The covr_coverage hasn't been implemented yet. Once it is, we should review the app's code. In particular, we should review the following lines of code.

Saves coverage info to the db. Notice how the information is split, which it may no longer be correct.

https://github.com/pharmaR/risk_assessment/blob/d148fae2b3a469d712a95384ccf562516fdf5a31/Modules/dbupload.R#L182-L186

Reads coverage info from the db. Notice how the information is split, which it may no longer be correct.

https://github.com/pharmaR/risk_assessment/blob/d148fae2b3a469d712a95384ccf562516fdf5a31/Server/testing_metrics.R#L25

Most common authentication protocols:

1. LDAP
2. Active Directory
3. Google OAuth
4. PAM
5. proxied authentication
6. passwords

Options:

• Paid alternative: Shiny Server Pro can handle these protocols.
• Open-source alternative: shinyproxy package.

Related issues: #14 (limit roles), #13 (restrict submission decision)

The section on downloading all reports doesn't update when another CSV file is uploaded.

How to reproduce the issue

1. Run the app.
2. Upload a CSV with a package not in the db.
3. Repeat step 2.

So, I haven't uploaded a csv of packages to the app in quite some time. So, when working on the CommunityUsageMetrics Tab (specifically, the Number of Downloads per Month plot) I noticed that when I selected the dplyr package, I was only getting results from as recent as July 2020. I confirmed this by just running the SQL query below, which produces the resulting data frame:

dplyr_cu <- db_fun("SELECT * FROM CommunityUsageMetrics WHERE cum_id ='dplyr'")

I had a hunch that the db only seeks "fresh data" once I upload dplyr in a CSV on the Upload Package tab. I tested re-uploading and nothing changed (probably because dplyr already exists in my db). However, I tried uploading a new package that doesn't yet exist in my db: stringr and then re-ran the sql query and found more recent data populated the table, up to Nov 2020:

stringr_cu <- db_fun("SELECT * FROM CommunityUsageMetrics WHERE cum_id ='stringr'")

The fact that the package data used by the app doesn't update may pose a problem for when app users return to packages uploaded a long time ago to re-assess their risk. All of their metrics could have changed after a few months - not just community usage metrics.

So the question becomes, when do update this information? We could determine if the package data stored in the db is old, and if so, render a button that says "Update Metrics" on the side panel & the db dashboard. I don't think we'd want to update metrics automatically since it would (1) waste resources and (2) completely erase the context in which the package was originally reviewed, if applicable.

Thoughts?

So far the app shows only the metrics that are hard-coded in the app. However, we would like to show all the metrics on the package automatically.

Apparently yes, but not with SQLite
The good news is that MySQL is very similar to SQLite

Blog from Dean Attali: https://shiny.rstudio.com/articles/persistent-data-storage.html

Check the app in its entirety

• The downloaded html report doesn't look like the preview. Make them match (won't do for now since the infoboxes from shinydashboards don't work well with rmarkdown).
• Check wording in each tab.
• Check wording in the help button and make changes accordingly.
• Related issues: #20, #6.

The package name, decision, and/or comments are not always updated on the database dashboard.

I tried looking at the testing metrics for several packages but this doesn't seem to work and only returns

Metric is not applicable for this source of package

Is this a feature yet to be added? ....Where is the app calling covr (or maybe riskmetric should be doing that)?

Similar to #32.

There's an i icon next to Assessment Criteria on the top left of the application. On hover the i produces a question mark but clicking the i doesn't result in anything. Is this intentional?

When @Robert-Krajcik & I opened this app for use, we had some package version conflicts which halted it from running locally on our machines. I'm wondering if this project would be more portable to future uses if it was packaged up in a container, as discussed in a recent R Medicine talk (see link below) for ultimate reproducibility. Thoughts?

https://github.com/vincentmajor/reproducible_RStudio_projects

Currently reports must be exported one at a time. This might form part of a wider 'overview' dashboard showing the status of all packages in the DB.

Should we create a report for each dependency? Or should be we leave this decision to riskmetric?

Maybe use a drop-down list, or read a .csv to match the user id.
Or something else?

observeEvent is more efficient

This is a bug, regardless of how we recode the testing_metrics.R and/or the tm_report.R

Warning in .testLength(param = num, len = 1, arg = arg) :
  NAs introduced by coercion
Warning: Error in if: missing value where TRUE/FALSE needed
  99: .testInterval
  98: amAngularGauge
  95: func
  82: origRenderFunc
  81: output$test_coverage
   1: runApp

Add to the app (e.g. to the helper pop up) links to how the risk is calculated.

