Improvements and bug fixes

‍

USABILITY - Expand the reach of the module copy functionality - CUR-817

The module copy function has been extended and will now copy the following information to the new created copy:

• descriptions
• relations
• additionals
• offerings
• credits
• capacity
• subjects
• cost_divisions
• links
• appraisals
• method_schemas

Configuration:

To configure the copy function the following steps should be taken:

• In the module custom-type configuration set the originalId to visible
• Define a proper label, e.g. copy of of select the module to be copied.

The user can now add an 'new module' to the program structure using the standard 'add module' option.
By selecting the 'New' tab, the configured field and related functionality will be available.

The user can now:

• select the original module
• provide a new name and any other relevant information.
• click on Add

The new module is created as a copy of the selected module with the provided new name.

‍

BUG - Create a new module shouldn't give a 'technical error' - CUR-860

Creating a module directly from the Faculty / Module overview didn't work anymore, but show an error that a technical error has occurred. This resulted in the module not be saved.
A fix is applied that solves this issue, and modules can again be created and saved from the Faculty / Module overview.

‍

BUG - Propagation of changes to descriptions shouldn't give an error - CUR-858

The propagate option on (custom) fields and descriptive texts is used to propagate (create) changes made in an earlier year to the future year(s).  A practical example is that a change in a study guide descriptive text in the current academic year will also we applied to the descriptive text in the next year.

There was an error in the propagation of descriptive texts that caused the text not to be saved in the future year(s). This has been fixed, so propagation of descriptive texts will work again.

‍

ADMINISTRATION, BUG - Display order of the header line in the document report page seems to be random - CUR-851

After defining the order of the header to be shown on the document report page, the information for the users was shown in the correct order.

However, when the administrator opened the config again the fields where shown in random order, even though the order was kept in the background. This has been fixed, so the order the fields are defined is now also shown correctly to the administrator.

‍

BUG, REPORTING- Loading all studies without selecting a faculty shows an empty overview - CUR-844

A bug has been fixed the prevents the study report showing any study in case no faculty was selected, e.g. the 'show all studies'. This has been fixed so both the faculty filtered study report and the non-faculty filtered (shown all) study report is working again.

‍

USABILITY - Method three should support header data from both method-tree and method - CUR-811

The method-tree and appraisal page only support to show information in the overview stored on the method-tree.

This has been extended to support respective combinations of appraisal/assessment and method-tree/method fields in the report.

‍

‍

USABILITY, BUG - Appraisal and method three should show same information columns for parent and children - CUR-794

Fixed a bug where custom headers were only being shown on the parent assessments, not on sub/child assessments.
Now all levels will show the configured header configured in the appraisal/method-tree field configuration.

‍

USABILITY - Disable save button on document upload if not all required fields are filled - CUR-842

The upload document in the document report page has been modified so the Save button for uploading a new document will first become active after all required fields are filled.

‍

USABILITY - External examiner 'refresh button' after return filling-out the examiner evaluation form - CUR-763

The external examiner process provides the examiner with a button to start the actual examiner evaluation form (in Evaluate).
After filling-out the evaluation, the examiner will continue with the process in Curriculum on the page that was used to start the evaluation.

The only option offered was 'Start' or information on the page the user should use F5 or the Browser refresh page option. This lead to quit some questions from examiners.

To provide better support a Refresh button (and a changeable accompanying text) is offered on the same page.

Once the examiner returns from the evaluation, the Refresh button can be clicked, the page will be refreshed and the Start and Refresh button will disappear and the View report button will appear.

‍

BUG - Create a new module-group didn't provide any fields to be filled - CUR-843

The create new module-group was broken and only showed an empty create page with only a disabled Save button. This has been fixed, so the create screen will show the relevant, configured fields again, including the save button.

‍

ADMINISTRATION - Extend the year roll-over copy to include Specification, Faculty fields - CUR-805, CUR-790

The year copy (roll-over) has been extended and will now also include the Faculty and Specification fields.

‍

CONFIGURATION, USABILITY - Extend activity-report with support for a preset visualisation - CUR-820

The method and assessment configuration options have been extended in the previous sprints to support the configuration of:

• Define a pre-configured and saved report template
• Enable / disable the user to select another template

‍

BUG - Notification preview shows incorrect preview - CUR-801

Fixed a bug in the preview of HTML notifications, so the preview will show a proper preview again.
This bug was only related to the preview of the notification (including HTML formatting and links), but the sending of the configured notification was executed correctly.

‍

ADMIN, CONFIGURATION, INTEGRATION - Extend the Qualification with it's own qualification type definition - CUR-830

From the core objects, the only one missing its own type definition is the Qualification. This has been changed, so the Qualification will have it's own (qualification)type configuration option, similar to all the other objects (study type, module type, ...).

Within this change also both the API and the qualification CSV upload have been extended with support for  the qualificationType.

‍

ROBUSTNESS, INTEGRATION - Retrieving historic modules could fail in specific situations - CUR-854

In rare situations where modules were retrieved via the API in historic years an error was thrown.

Further investigation learned that the case this happened was restricted to modules having a non-approved, pending relation change.
This was only caused for years that were already closed, e.g. 2021, 2022.
By finding the cause of this rare situation, we were able to apply a fix, so retrieval of historic modules with pending relation changes are now executed correctly.

‍

INTEGRATION, API - API should always respect the expand parameter - CUR-846

The REST API endpoints support the option to expand the data that is returned.
For instance if:

• a Study is retrieved using the API, only the direct study information is returned, including a list of the structure with only the code, id and name of the module-groups
• a Study is retrieved using the API with expand=groups, the study in returned with all structure module-groups containing the full information of the module-group.

This was not yet supported for all endpoints, but we will now always respect the 'expand' parameter when it is present. When the expand parameter is absent we return to the configured default. Special expand options are * (expand all) and - (no expand, overwrite optional configuration)

‍

INTEGRATION, API - Enable filtering on published for the Specification and Qualification endpoints- CUR-831

The specifications and qualifications API now default only returns published objects.

This can be overridden by using the configuration option under Administrator / External system. By explicitly setting the flag 'allow unpublished objects', both unpublished and published information will be sent.

‍

INTEGRATION, CSV - The offering CSV format has been extended to support upload of ad-hoc offerings - CUR-815

The CSV upload for offerings only supported assigning already pre-defined offering periods from the academic calendar to education objects (module, study, module-group).

The offering format has been extended with the option to also upload ad-hoc (not yet available) offerings, enabling the definition of for instance an offering that runs from December 7 till December 8.

New columns added to  the CSV to add a custom date range offering period are:

• adhoc (true, false) - indicator marking the offering to be processed is ad-hoc
• start_date (yyyy-mm-dd) - date the ad-hoc period will start
• end_date (yyyy-mm-dd) - date the ad-hoc period will end

These three fields are marked as optional, which means any already prepared offering.csv upload files can be used without any change.

‍

Security improvements

SECURITY - Implemented OWASP fixes
Addressed the OWASP security vulnerabilities:

• CVE-2024-6387 (8.1)

This specific security threat was scaled serious and we immediately took action.
After detailled investigation we found out we didn't use the as 'vulnerable marked' infrastructure components related to openSSH. So the end result is lots of investigation, but no fix.

Detailed information can be found at the central database of vulnerabilities.

‍

SECURITY, OTHER - Disable usage of older TLS libraries
As an outcome from the external security audit a security improvement is executed by disabling and removing the older, deprecated TLS versions (1.0 and 1.1).

‍