Extend support for the External Examiner process

A new feature supporting the External Examiner process based on a combination of Evaluation and Curriculum will be added in the next version(s). This feature will enable the definition of a validation process in Curriculum that uses an Evaluation questionnaire (form) to gather information from external examiners. The result will be fed into Curriculum and enriched with feedback on the external examiner results.

This will introduce an extended integration using the standard REST API, new reporting options and different ways to define feedback on the (single user) questionnaire results.

INTEGRATION - Extend the Evaluation REST API to support External Examiner requirements - EV-103, EV-107, EV-110
The Evaluation REST API is extended with a number of API services to support:

• Send a status transition request via the API, e.g. to change the status of a questionnaire from status Open to Feedback
• Add participants defined in Curriculum to the questionnaire using the API
• Manage (view, create and edit) the feedback section(s) via the API, allowing to manage this directly within a Curriculum workflow (page)

‍

USABILITY - Consecutive year report overflow is corrected - EV-78
The overflow validation on the consecutive year report didn't work in case the list of reports wat too long. This has been fixed, so the report will now be correctly displayed.

Other features & Improvements

STABILITY - Fixed various minor errors that show up in the log - EV-101
On a regular basis (2-3 weeks) a list of all errors in the log file is performed. The root cause for these errors is determined and based on the analysis the error is caused for instance by incorrect data entry or data handed to the interface. In case an error is caused by the system itself, could be a bug a user doesn't notice, but will cause an error in the log file. These errors will be fixed, but normally are not expressed, since they are not really noticed.

But it's good to understand these checks are performed regularly to improve the stability of the system. In this iteration we noticed that generating multiple PDF's at the same time could cross the available memory boundary. This has been fixed to improve the handling of the PDF print request using a more advanced queuing mechanism.

‍

Security improvements

SECURITY - Fixed incorrect authentication for EVALUATION_COORDINATOR - EV-7
The person role 'EVALUATION_COORDINATOR' is used to grant access to evaluation templates. This role should not grant all access on evaluations and this access right is now removed.

When a user should be granted access to all evaluations the user should get a relation using 'Admin' > 'Relations'

‍

SECURITY - Implemented OWASP CVEs - EV-90
Addressed various OWASP security vulnerabilities:

• CVE-2024-22243
• CVE-2024-1597
• CVE-2023-52428

Detailed information for each of the CVE’s can be found at the central database of vulnerabilities: https://nvd.nist.gov/vuln/search

‍