Improvements

The issues mentioned under the section improvements are considered as new functionality, user experience improvements and bug fixes.

‍

Support process on assignments - CUR-1438

Processes are made available for assignments, as an addition to the already supported option to define processes for persons.  The process also covers virtual assignments (vacancy) and the process manager will show the either the person or vacancy name.

‍

Added support for configurable advanced person search (iteration 1) - CUR-495

The person search box that is shown when adding a relation is extended with an advanced search option. The advanced search option can be configured by the administrator by marking the custom-fields to be used in the advanced search.

The administrator can mark custom-fields configured for the Person object to be available in the advanced search by checking the searchable checkbox.

The searchable marked custom-fields are available when adding persons to a relation by opening the Advanced search toggle.

This iteration implemented the administrator configuration part, the option to open and use the advanced search by users. In case the advanced search uses an element or reference value for search the user should define the defined code of the element or reference value to search for. In the next iteration (sprint) this will be replaced by an actual element / reference listbox to select based on the value and also support multi-select.

‍

Upload images in descriptions should not give an error - CUR-1442

Fixed a bug where uploading an image in a description would show an invalid image icon, instead of the uploaded image.

‍

The create_assessment authorisation should be respected on the appraisal page - CUR-1350

The create assessment was also visible on the appraisal page in case the user didn't have the 'create_assessment' authorisation. This has been fixed, the create button will only be shown for the user with the correct (create_assessment) authorisation.

‍

As an administrator I should have access to the on-page login permission information - CUR-1372

As an administrator the login permission information shown were the permissions of the administrator and not the user. Since the login permission information provides valuable information on the missing rights in case a page is not visible for a user, this affected the ability to quickly validate the permissions. This has been fixed, and the login permissions are no longer showing the own (admin) permissions, but the ones of the selected user.

‍

Authorisation and audit trail should use the correct user - CUR-1371

A change made recently enabled logging the 'logged in user' to be used as the author of a change. So in case a user was impersonating another user, the change is not logged under the name of the impersonated user, but on the logged in user. A side-effect was that the determination of the authorisation (access rights) could in some cases mix-up the permission of the logged in user with the impersonated user. The cause was found and is fixed and works as expected, so the audit trail information is using the correct (logged-in user) and the authorisation is based on the rights of the impersonated user.

‍

Custom fields defined on offerings and assignment FTE vales should be part of the year copy - CUR-1427

The custom fields defined on offerings and the assignment FTE values were not copied in the year copy. They have been added, so both the FTE values and any added custom field to the offering-object will be part of the year copy.

‍

Selecting a report with 'incorrect data' should not crash but still show the correct data - CUR-1432, CUR-1429, CUR-1461

The report generator has been made more robust, based on two small technical issues reported:

• In some reports the fields that could be added to the report had similar names. In some specific cases this causes the report to be not displayed (or even generated) correctly.
• In case a system that was defined as a String, and was already populated with data. And later it would be changed to a boolean without removing/replacing the 'String data', the report crashed since the textual 'String data' couldn't be substituted to a boolean value. A fix has been applied that in case a translation of a value to the configured data type is not possible the value shown is a - (dash). This causes the report to be visible and offers the administrator or user the option to check what information is incorrect and take the appropriate actions to change the incorrect (corrupt) value.

‍

Describing subjects (e.g. learning outcomes, skills) should support HTML - CUR-1219

The description field for subjects has been extended with HTML support. The description type can be set to HTML and the HTML editor will then be shown to manage the subject description.

‍

Activity handling improvements for modules with several hundreds of activities - CUR-1453, CUR-1452, CUR-1454, CUR-1425

An issue has been reported on performance of the activity reporting/management screens if a single module has several hundreds of activities assigned. This caused not only rather high loading times to retrieve the data, but for instance the activity grid page more or less froze. This was caused by the fact the visualisation (rendering) of the page is performed by the Browser and depends on the capacity of the users computer. But even if the activity grid succeeded in displaying the information, it is clear the grid is not designed to manage that amount of activities. The activity list is the page that supports the handling of these activity numbers.

The following improvements have been applied to the management of the activities and the user experience:

1. Since the activity grid is not providing user support for large amount of activities, the activity grid page will show a message in case the configured number of 250 activities is exceeded. This will offer all users handling modules with a number of activities that fit the UI-experience of the grid to use is. It will prevent users that handle modules with a large amount of activities to have a Browser that freezes and using an activity management page that is not fit for the job. The message will come 'instant' and advise the user to use the other management option.
   
2. The activity list view is extended to support pagination. This means that the report will respond 'instant with the first activities and the user can browse through the pages, or extend the page size to retrieve all activities.The paging size can be set by each user individually, which means that a user can still choose to use a page size of 250.
3. The activity list view will be extended with a filter option, to allow the user to filter the list on for instance a name or activity type. This will enhance the user experience when manipulating and finding their way in hundreds of activities. Instead of browsing through the list and visually identify an activity, they can now search for a specific activity that should be changed.

‍

Quality of life improvement for reports - CUR-845

The configurable report functionality provides the option to add-hoc show additional fields in the report list. An ad-hoc selection can be saved as a template, but is not always desired in order no to create too many templates.

In case some data changes were made and the report needed refreshing, the only supported way was to reload the entire page. This reloaded the data, but the side-effect is that the ad-hoc configuration was reset to the standard configured report configuration. So the ad-hoc required fields should be added again to show all the desired fields.

