege Escalation**: Testing if regular users can perform administrator-only actions +2. **Insecure Direct Object References (IDOR)**: Testing if users can access resources of other users by manipulating identifiers +3. **Session Token Misuse**: Testing if authentication tokens can be used across different user contexts +4. **URL Manipulation**: Testing if modifying URL parameters can bypass access controls +5. **Missing Access Controls**: Testing if sensitive endpoints can be accessed without authentication +6. **HTTP Method Manipulation**: Testing if changing HTTP methods can bypass access controls +7. **Function Level Access Controls**: Testing if sensitive functions are properly protected + +## Methodology + +### Tools Required + +- Bash shell environment (Linux/macOS, or Windows with WSL/Git Bash) +- cURL command-line tool +- Access to test environment with admin and regular user credentials + +### Testing Procedure + +1. **Setup**: + - Clone the repository containing the test script + - Make the script executable: `chmod +x broken_access_control_test.sh` + - Configure the API_URL variable in the script (default: `http://localhost:3000`) + +2. **Execution**: + - Run the script: `./broken_access_control_test.sh` + - The script will output results to the console and save detailed logs to a timestamped file + +3. **Understanding Results**: + - **PASS (Green)**: The test confirmed proper access controls are in place + - **FAIL (Red)**: The test identified a security vulnerability that requires attention + - **INCONCLUSIVE/SKIPPED (Yellow)**: The test requires further investigation or manual verification + - The script differentiates between various response types: + - 401/403/419 responses for authenticated requests (expected denial) + - 405 Method Not Allowed (acceptable for certain tests) + - Empty arrays/null responses (potential information disclosure) + +4. **Manual Verification**: + - For UI-related vulnerabilities, manually check if regular users can access `/#/admin/units` + - Verify path traversal protection by testing various URL patterns in the browser + - Test endpoints that returned inconclusive results with different parameters or methods + +### Script Details + +The `broken_access_control_test.sh` script: + +1. Performs authentication to obtain admin and regular user tokens +2. Systematically tests each access control category +3. Interprets responses based on HTTP status codes and content +4. Provides a detailed report of findings with recommendations +5. Logs all results for future reference and compliance documentation + +The script is designed to be comprehensive, testing all API endpoints documented in the Doubtfire API specification. + +## Results + +After running the security audit, we identified the following issues: + +### Critical Vulnerabilities + +1. **Insecure Direct Object References (IDOR)**: + - Users can access other users' data by manipulating the user ID + - Status 200 was returned with full user profile information + - This allows any authenticated user to view sensitive information of other users + +2. **Missing Access Controls on Sensitive Endpoints**: + - The `/api/settings` endpoint returns configuration data without authentication + - This reveals system configuration including external integrations + +3. **Path Traversal Risk**: + - While API path traversal tests returned 404 status codes, further manual verification confirmed that regular users can access the admin creation page in the UI + - This frontend vulnerability allows unauthorized access to administrative functionality + +### Inconclusive Results Requiring Investigation + +1. **Endpoints Returning Empty Results Without Authentication**: + - `/api/activity_types`, `/api/campuses`, `/api/teaching_periods`, and `/api/tii_eula` return 200 status with empty arrays/null values + - These endpoints should require authentication even when returning empty data + +2. **Function Level Access Controls**: + - Teaching period creation attempts resulted in validation errors (400) rather than permission denial + - The endpoint processes the request and fails on validation instead of rejecting due to insufficient permissions + +3. **Regular User Resource Access**: + - Test user couldn't access permitted units (403 "Unable to list units") + - This may be legitimate if the test user has no assigned units, but should be confirmed + +### Successful Controls + +The application successfully implemented: +- Protection against vertical privilege escalation attempts +- Session token binding and validation +- HTTP method restrictions (405 responses for inappropriate methods) +- Access controls on many critical API endpoints + +## Required Actions + +Based on our findings, we recommend the following actions: + +### Immediate Actions + +1. **Fix IDOR Vulnerability**: + - Implement proper authorization checks in the user controller + - Ensure users can only access their own profile information + - Add role-based access control for user data access + +2. **Secure Settings Endpoint**: + - Require authentication for the `/api/settings` endpoint + - Implement role-based access to configuration data + - Consider moving sensitive configuration to a protected admin-only endpoint + +3. **Fix Frontend Access Controls**: + - Implement proper route protection in the frontend application + - Prevent student accounts from accessing `/#/admin/units` + - Ensure admin components are not rendered for non-admin users + +### Recommended Improvements + +1. **Consistent Authentication Checks**: + - Add authentication requirements to all API endpoints, even those returning empty results + - Implement uniform authorization checks that run before request processing + - Return consistent 401/403 responses instead of empty data arrays + +2. **Enhance Function Level Controls**: + - Ensure permission checks occur before parameter validation + - Return clear authorization errors rather than validation errors for unauthorized requests + +3. **Implement Comprehensive Logging**: + - Add detailed logging for all access control failures + - Set up alerts for potential authorization bypass attempts + - Include sufficient context in logs to identify potential attack patterns + +4. **Regular Security Testing**: + - Include access control testing in the CI/CD pipeline + - Re-run the security test after implementing fixes to confirm remediation + - Expand tests as new endpoints are developed diff --git a/src/content/docs/report_script/Ontrack Task.csv b/src/content/docs/report_script/Ontrack Task.csv new file mode 100644 index 00000000..cc5307df --- /dev/null +++ b/src/content/docs/report_script/Ontrack Task.csv @@ -0,0 +1,509 @@ +"Name","Role","Task","Bucket","Attachments" +"4sw48kpySkqjEW5ySGLW0sgAFjkW (Unable to get name)","Reviewer","Numbas | Fix bug where student answers are being overwritten / deemed invalid","Archive","No GitHub links" +"4sw48kpySkqjEW5ySGLW0sgAFjkW (Unable to get name)","","Create model for enhanced feedback in front end.","Archive","https://github.com/coskun-kilinc/doubtfire-web/commit/41977774b4c57133493faeef35f9511a07f1ada7; https://github.com/thoth-tech/doubtfire-web/pull/156" +"ADITYA PRATAP SINGH TOMER","Reviewer","Delete old documentation for Courseflow at https://thoth-tech.netlify.app/products/courseflow","Sprint 1 Complete","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/143" +"ADITYA PRATAP SINGH TOMER","","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"ADITYA PRATAP SINGH TOMER","","Consolidation of documentation, documentation-1 and documentation-2","Sprint 3 Complete","https://github.com/thoth-tech/documentation/pull/572" +"ADITYA PRATAP SINGH TOMER","Reviewer","Clickjacking: X-Frame-Options header - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"ADITYA PRATAP SINGH TOMER","Main Contributor","Audit company documentation website","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/570" +"ADITYA PRATAP SINGH TOMER","Main Contributor","Create new Visualisation for Target Grade & Chart","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/326" +"ADITYA PRATAP SINGH TOMER","Main Contributor","Design Feature - Incorporate Content","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/365" +"ADITYA PRATAP SINGH TOMER","Main Contributor","Create a new video guide/tutorial setting up dev environment","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/358" +"ADITYA PRATAP SINGH TOMER","","OWASP Top 10 report and action items","Sprint 3 Complete","No GitHub links" +"AGAMVEER SINGH","","Migrate group-member-list.coffee","Sprint 2 Upstream Review","No GitHub links" +"AGAMVEER SINGH","","Create an overlay component that allows a user to find out more information about a unit.","CourseFlow","https://github.com/thoth-tech/doubtfire-web/pull/323" +"AGAMVEER SINGH","","Migrate progress-dashboard.coffee","Sprint 3 Complete","No GitHub links" +"ALEX BROWN","","Fix change_remotes.sh","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-deploy/pull/32" +"ALEX BROWN","Reviewer","Migrate outcome-service.coffee","Sprint 2 Code Review","No GitHub links" +"ALEX BROWN","Reviewer","Migrate date-service.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/280" +"ALEX BROWN","","Frontend Migrations: Update frontend migration progress list","Sprint 2 Code Review","No GitHub links" +"ALEX BROWN","","Migrate unit-staff-editor.coffee","Sprint 3 Complete","No GitHub links" +"ALEX BROWN","Main Contributor","Migrate runtime.coffee","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/398" +"ALEX BROWN","","Import & Download list of tutorials by CSV","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-web/pull/314; https://github.com/thoth-tech/doubtfire-api/pull/59" +"ALEX BROWN","","Migrate groups.coffee","Sprint 1 Review","No GitHub links" +"ALEX BROWN","","Migrate student-task-list.coffee","Frontend Migration","No GitHub links" +"ALEX BROWN","","Migrate Portfolio Welcome Step","Sprint 1 Complete","No GitHub links" +"ALEX BROWN","","Migrate privacy-policy.coffee","Frontend Migration","No GitHub links" +"ALVIN ODUNGA","","CORS Vulnerability - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"ALVIN ODUNGA","Reviewer","History of Target Grade change","Sprint 1 Complete","No GitHub links" +"ALVIN ODUNGA","Main Contributor","Migrate project-tasks-list.coffee","Sprint 2 Complete","No GitHub links" +"ALVIN ODUNGA","Main Contributor","Implement Video Upload Functionality in Backend","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-api/pull/48; https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/120" +"ALVIN ODUNGA","Main Contributor","Panopto Upload process documentation","Sprint 3 Complete","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/124" +"AMOS SAJI","Main Contributor","Migration: group set manager","Upstream review","No GitHub links" +"AMRITH JAYADEEP","Main Contributor","Frontend: Organization Management, Site Administrator Logic and User Profiles","Incorporate Multiple Organisations on Single OnTrack Server","No GitHub links" +"AMRITH JAYADEEP","","Backend - Modify users Table to add Total Tutor Time","Archive","No GitHub links" +"AMRITH JAYADEEP","Main Contributor","Explore how user's use organisation, switch between them and the effects of switching between them","Archive","https://github.com/thoth-tech/documentation/pull/609" +"AMRITH JAYADEEP","Main Contributor","Backend: Organization Management, Site Administrator Logic","Sprint 2 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/58" +"AMRITH JAYADEEP","Reviewer","Web Security Audit: Broken Access Control","Sprint 3 Complete","No GitHub links" +"AMRITH JAYADEEP","","Import & Download list of tutorials by CSV","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-web/pull/314; https://github.com/thoth-tech/doubtfire-api/pull/59" +"ANIRUDH NELLIPPILLI JOSHI","Reviewer","Documentation: grade-task-modal component review","Upstream review","No GitHub links" +"ANIRUDH NELLIPPILLI JOSHI","Main Contributor","migrate file-uploader.