https://stackoverflow.com/questions/40949746/how-to-display-flashing-message-without-reloading-the-page-in-flask

User page should have a button to print a badge for the current user using their profile details. Probably we would just generate an SVG and the user would print that using the system print dialog.

This should also generate a log to track badge creation.

Modify user pull function so that it doesn't overwrite local changes by default.

Logs should be searchable by user, client, date, action, etc. Start off with a simple filter on the logs page, then later maybe an advanced search page for more detailed requests.

User management requirements. The ultimate goal is to make this user database the master for all other systems that we use.

• User database model

  • Built-in fields for each critical piece of information
    • First and last name
    • Email
    • Username
    • User ID
    • NFC ID
  • Custom Fields for additional information
    • Complete requirements in #5

• User profile page

• User management admin page

The database needs to be regularly backed up to prevent data loss. Backups should be sent to an external destination on at least a daily basis. This could be a cron job that dumps the database and exports via sftp to start off with.

Ultimately backups should be configurable via the web UI, but that is not necessary for the initial version.

The MCP will operate as an Oauth2 server to provide authentication and user info for all other systems used at MakeICT if possible. The initial focus will be on easing access for the general membership, so we will start off by integrating member-facing systems:

• Discourse
• Wiki
• Active Directory
• Google?

Should be able to create a client without having a group.

Obviously, it is intended that this would push all users.

Groups will be used to control access to resources.

• Group database model
  • Built-in fields for each critical piece of information
    • Group ID
    • Group name
    • Group description
    • Many-to-many relationship with user model
• Group page
  • List groups
  • Assign client unlock permissions
• Group management admin page
  • List of group members
  • Controls for editing group info
  • Controls for adding and removing members

Add a button to task notifications to allow cancelling the current task.

Not a big deal at this stage, but eventually people will need to be able to view and edit their own account details.

WA ID: 52881495

Need a way to export logs as CSV, ideally after being filtered.

NFC Ids are required to be unique in the database, and updating a user ID from the web UI attempts to save an empty string for the NFC Id. This will work on the first user, but all subsequent users fail with a 500 error due to the duplicate entry.

Sometimes a users 'modified_date' field will get changed when you hit the Update button without making any changes.

Add logging for all critical operations. The physical access logs are the highest priority, as the system will be severely limited in usefulness without them. The other logs are also important, but could conceivably be implemented later if absolutely necessary. The debug logs should probably be added earlier in development for, you know, debugging or something.

• Physical access logs
  • Door/machine unlocks and rejections
• Admin action logs
  • Login
  • Edit user
  • Change settings
• Debug logs
  • This should be a text log
  • Ability to view in web UI could be nice, but not necessary

We need a way to add custom fields to users through the UI. Otherwise it would be necessary to update the code any time a new user field is required, which would be tedious and error-prone.

Implementation possibilities:

• Create a new table per custom field named based on field name that contains user ID, and field value

• Create a table for all custom fields with columns for user ID, field ID, field value. Pair it with a table that maps custom field name, ID, and type. Entity Attribute Value Model?

• Use something like postgres json datatype to store all custom fields in a single column in the user table.

• Field type

  • Text
  • Number
  • Image
  • Date

• Default value

• Value

Currently logs that are written to the database are handled separately from other logs. This could probably be handled more consistently by adding a log handler that integrates with sqlalchemy.

This list has couple issues:

• When people log in the last seen field is constantly updated, so they will always show up in this list even if their account hasn't really changed.
• Changes to groups do not update the user, so users with changed groups will never show up in the list.

This should be handled gracefully and give an appropriate response code rather than an HTML error page.

All clients will connect to the server via a web API.

Client/server authentication

Critical functions:

• Verify credentials
  • Inputs: client ID and NFC ID
  • Returns: approve or deny access

Add ability to send unlock/lock/arm/disarm requests from the web interface. This will require bi-directional communication with the clients, which has not yet been implemented.

Bi-directional, low-latency communication is needed between the client and server. Currently all interaction is handled via calls to the web API, but this is not a good solution in the long run. The server needs to be able to trigger events on the clients without having the clients constantly poll for updates. Remote door unlock, alarm system arming/disarming, and other needed features will rely on this ability.

We are currently evaluating MQTT as a solution to solve this requirement. Websockets are another possibility.

Need to be able to push changes from MCP to WA and any other linked systems. WA is the most pressing at the moment, but eventually this will link with our G-Suite, Discourse, etc.

Doing a full sync from the web UI fails because the process takes too long to complete. Need to have a request handler that can deal with long running tasks.

When a user is deleted in WA, push/pull in MCP will fail with error:

Traceback (most recent call last):
File "./mcp/main/tasks.py", line 31, in run_as_task
func(*args, **kwargs)
File "./mcp/wildapricot/functions.py", line 210, in push_users
if not WildapricotUser.query.filter_by(wildapricot_user_id=wa_contact['Id']):
TypeError: 'bool' object is not subscriptable

This situation should be handled gracefully by logging the exception and flagging the account somehow.

It seems like tasks can get stuck and prevent a user from re-trying. This has been observed multiple times on the WA push and WA pull tasks. Updating the task database with the following command fixes the issue: update task set complete=1 where complete!=1;

Badge assignments should be recorded in the logs.

We need a way to disable a badge while keeping it assigned so that we can track scans of lost badges.

Clients are authorization endpoints that will accept user credentials, query the server for the authorization response, unlock the resource if appropriate, and deliver feedback to the user.

Different clients may have different available features, so this needs to be taken into account. The current system uses plugins for each distinct feature (card reader, door unlocker, chime, etc.) and the relevant features are selected when setting up the client. Another option would be to have the client report what modules it has installed and have the server assign them automatically.

For the initial implementation we need a way to add new clients and view/edit/remove existing clients.

Current database schema can be viewed here for reference: https://github.com/MakeICT/electronic-door/blob/master/server/software/schema.sql

• Client database model
  • Id number
  • Name
  • Physical feature association
• Client management page
  • Add clients
  • View clients
  • Edit clients
  • Delete clients