fr8org / fr8core Goto Github PK

See https://maginot.atlassian.net/wiki/display/SH/Authentication+Across+Multiple+Activities

Create Protractor test for user registration

This is created when I Publish a Plan

the real goal of this issue is to fix and improve the docs. So the emphasis at this point should be on making changes to them. "Investigation" is only useful to the extent it drives these changes. So please proceed to update the docs:

1. remove mentions of controls that no longer exist
2. for controls that exist, make sure they have a useful sample of json and a description of what they're used for, preferably with a mention of where the reader can look to see them in action.
3. fix any incorrect docs
4. add docs for any missing controls.

Add unit tests for StatX

Case:
Login
Go to my account page
Click admin at the top of right
Click "Run Manifest Registry Monitoring" list item
Result:
User doesn't get any action after click this button.

Create a Jasmine test that starts with an account that does not have any valid tokens. Add a Salesforce.com Get Data activity. The Jasmine Protractor automation should click on Add Authorization and enter account information into the resulting oAuth popup. Then close the dialogs and verify that the activity no longer is trying to get authorization to happen.
Then clone this test and create versions for Google, Slack, DocuSign

• Create a doc page called Trying the Fr8 API's that explains how to authenticate, and provides a couple of examples.
• Create a Header for the Hub API swagger page similar to the one you have on the Terminal API swagger page.
  It should have a reference to the Terminal page.
• Add this sentence to the headers of both pages: "Learn more about how to Try Out the API." and have that point to your Trying the Fr8 API's doc page.

It has been commented, a couple of times, that we don't have good architectural docs that describe the system overall to a newcomer.
We have this page, which is pretty high level: ArchitecturalModel. Create an additional page that explains the overall architecture of the system in greater detail.

Create protractor tests for contact page testing.

We have a lot of strange things going on regarding a table having header row.
I believe the reason for that is because we were changing our mind from time to time on how we should handle it.
Currently, if I'm not mistaken, we treat any table that has more then one row as a table that has a header row
And if a table has only one row, then we copy this row and add in manifest as a header (which doesn't really make sence for me)

@alexed1 wrote:
In recent discussions where we've talked about having "one row" of data, that means one row of value data, not including a possible header row.
I'm not sure that we've identified any realistic scenarios where a table exists without a header row. downstream activities will have a tough time working with such a table. So I think we might be able to make a simplifying assumption that there's always a header row.
Sergey, can you give an example of what you describe here:
"And if a table has only one row, then we copy this row and add in manifest as a header (which doesn't really make sence for me)"

Allow to create and configure activities that do not belong to any plan at all. In this case 'Solution' call /createAndConfigure (or just /create) and get configured activity. Created activity then should be added to the children of 'Solution' at the terminal side. During /create call no DB records are created and created activity remains in-memory of Hub until it is configured and sent to the terminal back.

Alex Edelstein [Administrator]: We probably should have a utility method that goes through all of the plans in the directory and checks them to see if a category page should be created
Also, rename URL categorypages to category.

Putting the button where ordinary users can see it is not what we want.
Let's create a new page called Admin Tools that is accessible via an Admin Tools menu item on the Admin menu. This page should say "Admin Tools" and have the Generate Pages button. This button should have a label: "Manually processes Plans to generate missing Plan Pages"

Now development user and administrator account are created in MigrationConfiguration.cs. We need to remove account creation from this file.

At the very least leave only service users and a single administrator account (Master administrator) in this file.
Also, we need to reset passwords for ALL the users and administrator accounts mentioned in the migrations file and make sure that new password never appear in the Fr8Config repository files. If necessary, move them to the Settings.config files located in the Fr8Config repository.
A better route would be to create a simple setup wizard (a la Wordpress) which would show up at the first run and allow User to create a master administrative account. Later we could use this wizard to simplify other kinds of configuration (e.g. email server settings).