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/246/commits/28a77cd0821ce9b66a43c47741cda35c39132fd; https://github.com/thoth-tech/documentation/pull/535/files" +"ANIRUDH NELLIPPILLI JOSHI","Main Contributor","Migration: csv-result-modal.coffee","Archive","No GitHub links" +"ANIRUDH NELLIPPILLI JOSHI","Reviewer","Migration: group set manager","Upstream review","No GitHub links" +"ANIRUDH NELLIPPILLI JOSHI","Reviewer","Onboarding Juniors Guidence","Upstream review","https://github.com/thoth-tech/documentation/pull/551" +"ANMOL SAINI","","Create new Visualisation for Target Grade & Chart","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/326" +"ANMOL SAINI","Reviewer","Frontend: Organization Management, Site Administrator Logic and User Profiles","Incorporate Multiple Organisations on Single OnTrack Server","No GitHub links" +"ANMOL SAINI","Reviewer","Import & Download list of tutorials by CSV","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-web/pull/314; https://github.com/thoth-tech/doubtfire-api/pull/59" +"ASH DEORE","","Audit OnTrack related documentation","Sprint 3 Upstream Review","https://github.com/thoth-tech/documentation/pull/569" +"ASH DEORE","","Survey current progress and gaps in documentation - backend","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/562" +"ASH DEORE","Reviewer","Panopto Upload process documentation","Sprint 3 Complete","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/124" +"ATHARV SANDIP BHANDARE","","AppAttack x OnTrack","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","","Migration: comments-modal","Archive","No GitHub links" +"ATHARV SANDIP BHANDARE","Main Contributor","Migration: unit-staff-editor.coffee","To Be Reviewed","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Security Issue: Session Hijacking via Forced Session Fixation","Sprint 3 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","","Create new Visualisation for Target Grade & Chart","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/326" +"ATHARV SANDIP BHANDARE","Reviewer","Security Issue: Exploitable CORS Configuration","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Security Issue: Insecure Token Exposure via Client-Side Storage and HTTP Headers","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Security Issue: Session Hijacking - Insufficient Session Binding","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/61" +"ATHARV SANDIP BHANDARE","Reviewer","Web Security Audit: Identification and Authentication Failures","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-astro/pull/29" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate group-member-contribution-assigner.coffee","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Security Issue: Malicious Code Execution","Sprint 3 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","","Migrate listener-service.coffee","Sprint 3 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Web Security Audit: Server-Side Request Forgery (SSRF)","Sprint 1 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Main Contributor","JPLAG UI documentation","Upstream review","https://github.com/thoth-tech/documentation/pull/555" +"ATHARV SANDIP BHANDARE","","Migrate progress-burndown-chart.coffee","Sprint 1 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate progress-dashboard.coffee","Sprint 3 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate group-member-list.coffee","Sprint 2 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate media-service.coffee","Sprint 1 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate student-task-status-pie-chart.coffee","Sprint 3 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Main Contributor","Create Visualisation Service","Archive","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Write documentation for JPLAG","Upstream review","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate analytics.coffee","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/295; https://github.com/thoth-tech/documentation/pull/586" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate analytics-service.coffee","Sprint 2 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate debug.coffee","Sprint 3 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Main Contributor","Security Issue: Clickjacking via Missing Security Headers","Sprint 3 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Fix: 9.x Burndown Data Visualisation","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","","Security Issue: Exposed JavaScript Source Map","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Web Security Audit: Injection","Sprint 3 Upstream Review","No GitHub links" +"ATHARV SANDIP BHANDARE","Main Contributor","Insecure Direct Object Ref - Unauthorized Access to Staff Info","Sprint 4 Complete","No GitHub links" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate routing.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/296" +"ATHARV SANDIP BHANDARE","Reviewer","Migrate portfolio-grade-select-step.coffee","Sprint 4 Complete","No GitHub links" +"BOWEN YAN","Main Contributor","Numbas | Fix bug where student answers are being overwritten / deemed invalid","Archive","No GitHub links" +"BOWEN YAN","","PDF long lines","Archive","https://github.com/doubtfire-lms/doubtfire-api/pull/439; https://github.com/thoth-tech/doubtfire-api/pull/17" +"BOWEN YAN","","Clean up unused imports project-wide","Archive","https://github.com/doubtfire-lms/doubtfire-web/pull/845" +"BRIANNA LAIRD","Reviewer","Audit company documentation website","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/570" +"BRUCE WANG","Reviewer","Migration: csv-result-modal.coffee","Archive","No GitHub links" +"BRUCE WANG","Main Contributor","Documentation: grade-task-modal component review","Upstream review","No GitHub links" +"BRUCE WANG","Reviewer","Migration: unit-staff-editor.coffee","To Be Reviewed","No GitHub links" +"BRUCE WANG","Reviewer","migrate file-uploader.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/246/commits/28a77cd0821ce9b66a43c47741cda35c39132fd; https://github.com/thoth-tech/documentation/pull/535/files" +"BRUCE WANG","Reviewer","Migrate analytics.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/256" +"BRUCE WANG","Main Contributor","Onboarding Juniors Guidence","Upstream review","https://github.com/thoth-tech/documentation/pull/551" +"BRUCE WANG","","Migration: timeout.coffee","Archive","https://github.com/doubtfire-lms/doubtfire-web/pull/868/commits/6a965ef9927837bd3e9e77d27b035473cd97; https://github.com/thoth-tech/doubtfire-web/pull/230" +"BRUCE WANG","Reviewer","Migration: comments-modal","Archive","No GitHub links" +"BRUCE WANG","","Migration: unauthorised.coffee","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/257" +"BRUCE WANG","","Migration: grade-icon.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/231" +"BRUCE WANG","Reviewer","Migrate viewer.coffee","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/251" +"CHELAKA YASODHANA PATHBERIYAGE","Main Contributor","Migrate unit-staff-editor.coffee","Sprint 3 Complete","No GitHub links" +"CHELAKA YASODHANA PATHBERIYAGE","","Migrate portfolio-grade-select-step.coffee","Sprint 4 Complete","No GitHub links" +"CHELAKA YASODHANA PATHBERIYAGE","","Migrate portfolio-review-step.coffee","Frontend Migration","No GitHub links" +"CHELAKA YASODHANA PATHBERIYAGE","Reviewer","Add observer property to unit-level roles","Visitor Enhancement - NOT CAPSTONE","No GitHub links" +"CHELAKA YASODHANA PATHBERIYAGE","Reviewer","Migrate unit-details-editor.coffee","Sprint 4 Complete","No GitHub links" +"DAU DUOT ATEM","","Frontend: Organization Management, Site Administrator Logic and User Profiles","Incorporate Multiple Organisations on Single OnTrack Server","No GitHub links" +"DAU DUOT ATEM","","Migrate content-editable.coffee","Sprint 4 Complete","No GitHub links" +"DAU DUOT ATEM","Main Contributor","Migration (Cleanup Task): inbox.coffee","Frontend Migration","No GitHub links" +"DAU DUOT ATEM","","Import & Download list of tutorials by CSV","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-web/pull/314; https://github.com/thoth-tech/doubtfire-api/pull/59" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate unit-details-editor.coffee","Sprint 4 Complete","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate group-selector.coffee","Frontend Migration","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate student-task-status-pie-chart.coffee","Sprint 3 Complete","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate outcome-service.coffee","Sprint 2 Code Review","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migration: task-ilo-alignment-rater","Frontend Migration","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","Main Contributor","Migrate recorder-service.coffee","Sprint 2 Doing","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","Main Contributor","Migrate routing.