There used to be a feature to show the last seen grades. It was removed as the code for the feature was quickly and sloppily made.

It would be nice if this feature could be reimplemented.

The implementation would need to be able to handle multiple users on a single system, parents' Powerschool, and either have security to prevent others with access to the computer looking at the grades or warn the user that others may be able to see their grades on the system.

@gary-kim What do you think about implementing this as something that would allow them to check their grades without having to log onto powerschool? It would also double as allowing them to check grades when powerschool is closed. When they click the extension icon from any page it would popup with their last seen grades from PowerSchool, maybe using a login box or dropdown to select which user.

That's the basic idea but I'm not sure how it will work out. We are storing data on the local system so it will only be saved locally and even if we have support for multiple users, the grades are simply stored on the computer and easily accessible to anyone with access to it. I think that should be made very clear to the users: that their grades are stored in plain text on their system.

There's is the possibility of making a server to which people have to login with their sas.edu.sg Google account. That is another, more complex but fully featured, option.

Wouldn't there be issues with storing user assessment data on a separate server? Some users might have an issue with that? Maybe regarding last seen grades, give users an option to save grades at any point and make sure they are aware that it's storing it plaintext. Or store it locally and hash it using a password they can enter, or alternatively automatically save it and hash it using their power school password and make them enter that later to access?

Wouldn't there be issues with storing user assessment data on a separate server? Some users might have an issue with that?

Good point.

Maybe regarding last seen grades, give users an option to save grades at any point and make sure they are aware that it's storing it plaintext. Or store it locally and hash it using a password they can enter, or alternatively automatically save it and hash it using their power school password and make them enter that later to access?

Yeah, let's just make it clear to users that the data is stored in plain text on their system and just save it into browser storage.

The issue with using the Powerschool password is that it can change and that could get potentially confusing for the user.

I think to have the best UX possible, the best option would be essentially generating a asymmetric encryption keypair on the device then saving course data by encrypting it with with the public key and leaving the private key encrypted with a password that the user provides. Honestly, it would work well but that's probably more complex than we really need.

Yeah that makes sense, and also the amount of instances with people using multiple accounts on the same computer is probably fairly low since most students would use their own laptop. Also a lot of users use autofill and probably don't mind someone being able to access their grades if they already have access to their computer logged in.

Maybe a plaintext option where they can optionally specify a password? Could we just store assessment data in cookies and offer a dropdown of all the users whose assessment data is stored on that computer, and let them access it by clicking the extension icon? That way there would be less clutter on the actual PowerSchool login page but it would let them access last seen whenever they want to.

Maybe a plaintext option where they can optionally specify a password?

The issue is that for symmetric encryption to work, the password must be entered every time we want to save data. Frankly, that's very inconvenient and I don't think anyone would use that. The other option with asymmetric encryption I mentioned above would solve that issue but it is a really complex system that may not be well maintainable. That's basically the system used by PGP.

Could we just store assessment data in cookies

Storing data will not be an issue, we can store data in extension storage.

offer a dropdown of all the users whose assessment data is stored on that computer, and let them access it by clicking the extension icon?

👍

Do you think we should use storage.sync or storage.local for this? Only issue I could see with sync is that users may not be aware it's syncing and may be annoyed that it's stored on computers they log into chrome on that aren't theirs.

SAS PES has been exclusively using browser.storage.local and continuing it is probably best.

https://github.com/gary-kim/saspes/blob/1c1df8cfcfe6656954f851113fc18dcecc8b4682/src/ui/options.js#L52

Also, just to note, we're slowly migrating to Vue for UI.

Are we going to go with a dropdown when you click the chrome extension or how would last seen be accessed?

Do you think it would work to just show last seen grades when the extension is clicked?

Personally, I'd go for a page that opens when the extension is clicked but but it's your choice.