mcld / greatreadingadventure Goto Github PK

Selecting the single program configuration and requiring age and grade will make users unable to sign up since there's an invalid attempt to set the program drop-down in PatronRegistration.ascx.cs:

var pgmDD = (DropDownList)rptr.Items[0].FindControl("ProgID");
if (pgmDD.SelectedValue == "0" || pgmDD.SelectedValue == "") {
  pgmDD.SelectedValue = Programs.GetDefaultProgramForAgeAndGrade(age, grade).ToString();
}

If the value returned from GetDefaultProgramForAgeAndGrade is not present in the drop-down, an exception is thrown on the assignment.

Trying to sign up with a username containing spaces shows inconsistent validation and no error message explaining the problem.

Badges and events should have a toggle that shows or hides them from the public galleries.

Currently patrons can recover their password by providing their email address but cannot recover their username by providing an email address. Add functionality for this:

1. User requests username recovery
2. User provides their email address
3. System sends an email to the supplied email address with a list of usernames registered with that email address or a message that there are no usernames registered with the supplied email address

Issue supplied by michael on the forum.

In several files I noticed that many methods have a large amount of code duplicated between them for reading and writing data to/from SQL queries. Could all these be condensed into one function for reading from and one for writing to a SQL query? I am aware that sometimes their are slight design inconsistencies that make this difficult, but from my file diffs they do look very similar.

Here are a few examples:
Patron.cs

• public static Patron GetObjectByUsername(string logon);
• public bool Fetch(int PID);
• public static Patron FetchObject(int PID);
• public static Patron GetObjectByEmail(string email);

Badge.cs

• public static int Insert(Badge o);
• public static int Update(Badge o);

Badge.cs

• public static Badge GetBadge(int BID);
• public bool Fetch(int BID);
• public static Badge FetchObject(int BID);

A long list of Challenges is unmanageable for patrons without categories or filtering.

(Harald's Branch)
In Control Room -> Programs -> Program List -> Edit Program

Try modifying the value of "User can enter review" and saving it. It doesn't seem to be keeping it's state.

The user interface needs a few UX enhancements. Some of which are:

• Uniform referencing of Bootstrap
• Uniform referencing of jQuery
• Upgrade to Bootstrap 3
• Change "Notifications" to "Mail"
• Verbiage edits ("Upcoming Events" => "Events", "Promotional Offers" => "Offers", "Book Lists" => "Challenges", "Mini-games" => "Adventures")
• Fix general UI issues (e.g. "10 points ,bonus level 10")

_Note:_ This bug is related to Harald's Branch

When clicking the buttons to change from "Points Earned to "Challenges Completed" or"Badges Completed" and the number animates ticking down until reaching the value. (I assume this animation or at least the triple digit part should only be for "Points Earned")

Customer passwords should be salted and hashed in the database.

Steps to reproduce:

1. Create a tenant using the same email address used on the master tenant sysadmin account
2. The software will show you an error:
   There has been an application error.
   Cannot create user: user with email address already exists
3. The tenant has been created but it may be in an unknown state (for example, selecting it from the front page tenant selection drop down redirects to the Control Room login.

Expected results: entering an email that is already used should simply show the error and abort the tenant creation process.
Actual results: tenant created in unknown state

Supplied by @BriannaKING

Using Publish from Visual Studio, the CRRibbon.ascx file is in the SRPUtilities project and will not deploy automatically to the appropriate location (ControlRoom/Controls on the deployed site). Publish from Visual Studio should work.

Almost every item in the Control Room should be searchable (by name) and filterable (by program, system, & branch), specifically: Award Triggers, Badges, Challenges, and Events

Multiple tabs or windows will confuse admin authentication:

1. Log into the Control Room interface as a tenant
2. Open a second tab or window and log into the Control Room as the master tenant (manually specify the URL as /ControlRoom/Login.aspx or use a bookmark to load the login page)
3. In the first tab/window, select "Organization".

At this point the software has you logged in as the master tenant even though in the first/tab window you may be editing elements of the tenant. If you are mid-edit and click submit it may apply the changes to the master tenant.

A fix would cause users to be unable to switch administration Control Room logins in this matter.

Latest version of GRA showed a lot of javascript errors. Looking at the page source, jQuery is referenced as <script src="/Scripts/jquery-2.1.4.min.js"></script>

That link does not exist because jQuery version 2.0.0 appears to be the version included in the SRP/Scripts folder.