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/296" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migration: group set selector","Sprint 2 Code Review","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate Group-member-list","Sprint 1 Doing","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","[big task] Migrate filters.coffee","Sprint 4 Complete","No GitHub links" +"DISURU PASANJITH RATHNAYAKE RATHNAYAKE THUDUGALA BANDULAGE","","Migrate analytics.coffee","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/295; https://github.com/thoth-tech/documentation/pull/586" +"DUY NGUYEN","Reviewer","Migrate groups.coffee","Sprint 1 Review","No GitHub links" +"DUY NGUYEN","Main Contributor","Update unit model to host more details","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-api/pull/71" +"DUY NGUYEN","Reviewer","Migrate runtime.coffee","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/398" +"DUY NGUYEN","","Add option to overload units to a teaching period","CourseFlow","No GitHub links" +"DUY NGUYEN","","Enrich the unit card itself to show more info","CourseFlow","No GitHub links" +"DUY NGUYEN","Main Contributor","Create example templates for course maps.","Sprint 1 Complete","No GitHub links" +"DUY NGUYEN","Main Contributor","Create Requirement entity in the backend","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-api/pull/68" +"DUY NGUYEN","Main Contributor","Refactor CourseFlow code base for better components maintainence","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/385" +"DUY NGUYEN","Main Contributor","Implement a way for the containers to be added and deleted and units in the course map to be added, moved, swapped and deleted.","Sprint 2 Upstream Review","No GitHub links" +"DUY NGUYEN","Main Contributor","Create test data for CourseFlow ( Course map, Course map units, Units)","Sprint 1 Review","No GitHub links" +"DUY NGUYEN","Reviewer","Populate the content of the unit component tab with drop down menus to filter the units that get displayed.","Sprint 2 Doing","https://github.com/thoth-tech/doubtfire-web/pull/308" +"DUY NGUYEN","","Add visual indicators for unit status","Sprint 4 Complete","No GitHub links" +"EDWARD NGUYEN","Main Contributor","Populate the content of the unit component tab with drop down menus to filter the units that get displayed.","Sprint 2 Doing","https://github.com/thoth-tech/doubtfire-web/pull/308" +"EDWARD NGUYEN","Reviewer","Implement a way for the containers to be added and deleted and units in the course map to be added, moved, swapped and deleted.","Sprint 2 Upstream Review","No GitHub links" +"EDWARD NGUYEN","Reviewer","Update unit model to host more details","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-api/pull/71" +"EDWARD NGUYEN","Reviewer","Remove alignment-bar-chart.coffee","Sprint 2 Code Review","No GitHub links" +"EDWARD NGUYEN","Reviewer","Create Requirement entity in the backend","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-api/pull/68" +"EDWARD NGUYEN","Main Contributor","Add ability to mark unit as complete (phase 4)","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/386" +"EDWARD NGUYEN","","Create a component to display credit points achieved.","CourseFlow","No GitHub links" +"EDWARD NGUYEN","Main Contributor","Delete old documentation for Courseflow at https://thoth-tech.netlify.app/products/courseflow","Sprint 1 Complete","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/143" +"EDWARD NGUYEN","","Populate the overlay component for the detailed unit with content of the unit - this needs to include unit requirements.","CourseFlow","No GitHub links" +"EDWARD NGUYEN","","Create test data for CourseFlow ( Course map, Course map units, Units)","Sprint 1 Review","No GitHub links" +"EDWARD NGUYEN","Main Contributor","Add summary of skills component","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/396" +"EKAM BHULLAR","","Backend - Modify users Table to add Total Tutor Time","Archive","No GitHub links" +"EKAM BHULLAR","Main Contributor","Migrate group-member-contribution-assigner.coffee","Sprint 4 Complete","No GitHub links" +"EKAM BHULLAR","Reviewer","Secure Settings Endpoint","Sprint 3 Upstream Review","No GitHub links" +"EKAM BHULLAR","Reviewer","Add summary of skills component","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/396" +"EKAM BHULLAR","","Frontend - Redesign Tutor Time Feature || Duplicate","Archive","No GitHub links" +"EKAM BHULLAR","Reviewer","Backend - Database Trigger for Auto-Update for Total Tutor Time","Archive","No GitHub links" +"EKAM BHULLAR","","Implement ngx graphs/charts in UI","Tutor Times","https://github.com/thoth-tech/doubtfire-web/pull/392" +"EKAM BHULLAR","Reviewer","Refactor CourseFlow code base for better components maintainence","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/385" +"EKAM BHULLAR","","Migrate task-ilo-alignment-editor.coffee","Frontend Migration","No GitHub links" +"EKAM BHULLAR","Main Contributor","Frontend Work - Tutor Times","Archive","No GitHub links" +"EKAM BHULLAR","Main Contributor","Redesign Tutor Time feature to work automatically","Sprint 4 Complete","No GitHub links" +"EKAM BHULLAR","","Implement Real-Time Notification System","Tutor Times","No GitHub links" +"EKAM BHULLAR","","Backend - Redesign Tutor Time Feature","Sprint 3 Review","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Backend Work: Set up notification system","Sprint 4 Complete","No GitHub links" +"ELIYA GEERLINGS","","Fix jupyter notebook latex rake test","Upstream review","No GitHub links" +"ELIYA GEERLINGS","","Latex docker downsizing: Creation of feasibility document","Upstream review","No GitHub links" +"ELIYA GEERLINGS","Main Contributor","Latex docker downsizing: Implementation","Upstream review","No GitHub links" +"ELIYA GEERLINGS","Reviewer","[big task] Migrate filters.coffee","Sprint 4 Complete","No GitHub links" +"ELIYA GEERLINGS","","Fix build issue on windows for 9.x branch","Sprint 4 Complete","https://github.com/doubtfire-lms/doubtfire-web/pull/925" +"ELIYA GEERLINGS","","Migration: unit-staff-editor.coffee","To Be Reviewed","No GitHub links" +"ELIYA GEERLINGS","","Frontend Work: Form Validation","Sprint 3 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"ELIYA GEERLINGS","","MariaDB docker devcontainer downsizing","Docker Image Downsizing","No GitHub links" +"ELIYA GEERLINGS","Main Contributor","Migration: comments-modal","Archive","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Backend - Modify users Table to add Total Tutor Time","Archive","No GitHub links" +"ELIYA GEERLINGS","","Migrate local-storage.coffee","Sprint 1 Complete","No GitHub links" +"ELIYA GEERLINGS","","Fix CI lint checks in thoth-tech/documentation","Archive","https://github.com/thoth-tech/documentation/pull/585" +"ELIYA GEERLINGS","Reviewer","Backend - Create new table tutor_times","Archive","No GitHub links" +"ELIYA GEERLINGS","","Identify and fix build issues on windows on 8.0.x branch","Sprint 3 Complete","https://github.com/doubtfire-lms/doubtfire-web/pull/922" +"ELIYA GEERLINGS","Reviewer","Backend: Organization Management, Site Administrator Logic","Sprint 2 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/58" +"ELIYA GEERLINGS","","Clarify requirements, make plans for execution","Archive","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Backend - Redesign Tutor Time Feature","Sprint 3 Review","No GitHub links" +"ELIYA GEERLINGS","","Persistent PDF zoom levels when selecting between different task submissions","Upstream review","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Create example templates for course maps.","Sprint 1 Complete","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Create Visualisation Service","Archive","No GitHub links" +"ELIYA GEERLINGS","","Autoload PDFs on page 2 when viewing student submissions","Upstream review","No GitHub links" +"ELIYA GEERLINGS","","Fix up existing confirmation-modal migration","Upstream review","No GitHub links" +"ELIYA GEERLINGS","Reviewer","Migrate content-editable.coffee","Sprint 4 Complete","No GitHub links" +"EPITACIO DO NASCIMENTO NETO","Main Contributor","CORS Vulnerability - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"EPITACIO DO NASCIMENTO NETO","Main Contributor","OWASP Top 10 report and action items","Sprint 3 Complete","No GitHub links" +"EPITACIO DO NASCIMENTO NETO","Reviewer","Implement Video Upload Functionality in Backend","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-api/pull/48; https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/120" +"EPITACIO DO NASCIMENTO NETO","Main Contributor","Clickjacking: X-Frame-Options header - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"GAURAV MANOHAR MYANA","Reviewer","OnTrack Style Guide v0.1","Colour Vision Deficiency Accessibility","No GitHub links" +"GAURAV MANOHAR MYANA","","Build Dashboard for admin","Tutor Times","No GitHub links" +"HARSHITA SHROFF SHROFF","Reviewer","Design UI Adjustments for Unit Chair Admin Page","Archive","https://github.com/thoth-tech/documentation/pull/513" +"HARSHITA SHROFF SHROFF","Main Contributor","Document the below API pages in detail within the website (Set_3)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/5" +"HARSHITA SHROFF SHROFF","Main Contributor","Document the below API pages in detail within the website (set2)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/4" +"HARSHITA SHROFF SHROFF","Main Contributor","Document the below API pages in detail within the website - set 4 (units API)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/6" +"HARSHITA SHROFF SHROFF","Reviewer","Create documentation for tutor feedback enhancement api and front end components","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/511" +"HARSHITA SHROFF SHROFF","Main Contributor","Document the below API pages in detail within the website - set 4.1 (units API) - part 2","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/7" +"HARSHITA SHROFF SHROFF","Main Contributor","Document below set of API's within Astro website (set1)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/3" +"HASINDU DESHITHA WELARATHNE","Main Contributor","Migrate students-list.coffee","Frontend Migration","No GitHub links" +"HASINDU DESHITHA WELARATHNE","Reviewer","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"HASINDU DESHITHA WELARATHNE","","Fix: 9.x Burndown Data Visualisation","Sprint 4 Complete","No GitHub links" +"HASINDU DESHITHA WELARATHNE","","Migrate recorder-service.coffee","Sprint 2 Doing","No GitHub links" +"HASINDU DESHITHA WELARATHNE","Main Contributor","Migrate debug.coffee","Sprint 3 Complete","No GitHub links" +"HASINDU DESHITHA WELARATHNE","Reviewer","Explore how user's use organisation, switch between them and the effects of switching between them","Archive","https://github.com/thoth-tech/documentation/pull/609" +"HIRDYANSH DUDI","","Plan frontend documentation","Sprint 1 Complete","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/114; https://github.com/thoth-tech/doubtfire-astro/pull/16" +"HIRDYANSH DUDI","","Add Google sign on to OnTrack","Sprint 3 Complete","No GitHub links" +"IBI FATOKI","","Web Security Audit: Broken Access Control","Sprint 3 Complete","No GitHub links" +"IBI FATOKI","Reviewer","Migrate unit-staff-editor.coffee","Sprint 3 Complete","No GitHub links" +"IBI FATOKI","Main Contributor","Security Issue: Malicious Code Execution","Sprint 3 Upstream Review","No GitHub links" +"IBI FATOKI","","Design Feature - Incorporate Content","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/365" +"IBI FATOKI","","Backend: Organization Management, Site Administrator Logic","Sprint 2 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/58" +"IBI FATOKI","","Security Issue: Session Hijacking - Insufficient Session Binding","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/61" +"IBI FATOKI","Main Contributor","Security Issue: Exploitable CORS Configuration","Sprint 4 Complete","No GitHub links" +"IBI FATOKI","","Web Security Audit: Identification and Authentication Failures","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-astro/pull/29" +"IBI FATOKI","","Security Issue: Insecure Token Exposure via Client-Side Storage and HTTP Headers","Sprint 4 Complete","No GitHub links" +"IBI FATOKI","","Migrate content-editable.coffee","Sprint 4 Complete","No GitHub links" +"IBI FATOKI","","Migrate