/
TODO
335 lines (266 loc) · 22.9 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
DEME
Fix Bug (short term)
Creator of a Deme account can Login As that account holder. This should be stopped. Login As should probably be a global ability reserved for administrators. (Todd, 2/8/2011)
TinyMCE inserts a blank space between paragraphs in wysiwyg edit mode. Can it be configured so it doesn't insert the blank space? (Todd, 4/20/2011)
Recent Changes does not show changes to permissions. It seems like it should do this for a user who has global Do anything, and also if a user is the one who made the permissions change. (Todd, 4/20/2011)
User who creates a new person can add ContactMethods and AuthenticationMethods to person's profile, but the person himself cannot do so. Also, the created methods are not created with appropriate permissions for the user unless this is selected separately before creation. (Todd, 6/20/2011)
When creating ContactMethod or AuthenticationMethod via button from agent's profile viewer, viewer should default autofill the name field to "<Agent>'s [Authentication or Email] Contact Method". Should be done via module, not custom code for each viewer. (Todd, 6/20/2011)
When in New Item menu the back button will close the menu but not go back one step. For example: I click agents>anonymous agents and see that it is empty so I click back and that closes the menu instead of going back to agents. (Jimmy, 6/20/2011)
When the Subscribe button is clicked for an item while user is logged in, the dialogue box should prompt the user with a list of ContactMethods that point to that user, which can be selected for the subscription. (Todd, 7/7/2011)
Change "delete" in sense of deactivate/destroy/reactivate to "change activation status" or something like that to make it more understandable in permissions, file names, etc. (Todd, 6/22/2011)
Standalone comment viewing does not show previous comment in a chain in Related Items. This should be fixed. (Todd, 7/7/2011)
Action summary field should appear in regular view, not advanced options, when editing an item, to encourage updaters to create action summaries. (Todd, 7/10/2011)
Subscribe should include an RSS option in the interface - just a link to the RSS viewer which provides a subscription dialogue. (Todd, 7/11/2011)
RSS and Mobi links at bottom of page should display RSS feed and a mobi format, if available. (Todd, 7/11/2011)
Transcluded documents should render in HTMLDocument view of the transcluding document. (Todd, 7/11/2011)
Permissions displayed in Item Data menu should include negative permissions (e.g."As Anonymous you cannot * View body"). (Todd, 7/11/2011)
Trying to comment on this item (Deme Issues) when logged in as Mike says "enter phrase to prove you're not a spammer" but no textbox appeared to enter the phrase. (Mike)
Diff functionality can break on complicated formatting changes of HTML documents
Versions should add a field for "Minor Change" - a boolean checkbox to indicate unsubstantial difference with previous version. This could be used to display only the most recent version in a chain of Minor Changes in the default view of Versions of an Item. (Todd, 8/1/2011)
The creator of an Item should be able to create EmailContactMethod subscriptions to the Item. There should be a way to specify that every member of a group whose Folio corresponds to an email list, for example, gets subscribed to the Folio email list. The servers should send each bulk subscribed member a message asking for confirmation. (Todd, 8/1/2011)
Subscription interface is buggy. Logged in as Todd Davies, I was able to subscribe Tim Luo to the Advising Fellows folio on Symsys. He showed up in the dropdown after I typed his first name, and the subscription went through. Typing Clayton Mellina's name (or just "Clayton"), I get no drop down options, and if I type "Clayton Mellina's primary email contact method" into the subscription window, logged in as Todd Davies, I get an error that says I have to choose one of the options in the dropdown menu, even though that is a valid item name and EmailContactMethod. When I try to delete or edit the subscription between Tim Luo and the Advising Fellows folio, I don't get an edit or deactivate button, even though I created the subscription. I get these buttons if I log in as Admin, and can then deactivate the subscription. If I try to destroy it, I get a server error. If I then click on the subscription item in Recent Changes, I also get a server error. (Todd, 8/1/2011)
Other things to do
* redesign logo so it includes "Symbolic Systems Program"
* make links to Symsys internal pages work in static documents
* Give way to show options when completing a text box (e.g. adding an item to a collection should not require one to type a random character in order to see the options) - make list alphabetical
* Make it so you can add items with no name to a Newsroll
* Get and install more memory
* Give more data about each version in Versions metadata display (e.g. datetime, updater)
* Discussion viewer - full page view of comment threads
* Make event links in calendar shareable
* Truncate event description in div onlick from calendar
* Go through permissions and do sanity check for different categories of users
* Expand search beyond name field; combinatorial search, etc.
