2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
# Chronos
|
|
|
|
|
2017-02-28 17:02:53 +08:00
|
|
|
A school event planner and timetable
|
2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
## Todo
|
|
|
|
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Migrations
|
2017-02-28 17:29:28 +08:00
|
|
|
- [ ] Authentication
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Global React `user`
|
2017-03-31 16:13:38 +08:00
|
|
|
- [x] OID auth client
|
|
|
|
- [ ] jwt token provider
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] auth is a choice between oidc and pass, sends token/pass to `/auth` for validation
|
2017-03-31 16:13:38 +08:00
|
|
|
- [ ] `/auth` verifies oid token or pass, generates signed jwt
|
|
|
|
- [ ] jwt taken contains user role
|
|
|
|
- [ ] hide/protect certain element
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] fake validator for jwt at protected endpoints
|
2017-03-31 16:13:38 +08:00
|
|
|
- [ ] assume user is admin
|
2017-04-17 01:57:00 +08:00
|
|
|
- [ ] Decide between email-validated OID or storing identity strictly
|
|
|
|
- [ ] Additional email-based auth mechanism with tokens (like asciinema)
|
2017-04-16 17:07:22 +08:00
|
|
|
- [ ] Redirect when not logged in
|
2017-04-13 00:29:28 +08:00
|
|
|
- [x] Create group
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Create one-off events
|
2017-04-16 17:28:59 +08:00
|
|
|
- [ ] Show event details
|
2017-02-28 17:29:28 +08:00
|
|
|
- [ ] Create attachments
|
|
|
|
- [ ] Description
|
|
|
|
- [ ] File
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Create group CCAs
|
|
|
|
- [x] Create CCA schedules
|
|
|
|
- [ ] Differentiate CCAs from Mentor Groups
|
|
|
|
- [x] Create group mentor
|
2017-04-13 00:29:28 +08:00
|
|
|
- [ ] Importable timetables
|
2017-04-16 17:03:00 +08:00
|
|
|
- [x] Display events as agenda
|
|
|
|
- [x] Display events as calendar
|
2017-04-16 17:28:59 +08:00
|
|
|
- [ ] Drag one-time events around to modify
|
2017-04-16 17:55:31 +08:00
|
|
|
- [ ] Hide weekly events in month view
|
2017-04-16 17:28:59 +08:00
|
|
|
- [ ] Show heatmap of the availability of the users in a group when creating an event
|
|
|
|
- This is the event planning feature
|
2017-02-28 17:29:28 +08:00
|
|
|
|
|
|
|
- [ ] Create sample data
|
2017-04-16 17:05:58 +08:00
|
|
|
- [ ] Create admin interface in JavaFX (requirement)
|
|
|
|
- [ ] Manage schools
|
|
|
|
- [ ] Manage users in schools
|
|
|
|
- [ ] Bulk create groups
|
2017-04-06 21:20:23 +08:00
|
|
|
|
2017-04-16 17:03:00 +08:00
|
|
|
- [ ] Refactor toolbar mutator for homepage pagination
|
|
|
|
|
2017-04-06 21:20:23 +08:00
|
|
|
## Security Pitfalls
|
|
|
|
|
|
|
|
- Auth mechanism not verified
|
2017-04-12 00:14:51 +08:00
|
|
|
- Verification of OID tokens is done by upn being the email address
|
2017-04-06 21:20:23 +08:00
|
|
|
- Succeptable to insecure direct object references
|