debug.coffee","Sprint 3 Complete","No GitHub links" +"IBI FATOKI","Main Contributor","Web Security Audit: Server-Side Request Forgery (SSRF)","Sprint 1 Complete","No GitHub links" +"IBI FATOKI","","Security Issue: Clickjacking via Missing Security Headers","Sprint 3 Upstream Review","No GitHub links" +"IBI FATOKI","","Security Issue: Session Hijacking via Forced Session Fixation","Sprint 3 Upstream Review","No GitHub links" +"IBI FATOKI","Main Contributor","Security Issue: Publicly Accessible API Documentation via Swagger","OnTrack x AppAttack","No GitHub links" +"IBI FATOKI","","Web Security Audit: Injection","Sprint 3 Upstream Review","No GitHub links" +"IBI FATOKI","Reviewer","Insecure Direct Object Ref - Unauthorized Access to Staff Info","Sprint 4 Complete","No GitHub links" +"IBI FATOKI","Reviewer","Security Issue: Exposed JavaScript Source Map","Sprint 4 Complete","No GitHub links" +"IRIS CHEN","Main Contributor","Web Security Audit: Injection","Sprint 3 Upstream Review","No GitHub links" +"IRIS CHEN","Main Contributor","Secure Settings Endpoint","Sprint 3 Upstream Review","No GitHub links" +"IRIS CHEN","","Security Issue: Exploitable CORS Configuration","Sprint 4 Complete","No GitHub links" +"IRIS CHEN","Main Contributor","Security Issue: Session Hijacking - Insufficient Session Binding","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/61" +"IRIS CHEN","","Security Issue: Exposed JavaScript Source Map","Sprint 4 Complete","No GitHub links" +"IRIS CHEN","","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"IRIS CHEN","Main Contributor","Web Security Audit: Cryptographic Failures","Security","No GitHub links" +"IRIS CHEN","Main Contributor","Web Security Audit: Broken Access Control","Sprint 3 Complete","No GitHub links" +"IRIS CHEN","","Fix IDOR Vulnerability - User Data Access","Security","No GitHub links" +"IRIS CHEN","","Insecure Direct Object Ref - Unauthorized Access to Staff Info","Sprint 4 Complete","No GitHub links" +"IRIS CHEN","Main Contributor","Standardize API Authentication Requirements","Security","No GitHub links" +"IRIS CHEN","","Web Security Audit: Security Misconfiguration","Security","No GitHub links" +"IRIS CHEN","","Security Issue: Malicious Code Execution","Sprint 3 Upstream Review","No GitHub links" +"IRIS CHEN","","Frontend Migrations: Update frontend migration progress list","Sprint 2 Code Review","No GitHub links" +"IRIS CHEN","","Create new Visualisation for Target Grade & Chart","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/326" +"IRIS CHEN","","Security Issue: Clickjacking via Missing Security Headers","Sprint 3 Upstream Review","No GitHub links" +"IRIS CHEN","Main Contributor","Security Issue: Session Hijacking via Forced Session Fixation","Sprint 3 Upstream Review","No GitHub links" +"IRIS CHEN","","Web Security Audit: Server-Side Request Forgery (SSRF)","Sprint 1 Complete","No GitHub links" +"IRIS CHEN","Main Contributor","Web Security Audit: Identification and Authentication Failures","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-astro/pull/29" +"IRIS CHEN","","Fix Insecure Direct Object References (IDOR) Vulnerability","Security","No GitHub links" +"IVAN JUSTIN","","Chat markdown not rendering properly bug","To Be Reviewed","No GitHub links" +"IVAN JUSTIN","Main Contributor","Latex docker downsizing: Creation of feasibility document","Upstream review","No GitHub links" +"JACK SHINNERS CARROLL","","Documentation: grade-task-modal component review","Upstream review","No GitHub links" +"JACK SHINNERS CARROLL","Reviewer","Latex docker downsizing: Implementation","Upstream review","No GitHub links" +"JACK SHINNERS CARROLL","","Add JPLAG frontend","Upstream review","https://github.com/doubtfire-lms/doubtfire-web/pull/873" +"JACK SHINNERS CARROLL","","Alter JPLAG api code","Upstream review","https://github.com/doubtfire-lms/doubtfire-api/pull/447" +"JACK SHINNERS CARROLL","","Migration: unit-staff-editor.coffee","To Be Reviewed","No GitHub links" +"JACK SHINNERS CARROLL","Main Contributor","Write documentation for JPLAG","Upstream review","No GitHub links" +"JACK SHINNERS CARROLL","","Migrate analytics.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/256" +"JACK SHINNERS CARROLL","","Create JPLAG Container","Upstream review","https://github.com/doubtfire-lms/doubtfire-deploy/pull/28" +"JACK SHINNERS CARROLL","Reviewer","Latex docker downsizing: Creation of feasibility document","Upstream review","No GitHub links" +"JACK SHINNERS CARROLL","Reviewer","JPLAG UI documentation","Upstream review","https://github.com/thoth-tech/documentation/pull/555" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the Unit Definition entity (phase 1)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/42" +"JAKE MANSFIELD","Main Contributor","Ensure Unit Definition model satisfies all requirements (Phase 2)","Archive","No GitHub links" +"JAKE MANSFIELD","Reviewer","Add detailed operations for units API (task_definitions -tii_group_attachments ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the course map entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/35" +"JAKE MANSFIELD","","Migrate analytics.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/256" +"JAKE MANSFIELD","Reviewer","Document the below API pages in detail within the website - set 4.1 (units API) - part 2","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/7" +"JAKE MANSFIELD","Reviewer","Migration: timeout.coffee","Archive","https://github.com/doubtfire-lms/doubtfire-web/pull/868/commits/6a965ef9927837bd3e9e77d27b035473cd97; https://github.com/thoth-tech/doubtfire-web/pull/230" +"JAKE MANSFIELD","Reviewer","Document the below API pages in detail within the website - set 5","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/9" +"JAKE MANSFIELD","Reviewer","Add detailed operations for units API (task_definitions) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"JAKE MANSFIELD","Reviewer","Add detailed operations for units API (task_definitions - task_assessment_resources ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/13" +"JAKE MANSFIELD","Reviewer","Create the main component that hosts all course flow related components.","Archive","https://github.com/thoth-tech/doubtfire-web/pull/180" +"JAKE MANSFIELD","Reviewer","Document the operations units API - Tutorial Streams","Archive","No GitHub links" +"JAKE MANSFIELD","Reviewer","Document the below API pages in detail within the website - set 4 (units API)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/6" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the course map unit entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/35" +"JAKE MANSFIELD","Main Contributor","Add Authentication to the Courseflow endpoints","Archive","No GitHub links" +"JAKE MANSFIELD","Reviewer","Add detailed operations for units API (group set - group csv) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"JAKE MANSFIELD","","Make a Plan for Courseflow for T2","Archive","No GitHub links" +"JAKE MANSFIELD","","Onboarding Juniors Guidence","Upstream review","https://github.com/thoth-tech/documentation/pull/551" +"JAKE MANSFIELD","Reviewer","Add detailed operations for units API (group set - group ID) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"JAKE MANSFIELD","","Courseflow Documentation Requirement Analysis","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/14" +"JAKE MANSFIELD","Main Contributor","Create dummy data for a specific course for the front end to use (Phase 3)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/43" +"JAKE MANSFIELD","Main Contributor","Create appropriate testing files for the Unit Definition entity (Phase 1)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/42" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the specialization entity.","Upstream review","No GitHub links" +"JAKE MANSFIELD","Main Contributor","Migrate the existing Unit table to be compatible with Unit Definition (Phase 4)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/41" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the course entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/34" +"JAKE MANSFIELD","Reviewer","Document the below API pages in detail within the website (set2)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/4" +"JAKE MANSFIELD","Reviewer","Document below set of API's within Astro website (set1)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/3" +"JAKE MANSFIELD","Reviewer","Created coursemap base page","Upstream review","https://github.com/thoth-tech/doubtfire-web/pull/233" +"JAKE MANSFIELD","Reviewer","Add button to Courseflow main component","Upstream review","No GitHub links" +"JAKE MANSFIELD","Reviewer","Document the below API pages in detail within the website (Set_3)","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/5" +"JAKE MANSFIELD","Main Contributor","Implement the backend requirements for the requirement set entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/37" +"JASON MARK VELLUCCI","Main Contributor","Frontend Migrations: Update frontend migration progress list","Sprint 2 Code Review","No GitHub links" +"JASON MARK VELLUCCI","","Refactor CourseFlow code base for better components maintainence","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/385" +"JASON MARK VELLUCCI","","Migrate runtime.coffee","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/398" +"JASON MARK VELLUCCI","Main Contributor","Migration: group set selector","Sprint 2 Code Review","No GitHub links" +"JASON MARK VELLUCCI","Reviewer","8.x and 9.x build documentation","Sprint 2 Code Review","No GitHub links" +"JASON MARK VELLUCCI","","Update unit model to host more details","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-api/pull/71" +"JASON MARK VELLUCCI","Reviewer","Clean up src/app/admin/modals/create-unit-modal leftover files","Sprint 1 Review","No GitHub links" +"JASON MARK VELLUCCI","Reviewer","Migrate Group-member-list","Sprint 1 Doing","No GitHub links" +"JASON MARK VELLUCCI","","Migrate summary-task-status-scatter","Frontend Migration","No GitHub links" +"JAYANI VIMUKTHIKA VITHANAGE","Main Contributor","Spike - Explore video integration using Panopto","Archive","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/70" +"JOE IWASAKI MACLEAN","Main Contributor","Frontend Work: Form Validation","Sprint 3 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"JOE IWASAKI MACLEAN","Main Contributor","Extend the UI to select multiple students to grant extension ","Sprint 4 Complete","No GitHub links" +"JOE IWASAKI MACLEAN","","Migrate listener-service.coffee","Sprint 3 Upstream Review","No GitHub links" +"JOE IWASAKI MACLEAN","","Migrate media-service.coffee","Sprint 1 Complete","No GitHub links" +"JOE IWASAKI MACLEAN","","Create API Endpoint for Granting Extensions","Sprint 4 Complete","No GitHub links" +"JOE IWASAKI MACLEAN","","Backend Work: Set up notification system","Sprint 4 Complete","No GitHub links" +"JOE IWASAKI MACLEAN","","Migrate analytics-service.coffee","Sprint 2 Complete","No GitHub links" +"JOE IWASAKI MACLEAN","Main Contributor","Frontend