* If someone makes a layout and screws up django template syntax, the site is completely screwed. Come up with failsafe
* If you go to "new" and one of the initial model fields is permission denied (e.g., you're creating a membership on a collection you aren't allowed to modify_membership for, or creating a comment on an item you can't reply to), let the user know
* the destroy action notice will never be read by anyone (since all permissions are effectively denied)
* Methods that have to do with sending emails (about action notices) should go in EmailContactMethod, not ActionNotice
* The viewer should probably define a list of actions for each item type to be displayed in a menu
* Probably don't need auto-load modules: INSTALLED_APPS is more explicit and familiar
* Figure out correct way to manage assets (maybe like in rails)
* figure out how we are determining the permission to view comment hierarchy (i.e., comment.commented_item)
* Code cleanup: views, templatetags, and templates, and symsys everything
* Idea for conflicting HTML id attributes with embedded documents: each id has a prefix representing the current item (or a combination of the viewer/action/noun)
* Do a more thorough job ensuring fields are not null (unless allowed_to_be_null_before_destroyed == True). We might have to wait for real model-based validations (Django 1.2).
Django bugs
-----------
* Fix the multiple inheritance bug
- http://code.djangoproject.com/ticket/10808
* Either rewrite save_versioned so that we don't have nested transactions (when after_create and permissions call save_versioned again) or wait for this bug to be fixed
- http://code.djangoproject.com/ticket/2227
* HTML special chars are being escaped twice in RSS feeds
- http://code.djangoproject.com/ticket/6533
* Advanced search
* CustomURL layouts should inherit from parent CustomURL layouts
* Email alias field, optional for each address; could look for Postmaster spam using cron job each minute
Layout
------
Interface
---------
* Threaded comment viewer with plus/minuses, but only at the top level (collapsed by default). When you visit a textdocument, you can have a comment in query string which gets highlighted and expanded, and highlight also highlights the transclusion (first chronologically)
* Make the action at top-right of item more of a javascript menu, like in gmail
* There should be a full interface for specifying CommentLocations
* Some sort of arrows in the side-by-side comment interface, or just click->highlight/scroll (just for TextDocuments right now)
* Include hCard in user profiles
* Include iCal export of calendar
* Nicer autocompleter (jquery plugin?)
* Make things more user friendly, i.e. making the accordion more easily understandable.
Documentation
-------------
* Document more functions with docstrings more
* Generate some sort of API doc website
Small Details
-------------
Unusual things to remember
--------------------------
* In order to know that X is a member of Y, you only need to have permission to "view item" for the Membership
* The Meta class of a model does not get propagated to the ItemVersion
* remember to fully respect active=0 everywhere, like in groups, comments, etc.
* There are cases when there is a cur_agent but no associated account (anonymous, login_as other)
* Some code (especially recursive comments and memberships) assumes that immutable fields actually cannot change
- This also assumes that `active` can only change in deactivate() and reactivate(), and items are always created active
* Don't forget to update crystal icons for new models
* If someone has permission to edit the body of an item, we allow them to add transclusions in some situations (TextDocumentViewer.edit)
* We do not [knowingly] support OneToOneFields and ManyToManyFields in item types
New Functionality (longer term)
Distant Future (sorted by approximate order of planned implementation)
----------------------------------------------------------------------
* Allow widgets to specify stylesheet and javascripts to add to the layout.
* Write PermissionCache.filter_agents_by_permission so we can display which agents have a particular ability w.r.t. an item.
* Specific-version destroying
* Edit locks (merging, or even synchro editing)
* Implement some sort of SiteAlias so a Site can have more than one hostname
* Internationalize using ugettext_lazy
* Add Shortcut (maybe call it Reference) item type, with one subclass like ItemShortcut that just points to another item, and others like URLShortcut that point to webpages
* Customizable email template per site that gets sent out for each notification
* When HtmlDocuments are uploaded, the server should do checks to make sure there is nothing malicious.