1. Going to this URL fails:
   http://dev-directory.fr8.co/categorypages/statx.html
   This should work because a Category Page should have been generated in accordance with the algorithm at https://maginot.atlassian.net/wiki/display/SH/Plan+Categories and 3450 and 3449.
   To verify this, I first created and then shared a plan with a statx activity.
   this is also broken on Production.

Protractor tests are failing on build servers. This is probably about chrome and chromedriver version mismatch. Investigate and fix this

The set of extracted fields in Extract Table Field starts off with a bunch of "Column0", "Column1". These don't seem to serve any purpose. Why are they showing up, and what would be involved in changing that.

https://maginot.atlassian.net/wiki/display/SH/Monitor+Jira+Changes+Activity

In .net, the getting started instructions require developers to hand tune their Multiple Startup Projects. Isn't there a way we can set the default inside the solution so that it starts multiple projects automatically, as soon as its cloned from github and run? Doing this would simplify the getting started process. Investigate.

Setting for what projects are set for start up are stored in .suo file (user-specific solution settings file)
If we use IIS Express, then automation of setting up multiple startup is a very complex issue.
There is a very dirty possible solution of commiting .suo file, but it can lead to unexpected results.
.suo file can also be parsed, in theory, and modified.
However it might require to build a VS extenstion, in order to do that.
If we use local IIS then configuring multiple start up is not needed, once IIS is properly configured

Case:

1. Login to system
2. Go to dev.fr8.co with using this url "/DockyardAccount/Register"
3. Register with another account.
   Result:
   User can register to system without log off from the system.

https://github.com/Fr8org/Fr8Core/blob/dev/Docs/ForDevelopers/DevelopmentGuides/Activities/TerminalActivity.md
is divergent with current class structure.

Let's figure out a way to create these into the test project

Case:

1. Create or edit plan
2. Add Monitor Fr8 Events -> Publish To Slack
3. Use upstream value for slack

Result:
User sees warning message about "This Activity is looking for incoming data from "upstream" activities but can't find any right now.". So, Monitor Fr8 Events activity doesn't give downstream to next activity.

it creates potential breach in security.
FactsController intention similar to ReportController but for client reports, now it used for geting facts about container, but its functionality allows get any Fact if it's Id is known, it creates potential breach in security.
We can filter FactDOs by UserId, but would it be possible that Fact about Container with passed Id wasnt created with Fr8UserId (created by some inner process)? If so, we get not complete data about container.

Apply the new security permissions model to Facts. When a Fact is created it should have as an owner a Fr8UserId and should be given an Organization ID, if one is associated with the owner.
Use the following Permissions for Facts:
Role: Permission
Current Owner: View Object
Admins For Current Organization Admins: View Object
Fr8 Admins : Edit Object
Verify that the current owner can retrieve all of their facts but not facts belonging to others (assuming the current owner is not also an admin).

Now user can see all of the terminals. Normal users need to see only their own submitted terminals. And Admins need to see all terminals

https://fr8.co/swagger/ui/index

Because terminal architecture was changed couple times, necessary tests that was developed became obsolete. Create integration tests that covers basic functionallity and interaction.

Case:
Login
Create "Mail Merge into DocuSign" solution
Do not configure (Don't press "Prepare Mail Merge" button) (MailMergeIntoDocuSign.PNG)
Go to plans page
Edit last solution plan (editLastSolutionPlan.PNG)
Result:
User sees empty configuration screen in dev