work: Grant Extension Form UI","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"JOE IWASAKI MACLEAN","Main Contributor","Frontend Work: API integration for form submission","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/330" +"JOSEPH KALAYATHANKAL SAJI","Reviewer","Backend - Create session_activities table","Sprint 1 Review","No GitHub links" +"JOSEPH KALAYATHANKAL SAJI","Main Contributor","OnTrack Style Guide v0.1","Colour Vision Deficiency Accessibility","No GitHub links" +"JOSEPH KALAYATHANKAL SAJI","","Backend - Implement API Endpoints for SessionActivies and MarkingSession for Analytics","Sprint 2 Doing","No GitHub links" +"JOSEPH KALAYATHANKAL SAJI","Main Contributor","Backend - Create marking_sessions table","Sprint 1 Review","No GitHub links" +"JOSH BEVAN","Reviewer","Migration: group set selector","Sprint 2 Code Review","No GitHub links" +"JOSH BEVAN","Main Contributor","Fix typo in /edit_profile","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/279; https://github.com/doubtfire-lms/doubtfire-web/pull/921" +"JOSH BEVAN","","Web Security Audit: Server-Side Request Forgery (SSRF)","Sprint 1 Complete","No GitHub links" +"JOSH BEVAN","","Backend - Create new table tutor_times","Archive","No GitHub links" +"JOSH BEVAN","Reviewer","Frontend Migrations: Update frontend migration progress list","Sprint 2 Code Review","No GitHub links" +"JOSH BEVAN","","Security Issue: Session Hijacking - Insufficient Session Binding","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/61" +"JOSH KILINC","","Create Stage Option Selector Modal for Comment Composer","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/210" +"JOSH KILINC","Main Contributor","Create documentation for tutor feedback enhancement api and front end components","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/511" +"JOSH KILINC","","Design Stage Option Selector","To Be Reviewed","https://github.com/thoth-tech/documentation/pull/510" +"JOSH KILINC","","Merge Development Changes","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/210" +"JOSH KILINC","","Integrate Stages into Comment Model","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/210" +"JOSH KILINC","","add stage model to feedback api","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/27" +"JOSH KILINC","","Develop stage.service for Backend Integration","Archive","https://github.com/thoth-tech/doubtfire-web/pull/209" +"JOSH KILINC","","Refactor Task Definition Components","Archive","https://github.com/coskun-kilinc/doubtfire-web/commit/25d1161bbac366de5f1fed251c5d38ca17fddf4c" +"JOSH KILINC","","Adjust Unit Chair admin page for Tasks to include feedback enhancement stages.","Archive","https://github.com/coskun-kilinc/doubtfire-web/commit/c360db2b207cf3ea31ad67f659228fbd59846ac1; https://github.com/coskun-kilinc/doubtfire-web/commit/141bc33cd8cf0fc4996fa3361eaececc0f8824a5; https://github.com/coskun-kilinc/doubtfire-web/commit/22bc53099fee7c1234e03a9d548a16eb21302a52" +"JOSH KILINC","Main Contributor","Design UI Adjustments for Unit Chair Admin Page","Archive","https://github.com/thoth-tech/documentation/pull/513" +"JOSH KILINC","","Adjust Task Def model to include feedback enhancement.","Archive","https://github.com/coskun-kilinc/doubtfire-web/commit/141bc33cd8cf0fc4996fa3361eaececc0f8824a5" +"JOSH KILINC","","Update Task Definition Model and Components","Archive","https://github.com/thoth-tech/doubtfire-web/pull/209" +"JOSH TALEV","Main Contributor","Clean up src/app/admin/modals/create-unit-modal leftover files","Sprint 1 Review","No GitHub links" +"JOSH TALEV","Main Contributor","Backend - Create session_activities table","Sprint 1 Review","No GitHub links" +"JOSH TALEV","Main Contributor","Migrate confirmation-modal.coffee","Sprint 1 Review","No GitHub links" +"JOSH TALEV","Main Contributor","Migrate Portfolio Welcome Step","Sprint 1 Complete","No GitHub links" +"JOSH TALEV","","Migration: group set selector","Sprint 2 Code Review","No GitHub links" +"JUDE ROZAIRO","","History of Target Grade change Pagination","Sprint 4 Complete","No GitHub links" +"JUDE ROZAIRO","Reviewer","OWASP Top 10 report and action items","Sprint 3 Complete","No GitHub links" +"JUDE ROZAIRO","Reviewer","CORS Vulnerability - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"JUDE ROZAIRO","Reviewer","Fix typo in /edit_profile","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/279; https://github.com/doubtfire-lms/doubtfire-web/pull/921" +"JUDE ROZAIRO","Reviewer","Create new Visualisation for Target Grade & Chart","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/326" +"JUDE ROZAIRO","","Migrate debug.coffee","Sprint 3 Complete","No GitHub links" +"JUDE ROZAIRO","Main Contributor","History of Target Grade change","Sprint 1 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Fix: Astro index image","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Migrate unit-staff-editor.coffee","Sprint 3 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Security Issue: Exposed JavaScript Source Map","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Insecure Direct Object Ref - Unauthorized Access to Staff Info","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Fix: 9.x Burndown Data Visualisation","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Migrate student-task-status-pie-chart.coffee","Sprint 3 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Migrate outcome-service.coffee","Sprint 2 Code Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Migrate portfolio-grade-select-step.coffee","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","[big task] Migrate filters.coffee","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","8.x and 9.x build documentation","Sprint 2 Code Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Migrate listener-service.coffee","Sprint 3 Upstream Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Remove alignment-bar-chart.coffee","Sprint 2 Code Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Migration: group set selector","Sprint 2 Code Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Migrate media-service.coffee","Sprint 1 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Reviewer","Create a new video guide/tutorial setting up dev environment","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/358" +"LACHLAN MACKIE ROBINSON","","Migrate analytics-service.coffee","Sprint 2 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Migrate utilService.coffee","Sprint 1 Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Security Issue: Insecure Token Exposure via Client-Side Storage and HTTP Headers","Sprint 4 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","Reviewer","Security Issue: Clickjacking via Missing Security Headers","Sprint 3 Upstream Review","No GitHub links" +"LACHLAN MACKIE ROBINSON","Main Contributor","Migrate progress-dashboard.coffee","Sprint 3 Complete","No GitHub links" +"LACHLAN MACKIE ROBINSON","","Create Visualisation Service","Archive","No GitHub links" +"LAMIA TABASSUM","","Add observer property to unit-level roles","Visitor Enhancement - NOT CAPSTONE","No GitHub links" +"LOVLEEN KALA","","Migrate analytics-service.coffee","Sprint 2 Complete","No GitHub links" +"LOVLEEN KALA","Main Contributor","Migrate group-member-list.coffee","Sprint 2 Upstream Review","No GitHub links" +"LOVLEEN KALA","","Backend: Organization Management, Site Administrator Logic","Sprint 2 Upstream Review","https://github.com/thoth-tech/doubtfire-api/pull/58" +"LOVLEEN KALA","","Explore how user's use organisation, switch between them and the effects of switching between them","Archive","https://github.com/thoth-tech/documentation/pull/609" +"LOVLEEN KALA","Reviewer","Frontend Work - Tutor Times","Archive","No GitHub links" +"LOVLEEN KALA","Reviewer","Design Feature - Incorporate Content","Sprint 2 Complete","https://github.com/thoth-tech/doubtfire-web/pull/365" +"LOVLEEN KALA","","Migrate progress-dashboard.coffee","Sprint 3 Complete","No GitHub links" +"MARTIN JOHN DOLORES","","Create example templates for course maps.","Sprint 1 Complete","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Migrate utilService.coffee","Sprint 1 Review","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Migrate groups.coffee","Sprint 1 Review","No GitHub links" +"MARTIN JOHN DOLORES","","Fix typo in /edit_profile","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/279; https://github.com/doubtfire-lms/doubtfire-web/pull/921" +"MARTIN JOHN DOLORES","Main Contributor","Migrate content-editable.coffee","Sprint 4 Complete","No GitHub links" +"MARTIN JOHN DOLORES","","Backend - Create POST and PUT endpoint to record/edit Tutor Time","Archive","No GitHub links" +"MARTIN JOHN DOLORES","","Backend - Integrate SessionTracker service across related entities","Tutor Times","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Backend - Create new table tutor_times","Archive","No GitHub links" +"MARTIN JOHN DOLORES","","Backend - Create new SessionTracker Service","Sprint 2 Doing","No GitHub links" +"MARTIN JOHN DOLORES","Reviewer","Redesign Tutor Time feature to work automatically","Sprint 4 Complete","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Backend - Redesign Tutor Time Feature","Sprint 3 Review","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Backend - Database Trigger for Auto-Update for Total Tutor Time","Archive","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","Backend - Modify users Table to add Total Tutor Time","Archive","No GitHub links" +"MARTIN JOHN DOLORES","Reviewer","Create test data for CourseFlow ( Course map, Course map units, Units)","Sprint 1 Review","No GitHub links" +"MARTIN JOHN DOLORES","","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"MARTIN JOHN DOLORES","","Web Security Audit: Cryptographic Failures","Security","No GitHub links" +"MARTIN JOHN DOLORES","Reviewer","Security Issue: Publicly Accessible API Documentation via Swagger","OnTrack x AppAttack","No GitHub links" +"MARTIN JOHN DOLORES","Reviewer","Standardize API Authentication Requirements","Security","No GitHub links" +"MARTIN JOHN DOLORES","Reviewer","Backend - Create marking_sessions table","Sprint 1 Review","No GitHub links" +"MARTIN JOHN DOLORES","","Migrate Portfolio Welcome Step","Sprint 1 Complete","No GitHub links" +"MARTIN JOHN DOLORES","","Backend - Create session_activities table","Sprint 1 Review","No GitHub links" +"MARTIN JOHN DOLORES","Main Contributor","[big task] Migrate filters.coffee","Sprint 4 Complete","No GitHub links" +"MARTIN JOHN DOLORES","","Migrate confirmation-modal.coffee","Sprint 1 Review","No GitHub links" +"MILLICENT ACHIENG AMOLO","","Fix Frontend Admin Route Access Controls","Security","No GitHub links" +"MINH THO DUONG","Reviewer","Migration: Group member list","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/157; https://github.com/thoth-tech/doubtfire-web/pull/167; https://github.com/thoth-tech/documentation/pull/470" +"MINU NEDIYAPALACKAL SUNIL","Reviewer","Create diagram of coursemap page","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/11" +"MINU