Upload CSV/JSON

[SelinaBuff]

User Stories

1. Upload exported boards

• As a user, I expect to be able to upload my exported boards in JSON or CSV format.

2. Upload during template selection

• As a user, I expect to be able to upload my exported boards when selecting a template (look at screenshot)

3. Two upload methods

• As a user, I expect to have two options for uploading CSV or JSON files: a) Click to open a file picker to select the file. b) Drag and drop the file onto the upload field.

4. Clear upload instructions
   • As a user, I expect clear instructions for uploading files:

• Title: "Import CSV/JSON" or in German: "CSV/JSON importieren"
• Description: "Upload file or drag here" or in German: "Datei hochladen oder hierher ziehen"

5. Automatic template selection

• As a user, I expect that after uploading my file, the corresponding template is automatically selected, and I only need to click "Create new board" to open the board.

[brandstetterm]

Some information that is important for implementation is missing here. For example, what happens if cards from other users are (also) imported, even tho they are not participants of the new session?

[Schwehn42]

or example, what happens if cards from other users are (also) imported, even tho they are not participants of the new session

or in that regard, if the user doesn't exist at all 👀
I think the JSON should be able to reference the author(s) by id and name. So the import flow could look like this:

1. author has id ref in JSON:
   1. user exists in DB: use determined name/avatar
   2. user doesn't exist: throw error OR use default OR go to step 2
2. If author has name field, use that (plus default avatar or randomly generated)
3. otherwise use some kind of default, maybe "Unknown Author" with a default/ghost avatar

[brandstetterm]

In my opinion, using the original authors for the imported cards is kinda a no-go, since it's not guaranteed that the users know of the new session. Me as a user wouldn't be that happy about my cards (with me as an author) being using on a board I don't know of.

[Schwehn42]

But that defeats at least a main point of the import then, doesn't it? I want to be able to import a board and still be able to edit my own cards / reactions / filter by user if I'm in the session. Treating every note like it's from someone else would'nt allow this.

Regarding your point I think there are other ways to verify the integrity of the board. For example an imported note could be marked as such (with a very small icon or something along those lines) which would verify if the note was just written by the author or if it was imported.

[brandstetterm]

These are my main concerns right now:

• It is and remains my main concern, but I (as a user of Scrumlr) don't like the fact that my cards might be on a board I don't know about. I guess there are even some IT security principles violated by that.
• The author information is currently being searched for in the list of session participants. We also have the participants' information available in the frontend. However, if I now import a board, the authors are not automatically participants in this new session and therefore we do not have the author information available. This would have to be changed. Either you automatically add the authors as participants (what again, sucks), or you have to get the information of the authors from the backend, who are not participants of the new session.

Also, if you're going to import a board, you are automatically the owner of the resulting session. As an owner of a session, you can edit all of the cards.

I think my preferred solution for that would be the following: If I import a board, my cards will still have me as an author, but the cards from everyone else won't have an author anymore (author = null). Instead, these author-less cards could be showing our skeleton author (Stan) for example.

[Schwehn42]

I don't see a reason why this cannot/shouldn't be done for registered users. For anonymous accounts sure, but there is no technical limitation which would disallow just adding the verified accounts to a board that comes to my mind. You could even add an privacy option that could disallow this behaviour (make it default if you want) and would lead to what you suggested instead.

However, if you're concerned about security concers this only begs the question why owners are allowed to edit everyone's notes. Deleting them, sure, but I honestly can't comprehend why this is allowed 😅

[brandstetterm]

I share your opinion, we should question why owners are able to edit all notes.

Still, I as a user don't want to be automatically added to the participants of a session. I want to get asked at least if I wanna join.

[Schwehn42]

I think the easiest solution for this is a setting that allows whether your account may be used in other sessions or as an export. This does not only concern exports/imports, by the way – there might be a future option to duplicate sessions in the templates/sessions section, where the same issue would occur.

Combined with the other suggestion of marking imported notes I believe this ticks all the boxes regarding privacy, integrity, and still being a viable feature.

We should definitely discuss this within the team though, as it obviously isn't a trivial topic 😄

[Schwehn42]

or actually just f it, we can just keep the names, as soon as the session feature is ready the import/export is probably only used for archiving anyways 🤷‍♂️

[mateo-ivc]

I think it's still a useful feature, especially for anonymous users who don't want to create an account.

[SelinaBuff]

I spoke to our data protection officer and he said that it is completely sufficient if we mark the edited notes. What we could or should do is just give the moderator the rights to edit notes.