Most of us are using IIS Express because

1. it comes by default with VS
2. you only need to set up a port (and it is automated by PortSetter)
3. and select projects for running
   However there are some issues with it:
   it is believed that Express is not as robust as a ​local IIS​
   sometimes it messes up with debugging, by not loading symbols or shutting down the site if debugger detaches
   Some of us are using ​local IIS​. I've tried it as well, but I gave up since it required a lot of configuration, and beyond that it was affected by "hanging" bug, that me, @alpgurtan and @tony.yakovets currently experience. I only had a fix for this bug for IIS Express, so I switched back. However it seems that we are going to fix this bug soon.
   In order to use ​local IIS​ you have to turn it on in Windows features and then configure web-sites for each terminal and Hub. While you do that you specify a local address and a physical path to the dll
   However once you configure it - you have a more comfortable environment, since it is running separately from VS and it automatically updates the site once the new dll's are build
   And what is important is that you don't have to configure multiple startup in VS. Building terminals projects is enough
   I've spoke to Vladimir and he says that ​local IIS​ has an API, which is easy to work with from PowerShell. Also he claims that it shouldn't be hard to automate ​local IIS​ configuration by script
   Having that script will a) remove the requirement of setting multiple start up and
   b) will remove a need for running a PortSetter and re-opening solution
   Also while doing that he mentioned that he would like to change the way we handle our local addresses (what could be easily done as part of a script)
   so instead of "localhost:53249" it would be "http://localhost/terminals/docusign"
   the reasoning for that is:
4. it's not very polite to "eat" a bunch of ports on an external developers machine (what if his own app uses some of ports we do?)
5. it's more comfortable to see while debugging "http://localhost/terminals/docusign" instead of "localhost:53249"
   alexed 8:15 PM
   well, let's create a new issue to cover the scripting for iis. meanwhile, update the dev docs to explain the two choices and their ramifications
   I don't think the ports issue is that big a deal, but it would make things a little clearer. It might be good manners to do localhost/Fr8/terminals/docusign

Update docs to explain UI Crate Rendering logic on FrontEnd

Our current solution structure is a bit messy: terminals, tests, hub and everything else are mixed within one folder. This makes it hard to navigate within solution folder and visually blur different component roles and dependencies:

To make it easier for new developers to understand our system and to evolve our system we should restructure solution to be more ordered. I suggest the following structure:

Case:

1. Create plan
2. Add activities (Get Tasks -> Loop -> Publish To Slack)
3. Try to change slack activity place using Loop activity

Result:
We can not moved slack activity under Loop's activity. There is a box exist in plan builder when we want to move.

It checks URL for searching but after initial search doesn't allow other searhes until query from URL removed:
(Need to some resetting with each search in Angular side)

The current docs at https://github.com/Fr8org/Fr8Core/blob/docs8/Docs/ForDevelopers/DevelopmentGuides/Terminals/dotNet/TerminalDeveloping-GettingStarted.md
say nothing about IIS, recently there have been some headaches related to this.
add a section that clarifies what we recommend people use and discusses what the alternatives are.

Setting for what projects are set for start up are stored in .suo file (user-specific solution settings file)
If we use IIS Express, then automation of setting up multiple startup is a very complex issue.
There is a very dirty possible solution of commiting .suo file, but it can lead to unexpected results.
.suo file can also be parsed, in theory, and modified.
However it might require to build a VS extenstion, in order to do that.
If we use local IIS then configuring multiple start up is not needed, once IIS is properly configured

Case:

1. Create or edit plan
2. Add "Send DocuSign Envelope" activity
3. Add new authentication

Result:
Account info fills into the labels automatically.

Expected result:
This should be removed and all credentials should be entered from users.

When we create plan and add "Get Data from Warehouse" and "Query Fr8 Warehouse" activities for testing, we see that they don't signal any fields.
Query_Fr8_Warehouse signals and produces StandardPayloadDataCM>("Found MT Objects").Both of these crates should be visible in slack field selection.
Example Plan:
http://dev.fr8.co/dashboard/plans/1ff733d2-ad01-4fc1-9144-75ef19c0f220/builder?viewMode=plan

This is a test issue

the problem is when we call /DockyardAccount/Index to log in, server respond not with structured document as defined in w3c but with chunks of html (divs, headers, h1s) it is not good for search engine. I fixed that page, but reviewing other pages i found they a not coordinated, i.e. many of them dont have common layout page and defines html layout 'ad hoc'. even more that it becomes very hard to control SEO specific things like meta keywords, description and other related things.