NEDIYAPALACKAL SUNIL","Main Contributor","Document the below API pages in detail within the website - set 5","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/9" +"MINU NEDIYAPALACKAL SUNIL","Main Contributor","Add detailed operations for units API (task_definitions -tii_group_attachments ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"MINU NEDIYAPALACKAL SUNIL","Main Contributor","Add detailed operations for units API (task_definitions) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"MINU NEDIYAPALACKAL SUNIL","","Add detailed operations for units API (group set - group csv) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"MINU NEDIYAPALACKAL SUNIL","","Add detailed operations for units API (group set - group ID) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"MINU NEDIYAPALACKAL SUNIL","Main Contributor","Add detailed operations for units API (task_definitions - task_assessment_resources ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/13" +"MINU NEDIYAPALACKAL SUNIL","","Document the operations units API - Tutorial Streams","Archive","No GitHub links" +"MINU NEDIYAPALACKAL SUNIL","Reviewer","Pull the API docs from last trimester into the new folder structure","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/15" +"MINU NEDIYAPALACKAL SUNIL","Main Contributor","Courseflow Documentation Requirement Analysis","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/14" +"PARTH SANJAYKUMAR VAGHELA","","Migrate unit-dates-selector.coffee","Sprint 2 Doing","No GitHub links" +"PASINDU FERNANDO","","Migrate group-member-contribution-assigner.coffee","Sprint 4 Complete","No GitHub links" +"PASINDU FERNANDO","","Migrate progress-dashboard.coffee","Sprint 3 Complete","No GitHub links" +"PASINDU FERNANDO","","Migrate routing.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/296" +"PASINDU FERNANDO","Reviewer","Migrate recorder-service.coffee","Sprint 2 Doing","No GitHub links" +"PASINDU FERNANDO","Reviewer","Migrate Portfolio Welcome Step","Sprint 1 Complete","No GitHub links" +"PASINDU FERNANDO","Main Contributor","Migrate unit-details-editor.coffee","Sprint 4 Complete","No GitHub links" +"PASINDU FERNANDO","Reviewer","Migrate confirmation-modal.coffee","Sprint 1 Review","No GitHub links" +"PASINDU FERNANDO","Main Contributor","Migrate analytics.coffee","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/295; https://github.com/thoth-tech/documentation/pull/586" +"PASINDU FERNANDO","","Migration (Cleanup Task): inbox.coffee","Frontend Migration","No GitHub links" +"PASINDU FERNANDO","","Migrate students-list.coffee","Frontend Migration","No GitHub links" +"PASINDU FERNANDO","Main Contributor","Migrate Group-member-list","Sprint 1 Doing","No GitHub links" +"PASINDU FERNANDO","Main Contributor","Migrate portfolio-grade-select-step.coffee","Sprint 4 Complete","No GitHub links" +"PRABHJOT SINGH","","Migration: unit-details-editor.coffee","To Be Reviewed","No GitHub links" +"RASHI AGRAWAL","Reviewer","Frontend: Add new SGE page","Staff Grant Extension","No GitHub links" +"RASHI AGRAWAL","","Test backend and frontend integration","Sprint 1 Complete","No GitHub links" +"RASHI AGRAWAL","","Migrate unit-ilo-edit-modal.coffee","Frontend Migration","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Add summary of skills component","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/396" +"SAHIRU HESHAN WITHANAGE","Reviewer","Migration (Cleanup Task): inbox.coffee","Frontend Migration","No GitHub links" +"SAHIRU HESHAN WITHANAGE","Reviewer","Add ability to mark unit as complete (phase 4)","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/386" +"SAHIRU HESHAN WITHANAGE","","Extend the UI to select multiple students to grant extension ","Sprint 4 Complete","No GitHub links" +"SAHIRU HESHAN WITHANAGE","Main Contributor","Backend Work: Set up notification system","Sprint 4 Complete","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Remove alignment-bar-chart.coffee","Sprint 2 Code Review","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Frontend Work: Student search and selection","Staff Grant Extension","No GitHub links" +"SAHIRU HESHAN WITHANAGE","Main Contributor","Frontend: Add new SGE page","Staff Grant Extension","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Migrate group-member-contribution-assigner.coffee","Sprint 4 Complete","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Frontend Work: API integration for form submission","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/330" +"SAHIRU HESHAN WITHANAGE","","Migrate routing.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/296" +"SAHIRU HESHAN WITHANAGE","","Migrate student-task-status-pie-chart.coffee","Sprint 3 Complete","No GitHub links" +"SAHIRU HESHAN WITHANAGE","Main Contributor","Create API Endpoint for Granting Extensions","Sprint 4 Complete","No GitHub links" +"SAHIRU HESHAN WITHANAGE","","Frontend work: Grant Extension Form UI","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"SAHIRU HESHAN WITHANAGE","","Frontend Work: Form Validation","Sprint 3 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"SAM ROLFE","Reviewer","Ensure Unit Definition model satisfies all requirements (Phase 2)","Archive","No GitHub links" +"SAM ROLFE","Main Contributor","Create diagram of coursemap page","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/11" +"SAM ROLFE","Reviewer","Migration: grade-icon.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/231" +"SAM ROLFE","Reviewer","Courseflow Documentation Requirement Analysis","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/14" +"SAM ROLFE","Reviewer","Add Authentication to the Courseflow endpoints","Archive","No GitHub links" +"SAM ROLFE","Reviewer","Migrate the existing Unit table to be compatible with Unit Definition (Phase 4)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/41" +"SAM ROLFE","Reviewer","Create dummy data for a specific course for the front end to use (Phase 3)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/43" +"SAM ROLFE","Reviewer","Create appropriate testing files for the Unit Definition entity (Phase 1)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/42" +"SAM ROLFE","Reviewer","Implement the backend requirements for the Unit Definition entity (phase 1)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-api/pull/42" +"SAM ROLFE","Main Contributor","Add ability to add elective units to the unit pool (phase 2)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/236" +"SAM ROLFE","Reviewer","Implement the backend requirements for the specialization entity.","Upstream review","No GitHub links" +"SAM ROLFE","Reviewer","Implement the backend requirements for the course map unit entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/35" +"SAM ROLFE","Reviewer","Implement the backend requirements for the requirement set entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/37" +"SAM ROLFE","","Create a list of tasks for CourseMap FE","Archive","No GitHub links" +"SAM ROLFE","Main Contributor","Created coursemap base page","Upstream review","https://github.com/thoth-tech/doubtfire-web/pull/233" +"SAM ROLFE","Reviewer","Implement the backend requirements for the course map entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/35" +"SAM ROLFE","Main Contributor","Add button to Courseflow main component","Upstream review","No GitHub links" +"SAM ROLFE","Main Contributor","Populate remaining units container with relevant units from course (phase 2)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/253" +"SAM ROLFE","Main Contributor","Create services and models for courseflow back end components.","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/252" +"SAM ROLFE","Reviewer","Implement the backend requirements for the course entity.","Upstream review","https://github.com/thoth-tech/doubtfire-api/pull/34" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Add ability to mark unit as complete (phase 4)","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/386" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Backend - Create new table tutor_times","Archive","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Frontend Work: API integration for form submission","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/330" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Update documentation in doubtfire-astro for staff grant extension new APIs and FE components","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-astro/pull/40" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Feature exploration: Staff Grant Extension","Sprint 1 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Frontend work: Grant Extension Form UI","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Migrate utilService.coffee","Sprint 1 Review","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Extend the UI to select multiple students to grant extension ","Sprint 4 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Web Security Audit: Identification and Authentication Failures","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-astro/pull/29" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Frontend Work: Set up notification UI","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-web/pull/353" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Frontend Work: Form Validation","Sprint 3 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Security Issue: Insecure Token Exposure via Client-Side Storage and HTTP Headers","Sprint 4 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Create example templates for course maps.","Sprint 1 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Web Security Audit: Cryptographic Failures","Security","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Backend Work: Set up notification system","Sprint 4 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Reviewer","Create API Endpoint for Granting Extensions","Sprint 4 Complete","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Frontend: Add new SGE page","Staff Grant Extension","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","Main Contributor","Import & Download list of tutorials by CSV","Sprint 3 Upstream Review","https://github.com/thoth-tech/doubtfire-web/pull/314; https://github.com/thoth-tech/doubtfire-api/pull/59" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Standardize API Authentication Requirements","Security","No GitHub links" +"SAMINDI SITUMYA RATNAYAKE MUDIYANSELAGE","","Backend- In-system notification system","Sprint 1 Review","https://github.com/thoth-tech/doubtfire-api/pull/69" +"SHEN TIAN","Main Contributor","Migrate analytics.