Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

119 lines (76 sloc) 3.9 kb
UI-Only
-------
- Allow folder contents UI ("Contents" tab) sorting by name and by type.
UI-Plus-Guts
------------
- Create object map management UI (view relationships, view paths, view
objectids).
- Create workflow management UI.
- Import/export from folder contents view.
- Add Undo tab to Site (or per folder?) which will allow admins to undo recent
transactions. Implied: add transaction notes to all transactions.
- Stamp created objects with creator information?
- Stamp created objects with created date info?
- Allow services to be added to services folder via add view UIs.
- Allow indexes to be added-to/removed-from catalog service.
- Allow reordering of resources in folder contents view when the folder is
ordered.
Guts-Only
---------
- Substance D ACLs contain object identifiers which refer to principals.
Currently, when a principal is deleted, ACLs which refer to the principal
are not adjusted. This is both a security issue and a sanity issue. The
object id of a deleted principal is put back into the set of object ids
that are grantable to future objects. As a result, some other principal
may wind up with an object id that used to belong to a deleted principal,
and he may inappropriately be granted access due to stale ACLs that
possesses that object id. Or some other object that is not a principal
might wind up with that object id, and undefined things will happen.
Here's what would be nice: when an ACL is changed or added, using the
object map, form relationships between the principal objects it names and
the ACL-bearing object. When a principal is deleted, change the ACL of all
such-related objects so that the deleted principal id in the ACL is
replaced by an unobtainable object id.
Note that a variant of this bug/feature has existed in Zope for 13 years,
and it hasn't seemed to have raised much ire, but it always bugged me.
- Add a change_acl API that sends an event when an ACL is changed.
- Decide whether to split "manage contents" permissions out for folders into
add, delete, rename.
- ACL edit view currently retatalogs an object based on the presence or
absence of an "allowed" index. This is wrong.
- Emit an ObjectMoving event rather than removed event with a moving flag,
then an add event?
- Undo of catalog reindex doesnt?
- Refactor ACL view.
- Add specific configurator directives for object event registrations
(e.g. config.subscribe_modified).
- __viewable__, __renameable__, __deletable__, __copyable__, __duplicatable__
attributes of contained objects in folder contents view that controls
how contained object can be acted upon? E.g.::
def __viewable__(self, context, request):
return has_permission('sdi.view', context, request)
- Fix ``Batch`` such that seqlen is a maximum. Rationale: the sequence that
the batch receives may be smaller than seqlen due to hidden objects in
folder contents view.
- Generalize name validator.
Nice-to-Have Features
---------------------
- XML-RPC.
- Drag and drop ACE reordering in ACL edit view.
- Ability to add and edit principals in existing ACEs in ACL edit view.
Docs
----
- Document that add_view arg to @content can be a callable (accepting
context/request).
- Document that icon to @content can be a callable (accepting context/request).
- Document how to override a content registration. Include an override
example for the sole purpose of overriding the add view.
- Explain ``after_create`` meta-argument to content.
- Explain __sd_deletable__, __sd_addable__, __sd_hidden__.
- Explain event listener decorators and add_content_subscriber.
- Narrative docs for reference properties.
- Docstrings for multireference property implementations.
Probably Bad Ideas
------------------
- Create "addable here" API that manages the __sd_addable__ attribute of a
folderish object.
Jump to Line
Something went wrong with that request. Please try again.