Product Backlog (Showcase)
- Emir Hanic (Deactivated)
Forminators Priority | Showcase Priority | Issue Type | Story summary | Description | Comments | |
|---|---|---|---|---|---|---|
| 1 | ย | Medium | Task | Investigate CDOGS/CHEFS 500 issue | We saw a 500 alert come from CDOGS when a CHEFS user 'downloaded a submission as a pdf'. ย ย | I was able to replicate the alert using a dummy form submission. however the download seemed ok and user experience was not impacted see: [https://discord.com/channels/689896523848613952/755856594411061318/981248520109563905] I suspect CDOGS is unable to parse some of the data in the submission. or it could have been an issue with the provided template. acceptance criteria:
|
| 2 | ย | High | Story | Do not display names and email addresses for BCeID users in search | As a team manager, I should not be shown every Bceid user who has ever used CHEFS for privacy reasons when I am adding team members as I will know the email already of the person I want to share with. Acceptance Criteria: Removed search for bceid; invitees must enter exact email addresses; | ย |
| 3 | ย | Medium | Story | Add time to CHEFS date range export parameters | As a reviewer, I want to export a range of submissions with preciseness so that I do not inadvertently export the same data more than once.ย The current date range is helpful but it does not have a time parameter so overlaps are frequent.ย ie. Export end date is June 1 and I run it at noon but someone creates a new form at 12:30....ย if I run the export the entire day will be part of the export. Acceptance Criteria:
| ย |
| 4 | ย | Medium | Story | Access CHEFS attachments via the COMS API | As a developer, I need to access file attachments via API, so that I can incorporate the attachment into my LOB application to suit my business needs. ย | This will need to use COMS API. |
| 5 | ย | Medium | Story | Make it clearer for admins when they are in the form administration section | As a form administrators, I want it to be clearer that I am in the form administration area instead of the "view all submissions" so that it is easier for me to manage submissions. Acceptance criteria Update the pages titles:
ย | Reference: Add banner to the "Previous Submissions" page ยท Common Hosted Form Service Feedback ] |
| 6 | ย | Medium | Story | Include assigners name in email notification to assignee when submission is assigned | As a reviewer, when I receive an "assigned" notification, I want it to include the team member's name to who assigned it me. Acceptance criteria
ย ** "{*}[[Assigner's Name]],{*} has assigned you a submission from [[Form's name]]. Please log in to review it." | ย |
| 7 | ย | Medium | Story | Viewing a submission back button takes you back to where you left off | As a reviewer using the pagination feature on the submissions page and then reviewing a submission, I want to go back to the page I was on when I click the back button to return to the submissions list so that I do not have to page through to where I left off.ย This is most important when I have a lot of submission pages in my All Submissions view. Acceptance Criteria:
| ย |
| 8 | ย | Medium | Story | Show 'notes' in submissions table and in exports | [https://chefs-fider.apps.silver.devops.gov.bc.ca/posts/18/add-notes-to-the-download-csv-file] As a form administrator I want to be able to see the last note from the "Notes" field on the All Submissions view so that I can see the last communication without having to click into the submission. Acceptance Criteria:
As a form administrator I want to have all the notes form the "Notes" field included in my CSV exports so that it is easier to process form submissions outside of CHEFS. Acceptance Criteria
*5th top voted feature by users*รย ย | Users to follow up with:
|
| 9 | ย | Medium | Task | RBAC form and user setting calls have confusing requests | Tech debt Not sure what fix would be but discussed with dev team that the service layers calls for RBAC settingรย [https://chefs.nrs.gov.bc.ca/app/api/v1/docs#operation/setFormUsers] [https://chefs.nrs.gov.bc.ca/app/api/v1/docs#operation/setUserForms] These take in arrays of form/user/role pairings, but also restrict based on whether you've supplied a single userid and/or formid in a request parameter. | ย |
| 10 | ย | Medium | Story | Change UI on Notification Settings | As an form builder and reviewer, I want to customize my email notifications so that I have control over what information I provide to my submitters in the emails to provide additional clarity. Acceptance Criteria:
| ย |