The ControlRoom allows entry of an event with no end date but then refuses to allow the system to show or use the event.

I was unsure what the "PatrongReviewFlag" did. After a search it doesn't appear to affect the program at all. Am I missing something?

Here is a list of usages:

Find all "PatronReviewFlag", Find Results 1, Entire Solution, ""
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(10366): @PatronReviewFlag BIT,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(10417): PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(10468): @PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(10631): @PatronReviewFlag BIT,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(10680): PatronReviewFlag = @PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\CreateSchema.sql(21720): [PatronReviewFlag] [bit] NULL,
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\InsertInitialData-MultiplePrograms.sql(1685): [PatronReviewFlag],
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\InsertInitialData-MultiplePrograms.sql(1785): [PatronReviewFlag],
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\InsertInitialData-MultiplePrograms.sql(1885): [PatronReviewFlag],
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\InsertInitialData-MultiplePrograms.sql(1985): [PatronReviewFlag],
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Install\InsertInitialData.sql(1685): [PatronReviewFlag],
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Programs\ProgramsAddEdit.aspx(409): <asp:CheckBox ID="PatronReviewFlag" runat="server" Checked='<%# (bool)Eval("PatronReviewFlag") %>' ReadOnly="False">/asp:CheckBox
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Programs\ProgramsAddEdit.aspx.cs(124): //obj.PatronReviewFlag = ((CheckBox)((DetailsView)sender).FindControl("PatronReviewFlag")).Checked;
C:\cygwin64\home\justinm\develop\gra\SRP\ControlRoom\Modules\Programs\ProgramsAddEdit.aspx.cs(216): obj.PatronReviewFlag = ((CheckBox)((DetailsView)sender).FindControl("tc1").FindControl("tp1").FindControl("PatronReviewFlag")).Checked;
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(44): private bool myPatronReviewFlag;
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(159): public bool PatronReviewFlag
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(161): get { return myPatronReviewFlag; }
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(162): set { myPatronReviewFlag = value; }
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(493): result.PatronReviewFlag = bool.Parse(dr["PatronReviewFlag"].ToString());
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(584): this.PatronReviewFlag = bool.Parse(dr["PatronReviewFlag"].ToString());
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(706): arrParams[14] = new SqlParameter("@PatronReviewFlag", GRA.SRP.Core.Utilities.GlobalUtilities.DBSafeValue(o.PatronReviewFlag, o.PatronReviewFlag.GetTypeCode()));
C:\cygwin64\home\justinm\develop\gra\SRP_DAL\Programs.cs(782): arrParams[15] = new SqlParameter("@PatronReviewFlag", GRA.SRP.Core.Utilities.GlobalUtilities.DBSafeValue(o.PatronReviewFlag, o.PatronReviewFlag.GetTypeCode()));
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Stored Procedures\app_Programs_Insert.sql(17): @PatronReviewFlag BIT,
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Stored Procedures\app_Programs_Insert.sql(68): PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Stored Procedures\app_Programs_Insert.sql(119): @PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Stored Procedures\app_Programs_Update.sql(18): @PatronReviewFlag BIT,
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Stored Procedures\app_Programs_Update.sql(67): PatronReviewFlag = @PatronReviewFlag,
C:\cygwin64\home\justinm\develop\gra\GRA.Database\dbo\Tables\Programs.sql(17): [PatronReviewFlag] BIT NULL,
Matching lines: 28 Matching files: 9 Total files searched: 1591

All adventures need validation - currently it seems to be possible to make any adventure active even if it's not completely configured correctly.

• One idea would be to remove the "active" check-box and replace it with a button that validates the adventure before setting it to active.
• Another option is to create an Adventure Issues report similar to the Events Issues (#170) and Challenge Issues (#171) reports

The website looks great, but there is no documentation I could find about what is needed to install this.

Upon installing, an administrator must go into each program's Activity Point Conversions & Literacy Testing in order to set point mappings or patrons cannot log minutes.

Rather than use the same default password the GRA should prompt the user to select a password during the configuration process.

Many branches have events that run the duration of the program or for a week, need an indicator that those events have start and end dates rather than dates with times.

Once a badge is assigned to a branch library (under extended attributes) that library no longer shows up in the extended attributes tab for any other badge.

(Harald's Branch)

The enter book details panel does not seem to interpret "enter" unless you are editing a field. If "enter" is pressed while editing a field the panel flashes away and then reappears.