This release a Refresh button is added on top of the report, that enables refreshing the data (without having to reload the page) and keep the active ad-hoc configuration

‍

‍

When opening a form/page the focus should be on the first field - CUR-1326

When opening a form not in all cases the focus was set to the first field in that form (or on the page). A general change has been made to set the focus to the first active field on a form or page.

‍

Extend offering report to support custom-fields - CUR-1426

The offering report didn't show added custom fields such as capacity or remarks. The report hast been extended to show these missing columns.

‍

Extend support for item objects to use base objects (e.g. module, study) - CUR-1298

The item object can be used to add own objects to the system. An example could be a list of locations a public module is provided with information on venue address and pricing. The configuration and usability of the item object is extended to support configuration of a field of type object (e.g. a module, a study). The custom-fields defined on the item next to for instance the module object can use the values from that module object in formulas to set the field.

A practical example may be helpful to explain the above.

In case a new programme (specification) is defined to gather information on feasibility and impact, information on expected modules and impact on modules is required. An item list can be used to define the list of modules to be expected in the specialisation. This could require a item configuration like:

• module: reference to an existing module
  Type: object, subtype: module
• name: the name of a new module or the name of the selected module
  Type: string, formula: (module) localName
• credits: the credits of a new module or the credits of the selected module
  Type: number, formula: (credits) optimum
• students: the number of students defined on the existing module
  Type: number, formula: (capacity) optimum
• expected additional students: the estimate of additional students, to be used to get insight

By using the appropriate configuration references to existing modules can be added, values already defined can be used and shown. But also the option to override or add additional information can be added to the list to get a clear picture on the actual situation and possible impact.

‍

The result message when adding module-groups in bulk should be correct - CUR-1450

When defining the curriculum the option to add module groups in bulk to another module group always give the 'successfully' message. However, in some rare cases not all of the bulk selected groups are added. The message has been adjusted to correctly report if and which of the module-groups failed to be added.

‍

Display of reference items in select lists should follow the defined configuration - CUR-1357

The configuration for fields using reference (or element) lists support to display name, code and name & code. For some objects (like method) the configuration was not respected and in all cases the list was shown with the name. In most cases this is the desired (and default) visualisation. But in case a different visualisation type is configured this should be respected, which is implemented in this release.

‍

Enhanced performance of the change report - CUR-1463

From information in the system and performance logging we noted that the change report was not really providing an optimal performance. After analysing the performance is successfully increased for both reports with a limited number of changes (e.g on study) and the similar report with huge amounts of changes (e.g. on faculty). Some tests with the larger ones showed that reports taking 15 seconds are now retrieved and shown in 3-4 seconds.

‍

Integration

The issues mentioned under the section integration are considered as extension, improvements or bug fixes related to the Curriculum API, OOAPI and/or CSV import functionality.

‍

Extend CSV import multiple offerings in the same period - CUR-1447, CUR-1431

The CSV offering import has been extended to support uploading multiple offerings with the same module/period. The documentation has been updated, including a fix to the column header values for startDate and endDate that were incorrect in the previous version.

‍

Extend OOAPI v5 support for dateComment in offering service - CUR-827

The OOAPI v5 support for the offering service has been extended to support the dateComment attribute added to the eduXchange consumer definition v2.1 with support for EuroTeq.

"alliances": [
       {
         "enrollStartTime": "00:00",
         "enrollEndTime": "23:59",
         "dateComment": "P1 Morning",
         "name": "TE"
       }
     ]

‍

The import of relations using CSV could fail with an unexpected error - CUR-1455

Depending on usage of specific objects in relation to the person object, the import of relations using CSV could fail with a message "Query did not return a unique result: xx results were returned". This was an error in the processing of the CSV and has been fixed, to enable import of relations for all environments again.

‍

Extend the Evaluation integration hook to exchange additional attributes - CUR-1456

The support for the creation of evaluations in Evaluation using a hook in Curriculum has been extended to support not only the creation with the relevant members (relations), but also to add additional attributes like the faculty or study for the evaluated module.

‍

Security

An integral part of our develop and build processes is automatic scanning for known security vulnerabilities. The vulnerabilities will be fixed based on their impact, which means that in some cases an immediate hot-fix will be applied, and in other cases the vulnerability will be fixed in the current or next Sprint (release). The security section provides an overview of the vulnerabilities mitigated.

‍

This release mitigates the following vulnerabilities:

• CVE-2019-1010266 (moderate)
• CVE-2018-16487 (high)
• CVE-2020-28500 (5.3)
• CVE-2021-23337 (7.2)
• CVE-2018-3721 (6.5)
• CVE-2019-10744 (9.1)
• CVE-2024-56332 (5.3)
• CVE-2022-37620 (8.7)
• CVE-2024-52798 (moderate)
• CVE-2024-43799 (2.3)
• CVE-2024-43800 (2.3)
• CVE-2024-37890 (8.7)
• CVE-2024-12801(2.4)

Most of the fixed CVE's are from using an older library that has been replaced. The CVE's were still marked active and not solved since they were marked as a 'false positive'. This means the library has functionality that is only vulnerable when this is used in the application. In this case the vulnerable functionality was not used in Evaluation.For more information on reported vulnerabilities, see the central database of vulnerabilities.

‍

‍For more guidance on configuration and setup of Curriculum, use the relevant Curriculum manual.