kawa/Sharepoint-Toolbox
1
0
Fork 0
Code Issues Pull Requests Actions Releases 9 Wiki Activity
Files
543b863283939f8b425fa9198ee38ca23e8130ba
Sharepoint-Toolbox/.planning/ROADMAP.md
Dev a374a4e1d3 docs(17): create phase plan for group expansion in HTML reports 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 12:59:12 +02:00

131 lines
8.4 KiB
Markdown
Raw Blame History

# Roadmap: SharePoint Toolbox v2
## Milestones
-**v1.0 MVP** — Phases 1-5 (shipped 2026-04-07) — [archive](milestones/v1.0-ROADMAP.md)
-**v1.1 Enhanced Reports** — Phases 6-9 (shipped 2026-04-08) — [archive](milestones/v1.1-ROADMAP.md)
-**v2.2 Report Branding & User Directory** — Phases 10-14 (shipped 2026-04-09) — [archive](milestones/v2.2-ROADMAP.md)
- 🔄 **v2.3 Tenant Management & Report Enhancements** — Phases 15-19 (in progress)
## Phases
<details>
<summary>✅ v1.0 MVP (Phases 1-5) — SHIPPED 2026-04-07</summary>
- [x] Phase 1: Foundation (8/8 plans) — completed 2026-04-02
- [x] Phase 2: Permissions (7/7 plans) — completed 2026-04-02
- [x] Phase 3: Storage and File Operations (8/8 plans) — completed 2026-04-02
- [x] Phase 4: Bulk Operations and Provisioning (10/10 plans) — completed 2026-04-03
- [x] Phase 5: Distribution and Hardening (3/3 plans) — completed 2026-04-03
</details>
<details>
<summary>✅ v1.1 Enhanced Reports (Phases 6-9) — SHIPPED 2026-04-08</summary>
- [x] Phase 6: Global Site Selection (5/5 plans) — completed 2026-04-07
- [x] Phase 7: User Access Audit (10/10 plans) — completed 2026-04-07
- [x] Phase 8: Simplified Permissions (6/6 plans) — completed 2026-04-07
- [x] Phase 9: Storage Visualization (4/4 plans) — completed 2026-04-07
</details>
<details>
<summary>✅ v2.2 Report Branding & User Directory (Phases 10-14) — SHIPPED 2026-04-09</summary>
- [x] Phase 10: Branding Data Foundation (3/3 plans) — completed 2026-04-08
- [x] Phase 11: HTML Export Branding + ViewModel Integration (4/4 plans) — completed 2026-04-08
- [x] Phase 12: Branding UI Views (3/3 plans) — completed 2026-04-08
- [x] Phase 13: User Directory ViewModel (2/2 plans) — completed 2026-04-08
- [x] Phase 14: User Directory View (2/2 plans) — completed 2026-04-09
</details>
### v2.3 Tenant Management & Report Enhancements (Phases 15-19)
- [x] **Phase 15: Consolidation Data Model** (2 plans) — PermissionConsolidator service and merged-row model; zero API calls, pure data shapes (completed 2026-04-09)
- [x] **Phase 16: Report Consolidation Toggle** (2 plans) — Export settings toggle wired to PermissionConsolidator; first user-visible consolidation behavior (completed 2026-04-09)
- [ ] **Phase 17: Group Expansion in HTML Reports** (2 plans) — Clickable group expansion in HTML exports with transitive membership resolution
- [ ] **Phase 18: Auto-Take Ownership** — Global toggle and automatic site collection admin elevation on access denied
- [ ] **Phase 19: App Registration & Removal** — Automated Entra app registration with guided fallback and clean removal
## Phase Details
### Phase 15: Consolidation Data Model
**Goal**: The data shape and merge logic for report consolidation exist and are fully testable in isolation before any UI touches them
**Depends on**: Nothing (no API calls, no UI dependencies)
**Requirements**: RPT-04
**Success Criteria** (what must be TRUE):
1. A `ConsolidatedPermissionEntry` model exists that represents a single user's merged access across multiple locations with identical access levels
2. A `PermissionConsolidator` service accepts a flat list of permission rows and returns a consolidated list where duplicate user+level rows are merged
3. Consolidation logic has unit test coverage — a known 10-row input with 3 duplicate pairs produces the expected 7-row output
4. Existing HTML export services compile and produce identical output when consolidation is not applied (opt-in, defaults off)
**Plans:** 2/2 plans complete
Plans:
- [x] 15-01-PLAN.md — Models (LocationInfo, ConsolidatedPermissionEntry) + PermissionConsolidator service
- [x] 15-02-PLAN.md — Unit tests (10 test cases) + full solution build verification
### Phase 16: Report Consolidation Toggle
**Goal**: Users can choose to merge duplicate permission entries per export through a toggle in the export settings dialog
**Depends on**: Phase 15
**Requirements**: RPT-03
**Success Criteria** (what must be TRUE):
1. A consolidation toggle is visible in the export settings dialog (or export options panel) and defaults to OFF