| 11 | ย | Medium | Story | Allow custom email on notification without adding form fields | As an form builder and reviewer, I want to customize my email notifications so that I have control over what information I provide to my submitters in the emails to provide additional clarity. Also under FOIPPA I have to provide the respondent with a means of contacting me (and not the custom donotreply) should any revisions to the information provided be required. Acceptance Criteria:
See attachments in SHOWCASE-2234 *without* adding the field customization part....text only. | ย |
| 12 | ย | Medium | Task | Choose OIDCAuth or basicAuth when calling COMS for file uploads | CHEFS will use our CSS hosted instance of COMS which will be running in full DB/Auth modes. when a user reads or writes a file for a CHEFS form, รย we currently restrict access to the file using same permissions as the form. Should we use permissions in COMS database as well? One option might be to use basic auth on COMS and as well as the CHEFS form permissions. | ย |
| 13 | ย | Medium | Task | Write back-end library to interface with COMS (in CHEFS) | write the code that is called by the formio file upload component.. to call the COMS api. We currently use a storage service in app\src\forms\file\storage\objectStorageService.js and a formio 'provider'. Consider moving this functionality to a service in chefs/app/src/components/ similar to those for cdogs and ches, we need a backend interface to COMS. We are also passing an auth header from chefs to formio using the 'viewerOptions' in the frontend formViewer.vue component. It would also be good if this code was re-usable (by the COMS showcase app and CDOGS), possibly in the form of an npm package (might be too much work to maintain) | ย |
| 14 | ย | Medium | Task | Investigate formio file upload component and COMS integration | ย | ย |
| 15 | ย | Medium | Task | Migrate existing DB/file records in CHEFS to COMS | ย | ย |
| 16 | ย | Medium | Story | Attach a CDOGS template to a CHEFS form | As a chefs form owner or someone that reviews form submissions.. I want to download submission(s) using a CDOGS template (making a request to the CDOGS api) that is stored in CHEFS (has already been uploaded) and associated with the form. We already have the 'download using a template' functionality for a single submission but it requires that you upload a CDOGS template each time you do the download. The idea with this ticket is to allow the form owner to {*}add a CDOGS template to a form{*}. And this template will be used for submission downloads. sub-tasks:
Note: this ticket is just for the implementation of attaching the template to a form. Related tickets, blocked by this ticket: Once we have this done, we could modify the single submission download to optionally use the attached (saved) template,as well as implement the bulk download feature in 'Generate PDF/XLS/Word/etc for bulk submission export' ticket (https://apps.nrs.gov.bc.ca/int/jira/browse/SHOWCASE-1561) *Acceptance Criteria:*
| ย |
| 17 | ย | Medium | Story | Auto-save form - PR from CITZ team | As a form creator, I want the form builder to auto-save so that I do not have to scroll back to the top of the page to click save. | *This feature has been built by the CITZ team and we just need to have a demo and if we like it get a PR for it*ย We need to confirm if we are talking about auto-save for designers or auto-save for submitters....... Timed or triggered? Or allow the Save Design button to follow the scrolling down. See this Fider: [https://chefs-fider.apps.silver.devops.gov.bc.ca/posts/20/place-another-save-design-button-on-the-bottom-of-the-left-menu-bar |
| 18 | ย | Medium | Story | Add STRA and PIA info to CHEFS catalogue | As a CHEFS user, I want to know that a STRA and PIA have been done for the product and some basic information about the results so that I can make a decision on whether CHEFS is right for my business use case.ย "A SoAR (STRA) for CHEFS was completed and signed by the MCIO on date, 2022. For more information on this please contact our Product Owner". " A PIA for CHEFS as a product was completed on date, 2022.ย Protected C information is strictly prohibited.ย All form designers must complete their own PIA prior to publishing and sharing their form. For more information on this please contact our Product Owner". Acceptance Criteria:
| ย |
| 19 | ย | Medium | Story | Generate PDF/XLS/Word/etc for bulk submission export | As a form reviewer/team member, I need to Save/download a batch of submissions as a PDF so that I can store them according to my records management process. *Acceptance Criteria*
ย ** Labels & Data