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/256" +"SHEN TIAN","","Add button to Courseflow main component","Upstream review","No GitHub links" +"SHEN TIAN","Main Contributor","Migration: timeout.coffee","Archive","https://github.com/doubtfire-lms/doubtfire-web/pull/868/commits/6a965ef9927837bd3e9e77d27b035473cd97; https://github.com/thoth-tech/doubtfire-web/pull/230" +"SHEN TIAN","","Created coursemap base page","Upstream review","https://github.com/thoth-tech/doubtfire-web/pull/233" +"SHEN TIAN","Reviewer","Create services and models for courseflow back end components.","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/252" +"SHEN TIAN","Reviewer","Populate remaining units container with relevant units from course (phase 2)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/253" +"SHOUNAK RAVI BHALERAO","","Web Security Audit: Vulnerable and Outdated Components","Sprint 3 Complete","No GitHub links" +"SHOUNAK RAVI BHALERAO","","New Notification System PoC","Sprint 4 Complete","No GitHub links" +"SHOUNAK RAVI BHALERAO","","Migrate grade-icon.coffee","Sprint 1 Complete","https://github.com/doubtfire-lms/doubtfire-web/pull/898; https://github.com/thoth-tech/doubtfire-web/pull/258; https://github.com/thoth-tech/documentation/pull/561" +"SHOUNAK RAVI BHALERAO","","Grant automatic extension on ""resubmit""","Sprint 1 Complete","No GitHub links" +"SHYAMA CHANDRASHEKARAN PILLAI","Main Contributor","Add detailed operations for units API (group set - group csv) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"SHYAMA CHANDRASHEKARAN PILLAI","","Add detailed operations for units API (task_definitions -tii_group_attachments ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"SHYAMA CHANDRASHEKARAN PILLAI","Main Contributor","Add detailed operations for units API (group set - group ID) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/10" +"SHYAMA CHANDRASHEKARAN PILLAI","Main Contributor","Document the operations units API - Tutorial Streams","Archive","No GitHub links" +"SHYAMA CHANDRASHEKARAN PILLAI","","Add detailed operations for units API (task_definitions) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/12" +"SHYAMA CHANDRASHEKARAN PILLAI","","Document the below API pages in detail within the website - set 5","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/9" +"SHYAMA CHANDRASHEKARAN PILLAI","Main Contributor","Pull the API docs from last trimester into the new folder structure","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/15" +"SHYAMA CHANDRASHEKARAN PILLAI","","Add detailed operations for units API (task_definitions - task_assessment_resources ) on Ontrack documentation website","Archive","https://github.com/thoth-tech/doubtfire-astro/pull/13" +"SU MYAT THIRI","Main Contributor","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"TAN TAI NGUYEN","","Migrate portfolios.coffee","Sprint 3 Complete","No GitHub links" +"TED WANG","Main Contributor","Create the main component that hosts all course flow related components.","Archive","https://github.com/thoth-tech/doubtfire-web/pull/180" +"THUY TIEN HOA","","migrate file-uploader.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/246/commits/28a77cd0821ce9b66a43c47741cda35c39132fd; https://github.com/thoth-tech/documentation/pull/535/files" +"THUY TIEN HOA","Reviewer","Add ability to add elective units to the unit pool (phase 2)","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/236" +"THUY TIEN HOA","Main Contributor","Migrate viewer.coffee","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/251" +"THUY TIEN HOA","Main Contributor","Migration: grade-icon.coffee","Archive","https://github.com/thoth-tech/doubtfire-web/pull/231" +"TRIET LAM","","Cleanup feedback.coffee","Frontend Migration","https://github.com/thoth-tech/doubtfire-web/pull/399" +"TRIET LAM","","Migrate task-dashboard.coffee","Frontend Migration","No GitHub links" +"WAEL ALAHMADI","Main Contributor","Add observer property to unit-level roles","Visitor Enhancement - NOT CAPSTONE","No GitHub links" +"WAEL ALAHMADI","Reviewer","Migrate students-list.coffee","Frontend Migration","No GitHub links" +"WAEL ALAHMADI","","Develop Tutor Time Dashboard ","Tutor Times","No GitHub links" +"XIN HUANG","","Clickjacking: X-Frame-Options header - Patch Fix and Validation","Sprint 3 Complete","No GitHub links" +"XIN HUANG","Reviewer","Migrate project-tasks-list.coffee","Sprint 2 Complete","No GitHub links" +"ZARA LAUREN DANZIGER","Main Contributor","Migrate analytics-service.coffee","Sprint 2 Complete","No GitHub links" +"ZARA LAUREN DANZIGER","","Migrate group-member-list.coffee","Sprint 2 Upstream Review","No GitHub links" +"ZARA LAUREN DANZIGER","Reviewer","Frontend Work: Form Validation","Sprint 3 Complete","https://github.com/thoth-tech/doubtfire-web/pull/285" +"ZARA LAUREN DANZIGER","Main Contributor","Migrate media-service.coffee","Sprint 1 Complete","No GitHub links" +"ZARA LAUREN DANZIGER","","Migrate tutorials.coffee","Sprint 4 Complete","No GitHub links" +"ZARA LAUREN DANZIGER","Main Contributor","Migrate date-service.coffee","Sprint 1 Complete","https://github.com/thoth-tech/doubtfire-web/pull/280" +"ZARA LAUREN DANZIGER","Reviewer","Migrate listener-service.coffee","Sprint 3 Upstream Review","No GitHub links" +"ZARA LAUREN DANZIGER","","Migrate analytics.coffee","Sprint 4 Complete","https://github.com/thoth-tech/doubtfire-web/pull/295; https://github.com/thoth-tech/documentation/pull/586" +"ZARA LAUREN DANZIGER","","Fix: 9.x Burndown Data Visualisation","Sprint 4 Complete","No GitHub links" +"ZHONGYU ZHANG","Main Contributor","Migration: Group member list","To Be Reviewed","https://github.com/thoth-tech/doubtfire-web/pull/157; https://github.com/thoth-tech/doubtfire-web/pull/167; https://github.com/thoth-tech/documentation/pull/470" +"ZHONGYU ZHANG","Reviewer","Spike - Explore video integration using Panopto","Archive","https://github.com/thoth-tech/ThothTech-Documentation-Website/pull/70" diff --git a/src/content/docs/report_script/Planner_Pull_Documentation.md b/src/content/docs/report_script/Planner_Pull_Documentation.md new file mode 100644 index 00000000..d8ea1288 --- /dev/null +++ b/src/content/docs/report_script/Planner_Pull_Documentation.md @@ -0,0 +1,96 @@ +# Planner Task Puller Script + +## Overview + +This PowerShell script connects to Microsoft Graph to retrieve tasks from a specified Microsoft Planner plan. It allows the user to pull all tasks, only those assigned to users, or tasks assigned to users within a specific date range. The script can store connection details for multiple plans in a `config.txt` file, allowing for easy switching between them. The script fetches task details, including bucket names, attachments (specifically looking for GitHub links), and assigned users with their roles (Main Contributor, Reviewer). The collected data is then exported to a user-specified CSV file. + +## Prerequisites + +* Windows operating system with PowerShell 7. You can grap powershell online at [Microsoft Page](https://learn.microsoft.com/en-gb/powershell/scripting/install/installing-powershell?view=powershell-7.5) or [Github Link](https://github.com/PowerShell/PowerShell?tab=readme-ov-file). +* An internet connection. +* A Microsoft 365 account with access to Microsoft Planner. +* The `Microsoft.Graph` PowerShell module. + +## Setup + +Before running the script for the first time, you need to install the `Microsoft.Graph` module. Open a PowerShell terminal and run the following command: + +```powershell +Install-Module Microsoft.Graph -Scope CurrentUser -AllowClobber -Force +``` + +## Finding Your Plan ID + +The Plan ID is required to fetch tasks from a specific plan. You can find the Plan ID in the URL of your Planner board. + +1. Go to [Microsoft Planner](https://tasks.office.com/). +2. Open the plan you want to use. +3. Look at the URL in your browser's address bar. It will look something like this: + `https://planner.cloud.microsoft/webui/plan/PLANNER_ID/view/board?tid=BOARDID` +4. The `planId` is the alphanumeric string that follows `plan/`. Copy this value when the script prompts for it. + +### Video Tutorial + +For a visual guide on how to find the Plan ID, please watch this video (Covers Two methods): + +[Plan ID Tutorial](https://deakin365-my.sharepoint.com/:v:/g/personal/s223739207_deakin_edu_au/EeAm2dpPc3VGrh6DHzyHkOcBig0my4m3UYWG5HmGtFG09A?nav=eyJyZWZlcnJhbEluZm8iOnsicmVmZXJyYWxBcHAiOiJPbmVEcml2ZUZvckJ1c2luZXNzIiwicmVmZXJyYWxBcHBQbGF0Zm9ybSI6IldlYiIsInJlZmVycmFsTW9kZSI6InZpZXciLCJyZWZlcnJhbFZpZXciOiJNeUZpbGVzTGlua0NvcHkifX0&e=TVSwwN) + +## How to Run the Script + +[Script Demo](https://deakin365-my.sharepoint.com/:v:/g/personal/s223739207_deakin_edu_au/ETM6TddvX_9KhSbykjwiinMBgSIsZp8inzyoABN32SEFMg?nav=eyJyZWZlcnJhbEluZm8iOnsicmVmZXJyYWxBcHAiOiJPbmVEcml2ZUZvckJ1c2luZXNzIiwicmVmZXJyYWxBcHBQbGF0Zm9ybSI6IldlYiIsInJlZmVycmFsTW9kZSI6InZpZXciLCJyZWZlcnJhbFZpZXciOiJNeUZpbGVzTGlua0NvcHkifX0&e=7QDevO) + +1. Open a PowerShell terminal. +2. Navigate to the directory where the script is located. +3. Execute the script by running: `.\planner_pull.ps1` +4. Follow the on-screen prompts: + * **Choose an option:** Select whether to pull all tasks, only assigned ones, or assigned tasks within a date range. + * **Enter Date Range (if applicable):** If you choose to filter by date, you will be prompted to enter a start and end date in `YYYY-MM-DD` format. + * **Authenticate:** The script uses a device code flow for authentication. You will be prompted to open a URL in a web browser and enter a code to sign in to your Microsoft account. This is required before you can select a plan. + * **Choose a Plan:** + * If you have saved plans in `config.txt`, you will see a numbered list of them. Enter the number to select a plan. + * To add a new plan, choose the "Enter a new Plan ID" option (N). + * **Enter New Plan Details (if applicable):** + * Enter the new Plan ID. + * Enter a descriptive name for the plan. This name is for your reference and will be shown in the selection menu in the future. + * **Enter CSV Filename:** Provide a name for the output CSV file. + +## How it Works + +1. **Module Check:** The script first checks if the `Microsoft.Graph` module is installed. +2. **User Selection:** It prompts the user to choose between pulling all tasks, only assigned tasks, or assigned tasks within a date range. +3. **Date Range Input:** If the user chooses to filter by date, the script prompts for a start and end date. +4. **Authentication:** It connects to the Microsoft Graph API using a device code authentication flow. This is done early to ensure the script has the necessary permissions for subsequent steps. The script uses a minimal set of permissions required to read tasks and user profiles. +5. **Plan ID Configuration:** + * The script reads the `config.txt` file to find any saved plans. + * If saved plans are found, it displays them in a menu for the user to select. + * If the user opts to add a new plan, the script prompts for the new Plan ID and a descriptive name. + * The new plan entry is appended to `config.txt` in the format ` - `. This preserves existing entries. +6. **Data Retrieval:** + * It fetches all tasks for the selected Plan ID using `Get-MgPlannerPlanTask`. + * It fetches all buckets in the plan using `Get-MgPlannerPlanBucket` to create a lookup map of bucket IDs to bucket names. + * For each task, it retrieves detailed information using `Get-MgPlannerTaskDetail`. + * It retrieves user information for assigned users using `Get-MgUser`. +7. **Data Processing:** + * **Date