Case:

1. Create or edit plan
2. Add "Get File List Dropbox" activity
3. Add "Fr8 Store File" activity after dropbox activity
4. Select incoming value from dropbox file list
   Result:
   Just Manifest Type appears on list and other lists are not published from dropbox. So, error message appears on activity stream when we choose manifest type and run plan.
   

Since it is loading from both ui-rooter and ng-include(from Dashboard/Index.cshtml), controllers under Mainontainer_AS are being called twice, and it cause some problems on events.

There's a lot of confusion about this topic:
We don't really have any documentation on it that I can find. I've created a placeholder page at https://github.com/Fr8org/Fr8Core/blob/docs-FR-5136/Docs/ForDevelopers/OperatingConcepts/Authorization/TerminalAuthentication.md
Create content for this page

currently Manifest Registry only accessible for logged users in dashboard: https://fr8.co/dashboard/manifest_registry,
it should be available without necessity to login into app, from https://fr8.co/manifest_registry

Detect when popups are being blocked, and warn the user so they understrand why oauth isn't working

Create necessary unit tests for terminalFacebook

This involves determining which Activities to display to a user in the activity chooser.

So far, we've defined a couple of classes of activity:

1. active, public, available to everyone
2. active but only visible to a subset of users (starting with the owner). This is for activities on in-development terminals, or terminals where the owner/creator wants to keep access private.
3. deprecated, which implies that the activity is still usable and active, but we don't want it choosable for new plans and new activities
4. inactive, meaning we don't want it seen, and we expect old plans with it to fail because it's not available for execution.

We generally never want to have activities in class 4. If an activity is not good or has been superseded by a better activity, we want to "put the activity out to pasture" and deprecate it, but not break old plans.

There's nothing in the Activity Template spec to specify this: https://github.com/Fr8org/Fr8Core/blob/dev/Docs/ForDevelopers/Objects/ActivityTemplates.md

If we used our Permissions system for this, we would rely on View Activity permission. The Hub delivers to the client a query of all activities that are active and for which the current user has View Activity and Execute Activity. To support this, when the Hub discovers a new ActivityTemplate, it would generate a default set of ObjectRolePermissions, allowing StandardUsers Fr8Admins to have View Activity and Execute Activity permission on it. When a Developer registers a new Terminal with the dev server, we should override that default method with a method that assigns these two permissions to the CurrentOwner Role, and the Admins and Fr8Admins but not the StandardUser. Later, we can add the ability for the Owner of a Plan to issue additional permissions.
To support the third scenario, we need a State that tracks whether an ActivityTemplate is Active or Deprecated or Inactive. In principle, we could envision this being specified in the ActivityTemplate. However, this is really a Hub decision. I think that for now we can get away with defining a State property in ActivityTemplate. This is optional for the data returned to a /discover call and should get stored in the ActivityTemplateDO in the db. However, we need a way for an admin to override this value from UI. That implies an Activity Details page that would be accessible from a list of Activities visible in the Terminal Details page. It should allow the State to be set to one of the three values, and immediately save that information (as well as log a Fact)

Case:

1. Create or edit plan
2. Add Google Sheet Data -> Loop -> Post To Yammer activities
3. Try to configure Post To Yammer activity

Result:
"Select Yammer Group" dropdown is not working in dev. Also, there is not any error on dev console.

• Go to plan directory
• "Create" the plan called "Message in Slack channel generates checklist stat in StatX"
• In the Monitor Slack Messages, click on the ddlb for "Select Channel"

Expected:

• if user doesn't have statx auth, auth should pop up.
• if user does have statx auth, the ddlb should be populated with the user's channels

Actual:

• the ddlb is populated with the channels from the original plan creator.
• auth doesn't pop up for statx even though this user doesn't have a current auth token for statX

Moving forward, the crude "internal flag" should be replaced by an evolution of our permissions model. We use this currently to prevent users from seeing plans like the one generated by the DocuSign terminal to monitor incoming events.