Fix versioning number

• The version dropdown should display the version(s) uploaded by the user (not the most recent one of the package).
• The db should be able to store different versions of the same package. Hence, some tables (like the Packageinfo one) should be modified accordingly (e.g. Packageinfo should have a primary key - package name - and a secondary key - package version). The update and insert may need to be updated.

Similar to issues #32, #33.

The file Server/communityusage_metrics.R has hard-coded each month of the last year to display the chart "NUMBER OF DOWNLOADS IN PREVIOUS 11 MONTHS". It would be a good idea to remove this code duplication.

https://github.com/pharmaR/risk_assessment/blob/f1b7b8a6e0b3c8ceb337d72cb5036f164bdc0343/Server/communityusage_metrics.R#L111-L185

I would like to open to discussion the idea of not including the DB in the repo.

Downsides of having the DB as part of the repo:

• unintentionally commit the DB with user information,
• unnecessary extra file (we can always create the DB or use existing one when the app is ran), and
• the end user will most likely use a DB stored somewhere else.

Make assessment asynchronous so that the user can see metrics on some of the packages while the rest loads.

Instead of us writing into our own "silos" we should think about connecting to at least a department-wide db

Warning in result_fetch(res@ptr, n = n) : SQL statements must be issued with dbExecute() or dbSendStatement() instead of dbGetQuery() or dbSendQuery().

In sidebar.R, function db_fun() needs to be replaced with db_ins()

Multiple downloads reports & packages dashboard

• Create a dashboard showing all packages on the db.
• Allow selection of packages to download multiple reports.

(issue follows from discussion here #1)

Review the help text, headings, and content in general.

I’ve found a solution that addresses our need for a line plot that operates more like timeline plot (ie allows for panning, etc). It appears plotly has those functionalities built-in! Please take a look and play with the widget on this page, which includes the code to reproduce. I also like how we can add buttons to the at the top for common timespans (like 1yr, 2yr, etc).

https://plotly.com/r/range-slider/

Currently, the plot looks like this.

Integration with riskmetric

• Remove hardcoded commit number.
• Remove webscrapping code and obtain any needed information from riskmetric.
• Add new metrics on the 'Maintance Metrics' tab accordingly.
• Fix broken code given this update.
• Related issues: #49, #45, #42,

The reports all default to the same name, 'Report.html'. Ideally the default name should contain the package name. For example, '[pkg_name]_[pkg_version]_risk_assessment'.

Going back to branch master, deleting the database and loading the single dplyr package, I get:
Time difference of 11.43519 secs

Switch back to branch fix_versioningII, deleting the database and loading the same dplyr package
Time difference of 8.961269 secs
doing it again (there might be some internet delay time in here)
Time difference of 7.695863 secs

If I comment out these two functions:

          # metric_mm_tm_Info_upload_to_DB(new_package,new_version)
          # metric_cum_Info_upload_to_DB(new_package,new_version)

I can get: Time difference of 0.165879 secs
So clearly this is where the majority of time is being spent.

Suggest using the R profiler (Rprof) to study where the time is actually spent
and figure out what if anything we can do to reduce the elapsed times.

This is a stylistic question/proposal:

going through the source code it looks like each component within the application has a matching file name within the UI and Server folders. I don't think it would be difficult to convert these files to shiny modules to be conditionally rendered within app.R but this is assuming we'd want to adopt a shiny module framework.

Thoughts?

From: https://rdrr.io/cran/DBI/man/dbExecute.html

dbExecute() always returns a scalar numeric that specifies the number of rows affected by the
statement. An error is raised when issuing a statement over a closed or invalid connection, if the
syntax of the statement is invalid, or if the statement is not a non-NA string.

Example:

con <- dbConnect(RSQLite::SQLite(), ":memory:")

dbWriteTable(con, "cars", head(cars, 3))
dbReadTable(con, "cars")   # there are 3 rows
rc <- dbExecute(
  con,
  "INSERT INTO cars (speed, dist) VALUES (1, 1), (2, 2), (3, 3)"
)
print(paste("rc was",rc))
# [1] "rc was 3"
dbReadTable(con, "cars")   # there are now 6 rows
  speed dist
dbDisconnect(con)

So there's no "return code" per se

I had a non-existent package () in my packages.csv file
From the console:

> runApp()
[1] "Log file set to loggit.json"