ย *MVP: see ticket 2191 https://apps.nrs.gov.bc.ca/int/jira/browse/SHOWCASE-2191* *Errata* We're finding many forms do not work well as a 'print screen' because of the many different types of form fields ie Text Areas with hidden text. The best, most flexible, option may be to use CDOGS to have an area to upload a custom template. Look at PDF Overlay mode?? Do we also need to explore allowing the flat render mode so that folks can create HTML ??ย Separate ticket? UX Testing: Alanna Harlton | can be integrated into the export ui. Investigate:รย [wkhtmltopdf|https://wkhtmltopdf.org/] [https://github.com/wkhtmltopdf/wkhtmltopdf [https://help.syncfusion.com/file-formats/pdf/convert-html-to-pdf/webkit#html-form-to-pdf-form] |https://github.com/wkhtmltopdf/wkhtmltopdf]| or:ย [https://www.techumber.com/html-to-pdf-conversion-using-javascript] ย * Can the bulk download also include the attachments?* |
| 20 | ย | Medium | Task | Show Submitter's full name instead of keycloak username in 'All Submissions' table | As a form owner/reviewer, I want to see a submitters full name instead of their keycloak username, so it is easier to know who submitter a form.รย | ย |
| 21 | ย | Medium | Story | View submission edits (versions) | As a form reviewer or submitter, I want to see previous edits so that I can keep track of exactly what was submitted and use any version for any purpose in my workflow. *Acceptance Criteria*
ย ** all previous edits on a submission anytime a form is saved or submitted ย ** who made them ย ** when the change was made
| ย |
| 22 | ย | Medium | Story | Include fields from submission in email notifications | As an Admin and submitter, I want to receive more information in the notification of submission than just the Confirmation ID, so that I can clearly see what the submission is about. As a form reviewer, I want to have control over the contents of the email subject line in notifications so that the receiver clearly understands the email purpose. Acceptance Criteria:
| From David: There could be an option in the Form Settings, to รขโฌลinclude entire submissionรขโฌย to the submitter. It is probably easier than enabling custom notifications. We could also add a check box in the status box that says something like รขโฌลInclude Entire Form Submissionรขโฌย like we just did for รขโฌลSend note toรขโฌยฆรขโฌยย that way you could include it for anyone at any stage of the process. Submitter able to select urgent / high importance status in form and confirmation email will be sent and displayed as a 'high importance' email.??? |
| 23 | ย | Medium | Story | Custom Component: Spatial - investigate reusability from formflow.ai | As a user, I want to be able to drop a pin in a map as a component on the form and store latitude/longitude information as the result so thatย the form gathers all the information I am required to submit. (Required by MDS in order to use CHEFS as well as others have asked for this) add map and ask the person taking the survey to drop a pin to collect the geospatial coordinates as data Acceptance Criteria:
| ย |
| 24 | ย | Medium | Story | Handle case where file upload is in form that changes from login to public | As a CHEFS designer, I want to be alerted that I can't use a file upload on my public form, so that I don't design a form in TEAM mode and then publish it to public without the upload working. As a submitter, I want to be able to send attachments to my submissions, so that I can provide the reviewer with as much information as possible. | DONT DO THIS. Instead allow public/anon file uploads. Implement Virus Scanning and other considerations/mitigations. See SHOWCASE-1800. ย |
| 25 | ย | Medium | Story | API to allow filtering submissions for listing | As a developer, I want to be able to filter a list so I only have to export/display a subset of submission data through the API. Acceptance Criteria:
| ย |
| 26 | ย | Medium | Story | IDIR or BCeID attributes are made available to form designers | As a form designer, I want to create fields on my from that can be auto-populated with attributes of the Idir or Bceid of the submitter. *Acceptance Criteria*
Business contact: Devon Fee (IDIR),ย and for Bceid (Dylan Dawson/Shyam Chandran) | ย |
| 27 | ย | Medium | Story | Custom Component: IDIR lookup | As a form designer, I want to add an IDIRย lookup field to the form so that submitters can easily add employees to a field.ย *Acceptance Criteria*
| Business contact: Devon Fee (IDIR),ย |
| 28 | ย | Medium | Story | Remove Logout button for submitters | As a submitter, I do not want to be sent back to the CSST Catalogue pages when I press Logout as I don't see a link to get back to my form and am not returned to where I started from.ย Submitters should either have no logout button OR be sent to Previous Submissions instead. Acceptance Criteria:
| ย |
| 29 | ย | Medium | Task | Implement onUpdate and onDelete foreign key cascade triggers |