2. When the toggle is OFF, the exported HTML report is byte-for-byte identical to the pre-v2.3 output
3. When the toggle is ON, the exported HTML report merges rows for the same user with identical access levels into a single row showing all affected locations
4. The toggle state is remembered for the session (does not reset between exports within the same session)
**Plans:** 2/2 plans complete
Plans:
- [ ] 16-01-PLAN.md — ViewModel properties + XAML Export Options GroupBox + localization + CSV consolidation
- [ ] 16-02-PLAN.md — HTML consolidated rendering with expandable location sub-lists + full test verification
### Phase 17: Group Expansion in HTML Reports
**Goal**: Users can expand SharePoint group entries in HTML reports to see the group's members, including members of nested groups
**Depends on**: Phase 16
**Requirements**: RPT-01, RPT-02
**Success Criteria** (what must be TRUE):
1. SharePoint group rows in the HTML report render as expandable — clicking a group name reveals its member list inline
2. Member resolution includes transitive membership: nested groups are recursively resolved so every leaf user is shown
3. Group expansion is triggered at export time via Graph API — the permission scan itself is unchanged
4. When Graph cannot resolve a group's members (throttled or insufficient scope), the report shows the group row with a "members unavailable" label rather than failing the export
**Plans:** 2 plans
Plans:
- [ ] 17-01-PLAN.md — ResolvedMember model + ISharePointGroupResolver service (CSOM + Graph transitive resolution) + DI registration
- [ ] 17-02-PLAN.md — HtmlExportService expandable group pills + toggleGroup JS + PermissionsViewModel wiring
### Phase 18: Auto-Take Ownership
**Goal**: Users can enable automatic site collection admin elevation so that access-denied sites during scans no longer block audit progress
**Depends on**: Phase 15
**Requirements**: OWN-01, OWN-02
**Success Criteria** (what must be TRUE):
1. A global "Auto-take ownership on access denied" toggle exists in application settings and defaults to OFF
2. When the toggle is OFF, access-denied sites produce the same error behavior as before v2.3 (no regression)
3. When the toggle is ON and a scan hits access denied on a site, the app automatically calls `Tenant.SetSiteAdmin` to elevate ownership and retries the site without interrupting the scan
4. The scan result for an auto-elevated site is visually distinguishable from a normally-scanned site (e.g., a flag or icon in the results)
**Plans**: TBD
### Phase 19: App Registration & Removal
**Goal**: Users can register and remove the Toolbox's Azure AD application on a target tenant directly from the profile dialog, with a guided fallback when permissions are insufficient
**Depends on**: Phase 18
**Requirements**: APPREG-01, APPREG-02, APPREG-03, APPREG-04, APPREG-05, APPREG-06
**Success Criteria** (what must be TRUE):
1. A "Register App" action is available in the profile create/edit dialog and is the recommended path for new tenant onboarding
2. Before attempting registration, the app checks for Global Admin role and surfaces a clear message if the signed-in user lacks the required permissions, then presents step-by-step manual registration instructions as a fallback
3. Registration creates the Azure AD application, service principal, and grants all required API permissions in a single atomic operation — if any step fails, all partial changes are rolled back and the user sees a specific error explaining what failed and why
4. A "Remove App" action in the profile dialog removes the Azure AD application registration from the target tenant
5. After removal, all cached MSAL tokens and session state for that tenant are cleared, and subsequent operations require re-authentication
**Plans**: TBD
## Progress
| Phase | Milestone | Plans | Status | Completed |
|-------|-----------|-------|--------|-----------|
| 1-5 | v1.0 | 36/36 | Shipped | 2026-04-07 |
| 6-9 | v1.1 | 25/25 | Shipped | 2026-04-08 |
| 10-14 | v2.2 | 14/14 | Shipped | 2026-04-09 |
| 15. Consolidation Data Model | v2.3 | 2/2 | Complete | 2026-04-09 |
| 16. Report Consolidation Toggle | v2.3 | 2/2 | Complete | 2026-04-09 |
| 17. Group Expansion in HTML Reports | v2.3 | 0/2 | Not started | — |
| 18. Auto-Take Ownership | v2.3 | 0/? | Not started | — |
| 19. App Registration & Removal | v2.3 | 0/? | Not started | — |
Reference in New Issue View Git Blame Copy Permalink