Listening on http://127.0.0.1:4108
{"timestamp": "2020-09-10T16:39:53-0400", "log_lvl": "ERROR", "log_msg": "Error in extracting general info of the package Cumulonimbus info Error in open.connection(x__COMMA__ __DBLQUOTE__rb__DBLQUOTE__): HTTP error 404.__LF__", "app": "fileupload-webscraping"}
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in error_handler(x, ...) :
  no available scoring algorithm for metric of class "pkg_metric_error", returning default score of 0.
Warning in for (i in 1:length(args)) { :
  closing unused connection 3 (https://cran.r-project.org/web/packages/Cumulonimbus)
{"timestamp": "2020-09-10T16:39:55-0400", "log_lvl": "ERROR", "log_msg": "Error in extracting cum metric info of the package: Cumulonimbus info Error in open.connection(x__COMMA__ __DBLQUOTE__rb__DBLQUOTE__): HTTP error 404.__LF__", "app": "fileupload-webscraping"}

I'm thinking it would be better to compare against the packages the user has already installed.
If it's not installed, the record is dropped and no 404 error messages get produced as dbupload.R won't see them.
I am also supplying the version of the package the user installed. Maybe add a column for the latest version of the package that dbupload.R collects?

in uploadpackage.R

  # names(pkgs_file) <- tolower(names(pkgs_file))
  pkgs_file$package <- trimws(pkgs_file$package)
  print(paste(pkgs_file$package, collapse = ","))
  pkgs_file$version <- trimws(pkgs_file$version)
  # Check the version for the packages you have installed
  for (i in 1:length(pkgs_file$package)) {
    if (pkgs_file$package[i] %in% installed.packages()) {
    pkgs_file$version[i] <- gsub("'",'"',packageVersion(pkgs_file$package[i]))
    } else {
      message(paste("Package",pkgs_file$package[i],"not installed. Check your spelling."))
      pkgs_file <- pkgs_file[-i,]
    }
  }
  # pkgs_file$version <- packageVersion(pkgs_file$package)

Add functionality to the app so that the user can add weights to metrics.

Currently, we are using two words that are undesirable: ** History ** and Reviewed which imply that the package(s) have already been checked by someone, when in reality, we're just displaying all packages that have been uploaded to the db.

Potential alternatives could be something similar to below:

• "All Uploaded Packages"
• "Previously Uploaded Packages"

These terms show up in two places that need to be changed:

I was having trouble attempting (upon uncommenting this line of code) to left justify the icon on the actionButton while also expanding the size using "fa-2x", but now it seems to work! My mistake! Although it's not center justified vertically.

• Take a look at https://www.sqlitetutorial.net/download-install-sqlite/
• Download sqlite-tools-win32-x86-3330000.zip
• Unzip to C:\sqlite -- No IT support needed.
• Look at https://www.sqlitetutorial.net/sqlite-commands
• Go to command line
• cd C:\sqlite and type: sqlite3

showing some commands below
Note forward-slashes are used when opening the database

.open "C:/Users/rkrajcik/OneDrive - Biogen/Documents/R/RiskAssessment/risk_assessment-master/database.sqlite"
Try clicking on the image to see it better.

This occurs in module DB.R

See the following discussion on StackOverflow
https://stackoverflow.com/questions/51213886/disconnect-dbi-rsqlite-within-a-function-in-r

SQL queries are typically a three-step process (ignoring connection management):

• send the query, accept the returned "result" object
• fetch the result using the "result" object
• clear the "result" object

The third step is important, as uncleared it represents resources that are being held for that query. Some database connections do not permit multiple simultaneous uncleared results, just one query at a time.

Instead of coding

con <- dbConnect(RSQLite::SQLite(), "./risk_assessment_app.db")
q<-dbSendQuery(con, "select * from MaintenanceMetrics")
q<-dbFetch(q)
q
dbDisconnect(con)

It should be coded using dbClearResult() before dbDisconnect()

con <- dbConnect(RSQLite::SQLite(), "./risk_assessment_app.db")
res<-dbSendQuery(con, "select * from MaintenanceMetrics")
q<-dbFetch(res)
q
dbClearResult(res)
dbDisconnect(con)

or
use dbGetQuery() like this:

con <- dbConnect(RSQLite::SQLite(), "./risk_assessment_app.db")
q<-dbGetQuery(con, "select * from MaintenanceMetrics")
dbDisconnect(con)

and not visible or greyed out for anyone other than the decision maker

There is a LOT of code duplication in the app. We should create functions/modules to address this issue.

Related open issues
#32
#33
#34

The loggit.json seems to store information about the app that should not be stored in the repo.

As pointed out by @MayaGans, the files cum_report.R (inside UI and Server) repeat code from other tabs, including communityusage_metrics.R. Ideally, we should have modules (or even functions) that we can reuse as needed throughout the app.

It is not hard to find where the duplication occurs, e.g., the variables are named no_of_downloads vs no_of_downloads1.

The app only computes metrics on the latest version of the given package, ignoring the version selected in the dropdown.

Make the risk score more obvious