Filtering:** If a date range is provided, the script filters out tasks that were not assigned within that range. + * **Bucket Name:** It matches the task's `bucketId` to the previously fetched list of buckets to get the bucket name. + * **Attachments:** It intelligently scans task references for GitHub links. It checks both the underlying URL and the display text (alias) for each reference. + * If a GitHub link is found in the URL, its display text is checked. If the display text is also a distinct GitHub link, both are preserved for context. Otherwise, only the clean URL is used. + * If a GitHub link is found only in the display text, the entire display text is captured. + This ensures that links are found even if entered incorrectly by users. + * **User Roles:** It determines user roles ("Main Contributor" or "Reviewer") based on the order of assignment. The first assigned user is considered the Main Contributor, and the last is the Reviewer. +8. **Output:** + * The script prompts the user for a desired output CSV filename. + * It compiles all the processed data. + * It displays a preview of the data in the console. + * It exports the final data to the specified CSV file. + +## Output CSV Columns + +* **Name:** The display name of the user assigned to the task. +* **Role:** The role of the user for that task (Main Contributor, Reviewer, or blank). +* **Task:** The title of the Planner task. +* **Bucket:** The name of the bucket the task belongs to. +* **Attachments:** A semicolon-separated list of GitHub URLs found in the task's references. If a reference has a descriptive name that is also a distinct GitHub link, it will be formatted as `DisplayText (URL)`. Otherwise, only the clean URL is shown. This column may also contain a message indicating if no GitHub links were found. + +**Date of Creation:** 22/08/2025 +**Author:** Ibitope Fatoki diff --git a/src/content/docs/report_script/config.txt b/src/content/docs/report_script/config.txt new file mode 100644 index 00000000..add84ff1 --- /dev/null +++ b/src/content/docs/report_script/config.txt @@ -0,0 +1,2 @@ +njykIFLDn0iAY1at7tACfcgADgBS - Ontrack Planner ID +mIelcQoIgkqhbM8WaPS3sMgAEmyV - Splashkit Planner ID diff --git a/src/content/docs/report_script/planner_pull.ps1 b/src/content/docs/report_script/planner_pull.ps1 new file mode 100644 index 00000000..4cfb9d64 --- /dev/null +++ b/src/content/docs/report_script/planner_pull.ps1 @@ -0,0 +1,309 @@ +# Check for Microsoft.Graph module +if (-not (Get-Module -ListAvailable -Name Microsoft.Graph)) { + Write-Host "Microsoft.Graph module is not installed. Please install it by running: Install-Module Microsoft.Graph -Scope CurrentUser -AllowClobber -Force" + exit +} + +# --- Menu Selection --- +Write-Host "How would you like to pull the tasks? Select the relevant Option" +Write-Host "1. Pull all tasks (including unassigned)" +Write-Host "2. Pull only tasks with assigned users ONLY" +Write-Host "3. Pull tasks of assigned users based on a date range(great for progress and handover Doc)" +$selection = Read-Host -Prompt "Enter your choice (1, 2 or 3)" + +if ($selection -ne '1' -and $selection -ne '2' -and $selection -ne '3') { + Write-Host "Invalid selection. Exiting." + exit +} + +if ($selection -eq '3') { + $startDateStr = Read-Host -Prompt "Enter the start date (YYYY-MM-DD)" + $endDateStr = Read-Host -Prompt "Enter the end date (YYYY-MM-DD)" + + try { + $startDate = [datetime]::ParseExact($startDateStr, 'yyyy-MM-dd', $null) + $endDate = [datetime]::ParseExact($endDateStr, 'yyyy-MM-dd', $null).AddDays(1) # Adds one day to include the entire end day + } + catch { + Write-Host "Invalid date format. Please use YYYY-MM-DD. Exiting." + exit + } +} + +# Import required sub modules +Write-Host "Importing Required Microsoft.Graph sub modules..." +Import-Module Microsoft.Graph.Planner +Import-Module Microsoft.Graph.Users + +# Authenticate to Microsoft Graph +Write-Host "Authenticating to Microsoft Graph..." +try { + # Connect to Microsoft Graph with required permissions + Connect-MgGraph -Scopes @( + "Tasks.Read", + "Tasks.ReadWrite", + "User.ReadBasic.All" + ) -UseDeviceCode -Audience "organizations" + + # Verify connection + $context = Get-MgContext + if (-not $context) { + throw "Failed to establish connection" + } + Write-Host "Authentication successful as $($context.Account)" +} +catch { + Write-Error "Authentication failed: $_" + exit 1 +} + +# --- Plan ID Configuration --- +$configPath = ".\config.txt" +$planId = $null + +if (Test-Path $configPath) { + $savedPlans = @(Get-Content $configPath | Where-Object { $_ -match ".+ - .+" }) # Filter for valid entries + if ($savedPlans) { + Write-Host "Please choose a saved Plan ID or enter a new one:" + for ($i = 0; $i -lt $savedPlans.Count; $i++) { + # Display only the name part + Write-Host ("{0}. {1}" -f ($i + 1), $savedPlans[$i].Split(' - ', 2)[1]) + } + Write-Host "N. Enter a new Plan ID" + + $choice = Read-Host -Prompt "Select an ID" + + if ($choice -eq 'N' -or $choice -eq 'n') { + # Flag to enter a new Plan ID + $planId = $null + } + elseif ($choice -match "^\d+$" -and [int]$choice -ge 1 -and [int]$choice -le $savedPlans.Count) { + $selectedIndex = [int]$choice - 1 + # Extract the ID part + $planId = $savedPlans[$selectedIndex].Split(' - ', 2)[0] + } + else { + Write-Host "Invalid selection. Exiting." + exit + } + } +} + +# If no plan was selected from the menu, or if config is empty/doesn't exist +if (-not $planId) { + $newPlanId = Read-Host -Prompt "Please enter the new Plan ID" + $planName = Read-Host -Prompt "Please enter a name for this plan (for your reference)" + + if (-not $newPlanId -or -not $planName) { + Write-Host "Plan ID and Plan Name cannot be empty. Exiting." + exit + } + + $newEntry = "$newPlanId - $planName" + + # Add the new entry to the config file + Add-Content -Path $configPath -Value $newEntry + Write-Host "New Plan ID saved: $newEntry" + $planId = $newPlanId +} + +Write-Host "Using Plan ID: $planId" + +# Initialize task data array +$taskData = @() + +# Retrieve and process tasks +Write-Host "Fetching tasks from plan..." +try { + try { + $tasks = Get-MgPlannerPlanTask -PlannerPlanId $planId -ErrorAction Stop + if (-not $tasks) { + Write-Error "No tasks found in the plan." + exit + } + + # Get all buckets in the plan to create a lookup table for bucket names + $buckets = Get-MgPlannerPlanBucket -PlannerPlanId $planId -ErrorAction Stop + $bucketNameLookup = @{} + foreach ($bucket in $buckets) { + $bucketNameLookup[$bucket.Id] = $bucket.Name + } + } + catch { + Write-Error "Failed to get tasks or buckets: $_" + exit 1 + } + + foreach ($task in $tasks) { + + $bucketName = $bucketNameLookup[$task.BucketId] + + Write-Host "Processing task: $($task.Title)" + + # Get task details for attachments and assigned users + try { + if (-not $task.Assignments) { + if ($selection -eq '1') { + $taskDetails = Get-MgPlannerTaskDetail -PlannerTaskId $task.Id + $attachments = "No references" + if ($taskDetails.References -and $taskDetails.References.AdditionalProperties) { + $foundUrls = @() + foreach ($key in $taskDetails.References.AdditionalProperties.Keys) { + $url = [System.Net.WebUtility]::UrlDecode($key) + $alias = $taskDetails.References.AdditionalProperties[$key].alias + + $urlIsGithub = $url -like "*github.com*" + $aliasIsGithub = $alias -like "*github.com*" + + if ($urlIsGithub -and $aliasIsGithub) { + if ($url -eq $alias) { + $foundUrls += $url + } + else { + $foundUrls += "$alias ($url)" + } + } + elseif ($urlIsGithub) { + $foundUrls += $url + } + elseif ($aliasIsGithub) { + $foundUrls += $alias + } + } + if ($foundUrls.Count -gt 0) { + $attachments = $foundUrls -join "; " + } + else { + $attachments = "No GitHub links" + } + } + + $taskData += [PSCustomObject]@{ + Name = "Unassigned" + Role = "" + Task = $task.Title + Bucket = $bucketNameLookup[$task.BucketId] + Attachments = $attachments + } + } + continue + } + + $taskDetails = Get-MgPlannerTaskDetail -PlannerTaskId $task.Id + + # Check for GitHub references + $attachments = "No references" + if ($taskDetails.References -and $taskDetails.References.AdditionalProperties) { + $foundUrls = @() + foreach ($key in $taskDetails.References.AdditionalProperties.Keys) { + $url = [System.Net.WebUtility]::UrlDecode($key) + $alias = $taskDetails.References.AdditionalProperties[$key].alias + + $urlIsGithub = $url -like "*github.com*" + $aliasIsGithub = $alias -like "*github.com*" + + if ($urlIsGithub -and $aliasIsGithub) { + if ($url -eq $alias) { + $foundUrls += $url + } + else { + $foundUrls += "$alias ($url)" + } + } + elseif ($urlIsGithub) { + $foundUrls += $url + } + elseif ($aliasIsGithub) { + $foundUrls += $alias + } + } + if ($foundUrls.Count -gt 0) { + $attachments = $foundUrls -join "; " + } + else { + $attachments = "No GitHub links" + } + } + else { + Write-Host "No references found in task details" + } + + # Get assigned users + $assignmentKeys = $task.Assignments.AdditionalProperties.Keys + $assignments = $task.Assignments.AdditionalProperties + + if ($assignmentKeys.Count -gt 0) { + # Sort keys by assignedDateTime + $sortedKeys = $assignmentKeys | Sort-Object { [datetime]$assignments[$_].assignedDateTime } + + $mainContributorKey = $sortedKeys[0] + $reviewerKey = if ($sortedKeys.Count -gt 1) { $sortedKeys[-1] } else { $null } + + foreach ($userId in $assignmentKeys) { + $assignment = $assignments[$userId] + $assignedDateTime = [datetime]$assignment.assignedDateTime + + if ($selection -eq '3' -and ($assignedDateTime -lt $startDate -or $assignedDateTime -ge $endDate)) { + continue + } + + $role = if ($userId -eq $mainContributorKey) { "Main Contributor" } elseif ($userId -eq $reviewerKey) { "Reviewer" } else { "" } + + try { + $user = Get-MgUser -UserId $userId -ErrorAction Stop + $userName = $user.DisplayName + } + catch { + Write-Host "Error getting user details: $_" + $userName = "$userId (Unable to get name)" + } + + # Add task to collection with individual user + $taskData += [PSCustomObject]@{ + Name = $userName + Role = $role + Task = $task.Title + Bucket = $bucketName + Attachments = $attachments + } + } + } + } + catch { + Write-Warning "Failed to process task: $($task.Title). Error: $_" + # Add error entry + $taskData += [PSCustomObject]@{ + Name = "Error Processing" + Role = "" + Task = $task.Title + Bucket = $bucketName + Attachments = "Error retrieving attachments" + } + } + } + + # Sort the data by Name + $taskData = $taskData | Sort-Object Name + + # Display preview of the data + Write-Host "`nPreview of exported data:" + $taskData | Format-Table -AutoSize + + # Get output filename from user + $outputFile = Read-Host -Prompt "Enter the desired name for the CSV file" + if (-not ($outputFile.EndsWith(".csv"))) { + $outputFile = "$outputFile.csv" + } + + # Export to CSV + $taskData | Export-Csv -Path $outputFile -NoTypeInformation -Force + Write-Host "Tasks exported successfully to $outputFile" + +} +catch { + Write-Error "Failed to fetch tasks. Error: $_" +} + +Write-Host "Script made by Ibitope Fatoki. Github ibi420" +Write-Host "Script completed." +Read-Host "Press Enter to exit"