2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
|
# Chronos
|
|
|
|
|
|
2017-02-28 17:02:53 +08:00
|
|
|
A school event planner and timetable
|
2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
|
## Todo
|
|
|
|
|
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Migrations
|
2017-02-28 17:29:28 +08:00
|
|
|
- [ ] Authentication
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Global React `user`
|
2017-03-31 16:13:38 +08:00
|
|
|
- [x] OID auth client
|
|
|
|
|
- [ ] jwt token provider
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] auth is a choice between oidc and pass, sends token/pass to `/auth` for validation
|
2017-03-31 16:13:38 +08:00
|
|
|
- [ ] `/auth` verifies oid token or pass, generates signed jwt
|
|
|
|
|
- [ ] jwt taken contains user role
|
|
|
|
|
- [ ] hide/protect certain element
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] fake validator for jwt at protected endpoints
|
2017-03-31 16:13:38 +08:00
|
|
|
- [ ] assume user is admin
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Create group
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Create one-off events
|
2017-02-28 17:29:28 +08:00
|
|
|
- [ ] Create attachments
|
|
|
|
|
- [ ] Description
|
|
|
|
|
- [ ] File
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Create group CCAs
|
|
|
|
|
- [x] Create CCA schedules
|
|
|
|
|
- [ ] Differentiate CCAs from Mentor Groups
|
|
|
|
|
- [x] Create group mentor
|
2017-04-13 00:29:28 +08:00
|
|
|
- [ ] Importable timetables
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Display events as agenda
|
|
|
|
|
- [x] Display events as calendar
|
2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
|
- [ ] Create sample data
|
2017-04-06 21:20:23 +08:00
|
|
|
|
2017-04-16 17:03:00 +08:00
|
|
|
- [ ] Refactor toolbar mutator for homepage pagination
|
|
|
|
|
|
2017-04-06 21:20:23 +08:00
|
|
|
## Security Pitfalls
|
|
|
|
|
|
|
|
|
|
- Auth mechanism not verified
|
2017-04-12 00:14:51 +08:00
|
|
|
- Verification of OID tokens is done by upn being the email address
|
2017-04-06 21:20:23 +08:00
|
|
|
- Succeptable to insecure direct object references
|