| ย |
| 30 | ย | Medium | Story | Custom Component: Spatial - build | Was considered medium to high value from 21/22 Q4 planning...: As a user, I want to be able to submit spatial information to my forms or submit maps so that the form gathers all the information I am required to submit. (Required by MDS in order to use CHEFS as well as others have asked for this) add map and ask the person taking the survey to drop a pin to collect the geospatial coordinates as data Acceptance Criteria:
| ย |
| 31 | ย | Medium | Story | Secret management | As a form creator, I want to include information in my form from a secure source that requires authentication, so I can do additional calculations based on the submitters input before they submit the form or so that I can pre-populate drop down lists for submitters. ย | Lucas* The goal of this would be for CHEFS form creators to be able to store secrets related to their form so that CHEFS actions could do external calls in such a way that those secrets could be used at the time they're needed, and only manageable by form designers themselves. There are a number of ways to use secrets depending on future features, but the initial obvious one would be to allow users to call external APIs secured by Basic Auth from FormIO components (like Select drop downs or something); *or* to allow form submissions to external, _secured_ APIs.รย The path to this could (and this might need some design/investigation) be:
|
| 32 | ย | Medium | Story | Support multiple login methods on a single form | As a form designer, I want to be able to allow submitters to login with ANY of the login methods without having to create a separate form so that all submissions for a form are kept together. Possibly re-architect to allow a form to be designed to work with multiple login methods (bceid OR idir). TBD. Requires consultation on policy with IDIM? Acceptance Criteria:
ย | *Use case from Old Growth Forest Team*รย Contact: Andrea Kolot They have two types of users, internal IDIR users (BC Timber Sales) and external Business BCeID users (Licensees). The internal users have the same function as the external users, collecting and submitting data and attaching files, Currently maintaining two versions of the same form. |
| 33 | ย | Medium | Story | Virus scan for file uploads | Use our Common Hosted Virus Service Mirror CLAMAV. Build as a common component for CSS apps. | ย |
| 34 | ย | Medium | Story | Improve Developer documentation | We have pretty good documentation in the repos/wikis, but consider if there's stuff about code structure and such that could benefit any new developers who onboard. Consider code structure and architecture documentation as well as looking at code comments. Acceptance Criteria:
| ย |
| 35 | ย | Medium | Story | Create integration to ARCS/ORCS/TRIM/EDRMS | As a form reviewer, I need to tag a submission with an ARCS/ORCS number (and security classification?) so I can do records management.
As a form owner, I want to make a link to a submission available to record management systems such as TRIM so that someone doing a FOI request can find the information. | Consider retention capabilities, auto-archive, auto-delete etc. I think this requires ERDMS to have an API first and then just write to that. |
| 36 | ย | Medium | Story | Email form submission data instead of persisting | As a Form Designer, I need to have submissions emailed to a program mailbox so that I can manage submission data outside of CHEFS *Acceptance Criteria*
ย ** Email only (CHES?) as PDF w/attachments (CDOGS integration) ย ** -External API (attachments stored in object store?)- ย ** -JIRA- | Workaround* Modify the 'submit' button to a custom action that performs a JavaScript 'mailto'. |
| 37 | ย | Medium | Story | Show 'assigned to' in submissions table | As a form administrator, I want be able to add a column to the submissions pages, so I can quickly see who has been assigned to a specific form. An admin user suggested the interface might be improved with a way to quickly see 'which submissions i have been assigned'. Acceptance Criteria: Assignee field is included in the All Submissions view. | ย |
| 38 | ย | Medium | Story | Option to email submitter during Assigned status | As a form reviewer, I want to optionally inform the submitter that I have received and am actioning their submission so that they do not have to contact me separately. Acceptance Critieria:
| For discussion to iron out the UX: I like the idea of including the option of sending an email to the submitter on the same screen as the assignee. We could even change the language we use on the assign workflow. We could just call it รขโฌลUnder Reviewรขโฌย and in there you could have an option to assign it to a team member and to the submitter. But if you donรขโฌโขt have a team and just want to let people know you are looking at their form you could just send a message to the submitter. I would just have two checkboxes one for the submitter and one for the assignee, and then if you check either one of those a text box appears under each so you could add a message. |
| 39 | ย | Medium | Story | Invite submitter flow (magic link) | As a submitter, I need to invite another authenticated user (BCeID or IDIR) so that I can collaborate on a submission. https://chefs-fider.apps.silver.devops.gov.bc.ca/posts/25/delegate-access-to-another-bceid *Acceptance Criteria*
ย ** Fail: error message | ย |
| 40 | ย | Medium | Story | Configure the back end data store | As a developer, I need to be able to configure a data store that is not the hosted database so that I can manage where I store and access the submission data in my own environment. Modify the 'submit' button to a custom action that sends data to a configurable data store. *Acceptance Criteria*
| ย |
| 41 | ย | Medium | Story | Cleaning out unused forms | Provide a means to identify unused forms and receive authorization to remove and remove.ย Submissions and forms and possibly backup/export. As a PO, I want to ensure efficient use of CSST product resources so that space and cost can be managed in the future. | ย |
| 42 | ย | Medium | Task | Create postman/newman tests and sidecar logging | ย | ย |
| 43 | ย | Medium | Task | Investigate CSP: Wildcard Directive from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 44 | ย | Medium | Task | Investigate Content Security Policy (CSP) Header Not Set from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 45 | ย | Medium | Task | Investigate Anti-clickjacking Header from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 46 | ย | Medium | Task | Investigate Vulnerable JS Library from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 47 | ย | Low | Task | Investigate Server Leaks Information via "X-Powered-By" from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 48 | ย | Low | Task | Investigate Cookie with SameSite Attribute None from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 49 | ย | Low | Task | Investigate X-Content-Type-Options Header Missing from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 50 | ย | Medium | Story | Customize export report | As a reviewer, I want to choose which fields to export and in which order so that my export will work with the BI tool I am using regardless of any changes I have made to my form design along the way otherwise a form design change or column name change will require me to re-do my BI work. Talk to NRIDS Workstation Refresh team for prototypingย | ย |
| 51 | ย | Minor | Task | Investigate Re-examine Cache-control Directives from ZAP scan | See details from ZAP scan for this item in [https://apps.nrs.gov.bc.ca/int/confluence/display/SHOWCASE/CHEFS+Zap+Scanning+May+27+2022+Report] Acceptance Criteria
| ย |
| 52 | ย | Medium | Bug | auth middleware trying to insert duplicate users | Check for existing user should return either an object (user) or undefined. But it doesn't seem to be working. (???) This could be a race condition or something to do with how we are awaiting . see: [https://github.com/Vincit/objection.js/issues/192] see other realated ways to deal with conflicts: [https://knexjs.org/guide/query-builder.html#onconflict] We want to make sure this isnt affecting our similar implementation in COMS. Luckily this seems to be a low impact bug as it just isn't updating existing users Aside from the async/await issue, for the actual query, we also could try not using first() in the query, so it always returns either an empty array or array containing user object) and doing this: {color:#859900}const{color}{color:#4f5660} oldUser = {color}{color:#859900}await{color}{color:#4f5660} User.query().where({color}{color:#2aa198}'keycloakId'{color}{color:#4f5660}, obj.keycloakId); {color} {color:#859900}const{color}{color:#4f5660} user = {color}{color:#859900}await{color}{color:#4f5660} (oldUser.length ? service.updateUser(oldUser.id, obj) : service.createUser(obj){color}); ย SQL error: ``` 2022-06-15 16:30:26.865 UTC [1057150] STATEMENT: รย insert into "user" ("createdAt", "email", "firstName", "fullName", "id", "idpCode", "keycloakId", "lastName", "username") values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning "id" 2022-06-15 18:24:17.076 UTC [1074713] ERROR: รย duplicate key value violates unique constraint "user_keycloakid_unique" 2022-06-15 18:24:17.076 UTC [1074713] DETAIL: รย Key ("keycloakId")=(b0c63133-0c37-4291-822d-6e48bf8b1a6a) already exists. ``` | ย |
ย