Navigating to Programs -> Winter Reading Program -> Static Text and clicking Save Program Text Resources causes an ASP.NET error.

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtCSS="...copyright=<a href="http://www....").]

Doing the redundancy check causes a page postback and typical users have already entered additional information into the form which is then lost.

_Note:_ This bug is related to Harald's Branch

• Perform a fresh checkout and run GRA in Visual Studio and navigate to /ControlRoom/Configure.aspx
• After successfully filling out the configuration process I receive a database error (See Screenshots).

Steps to reproduce:

1. Assign multiple badges to a single branch in the ControlRoom (this capability was added with the fix for #33)
2. Go to the badge gallery
3. Filter by the branch used in step 1.
4. Error page is shown. Exception logged is System.Data.SqlClient.SqlException: Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression.

Details

Stored procedure app_Badge_GetBadgeGallery is expecting a single assignment each of age, branch, category, and location. Subqueries should use in rather than = to support multiple assigned badges.

Currently with JavaScript off it performs a page postback but doesn't fire the login event.

A user leaving their browser unattended long enough for a session timeout will find themselves redirected into the master tenant.

Without filling out the library and school crosswalks (associating libraries and schools with library districts and school districts) they generally don't show up and function properly in the GRA.

During user registration, if there is a required field that has a validation requirement not met, the user cannot press previous.

It's been reported that users without notification permissions who can view patron profiles can use the "send notification" capability from that screen to send a notification.

1. Events should either be flagged to hide from the event calendar or should have a start date and time
2. Events should not require an end date or time (duration/end time can be put in the description)
3. Events should feature an external link to more information about the event

The Control Room should have an integrated badge tool, probably openbadges.me

Steps to reproduce:

1. Create a parent
2. Create a child in that parent
3. Visit the family management page

See attached for formatting issue:

Supplied by @BriannaKING

1. Log in to the Control Room as a tenant
2. Open a new tab or browser window
3. Log in as a user (NOT to the Control Room but to a program) in the master tenant
4. Select refresh on the Control Room tab/window

At this point the software will think that you are logged in as the master tenant even though the only Control Room credentials you provided were for a tenant.

A fix would cause users to be unable to switch administration Control Room logins in this matter.

1. Move connection string and mail settings to external .config file (can reload without reloading app, then Web.config doesn't have to be writable)
2. Move all uploadable content to one directory (only that directory needs to be writable)

Multiple versions of jQuery are loaded throughout the project - standardize on one version and uniformly load it.

Allow a patron to specify their own goal during the registration process.

Even with the program start dates set in the future, progress in challenges can be logged.

This is in Avatar.cs:

var s = "{" + string.Format("text: \"{0}\",value: {1},selected: {2},imageSrc: \"/images/Avatars/sm_{3}.png\""
    , ds.Tables[0].Rows[i]["Name"].ToString()
    , ds.Tables[0].Rows[i]["AID"].ToString()
    , selectedStr
    , ds.Tables[0].Rows[i]["AID"].ToString()
    )+ "}";
JSON = (JSON.Length == 0 ? s : JSON + "," + s);

We should be using a JSON library to write JSON.

Currently the badge gallery and badge details don't indicate if the current patron has been awarded the badge.

Currently red asterisks display on required fields. When the field is properly populated, the asterisk should disappear (as it does on RegisterILS.aspx).

The status handler shows total points, badges, and challenges across all tenants and all programs. At the least it shouldn't cross tenant boundaries.

If programs exist with specific age ranges and a patron tries to sign up outside any available age range, the system errors.

By default, if there are multiple tenants configured, the GRA shows a tenancy selection screen where tenants are presented in a drop-down.

1. Since usernames are distinct across an install, we don't actually need the user to select a tenant in order to log in. Add login capabilities to Select.aspx.
2. Realistically, we only need the user to select a tenant at registration so we could also allow registration with the ability to select a tenant from a drop-down.
3. If the user arrives via a tenant-specific link, we could disable and hide the drop-down so that the user registers for the tenant that they landed on automatically.

Steps to reproduce:

1. Register as an 8 year old or a 3 year old
2. Note default selected program is not "Kids"

Expected results: Automatic program selection should work based on age entered
Actual results: Automatic program selection doesn't work properly

Supplied by @BriannaKING

Bulk-add needs to be available for:

• Libraries, library districts, crosswalk
• Schools, school districts, crosswalk