* Facebook API
* Installation-to-installation API
- Allow, as an option, an alias to refer to the hostname of the installation, such as i-numbers (to allow a consistent identifier when people change hostnames for their installation).
* Think about PermissionActionNotices (where you need permission to view_permissions).
* Add options to subscriptions, like which kinds of action notices you want and whether you want to subscribe to the entire comment thread.
* Add other types of subscriptions, like text messages / IMs
* Add exceptions to subscriptions, so you can deeply subscribe to an itemset or item, but cut off certain parts you want to ignore
* Captchas
* Way to subscribe to "all items", such that the subscription will include newly created items.
* We will eventually want to have a item_type table
* More efficient versioning (like like latest version in db, but have deltas to prev versions)
- Consider not necessarily having linear deltas. If we start with version 1, a spammer comes in and messes it up for version 2, and I "edit" version 1 so that it becomes version 3, the delta would be more efficient if it knew I started with version 1 in order to get to version 3.
* We're going to have to integrate permissions into binary files (e.g., MediaDocument) so that users can't bypass Deme and download things from Apache directly.
- I'd like to have a settings option where you either have apache with no permissions, django with no permissions, or django with full permissions (or maybe later a workaround with apache and permissions based on cookie)
* More dynamic way of setting whether certain fields can be blank (or other constraints) within an installation.
* Have XML output and stuff
* User-friendly item type creator (like cck in drupal)
* Maybe events can have multi-field dates, like you can specify the year and month but not the day and time.
* When matching SiteDomain in alias, match iteratively until all subdomains are gone, so if we have deme.com, then www.deme.com matches unless already taken
* Add to ImageDocument metadata like width, height, exif, and a pointer to a thumbfile or 2
* Temporal history viewer that lets you look at the state of the world at a given time (e.g., the roster of a group 1 year ago)
* In CustomUrl, we should prevent top level names like 'static' and 'item' and 'modules', although not a big deal since it doesn't overwrite
* later, think about adding back "edit downcast". we'll have to think about
- what happens when viewer2 inherits from viewer1, and viewer2 item type subclasses viewer1 item type, and viewer2 inherits the edit/update functionality?
- make it work better when you downcast an item in the editor, with versioning backward, and calling actions that should be called on create
* work on google app engine
Performance
-----------
* add indexes on things besides foreign keys, like name, description (for search)
- Maybe Postgres has some nice full-text indexing for good searching
* we need multi-column indexes for permissions (so far it doesn't look like it's helping)
- we'll try http://docs.djangoproject.com/en/dev/howto/initial-data/#howto-initial-data
* Use spaceless tag to compress whitespace
- Be careful, since it will screw with body_str in TextDocumentViewer.show
* When admin (id=1) adds an item, no need to by default include the permission that he gets do_anything
Investigate cloud hosting: Google App Engine, Linode.com
Add support for clashing edits (Todd, 6/22/2011)
Unify collection viewer with list action, include bulk actions such as bulk deactivate/reactivate/destroy, and if possible bulk edit where you can change some fields without modifying others, better sorting of any type (without violating permissions to view the name)
Fix captcha or better prevent spam in anonymous postings
Improve search. It should search for more fields than just the name (but keep permissions in mind), and it shouldn't require exact match
We need a bulk uploader for ImageDocuments, so you can upload a bunch of photos without having to fill out a fresh form (html5 http://code.google.com/p/jquery-html5-upload/). (Todd)
Should support graphic layout design within Deme, e.g. for DjangoTemplateDocuments, or at least editing the standard menus (Navigation menu). Potentially a set of skins (Todd, 12/4/10)
Permission setting should have a much easier interface. Replace unchecked versus checked box with minus and plus to indicate negative and positive permissions. Create hierarchies of permissions so that one setting can result in a whole bunch of abilities being assigned. (Todd, 12/4/10)
If the memory upgrade does not solve stability issues, then do something else about it
Deme project site should save permissions data in between restarts. I lost global abillities settings I had created for Anonymous on the Deme site after a recent restart. I had taken away create abilities for Anonymous so we wouldn't get spam and hacking attempts. (Todd, 12/4/2010)
validate new ViewerRequest.viewer
Figure out robust caching invalidation scheme for Deme
|==========|
SYMSYS
Symsys: Symsys Affiliates cannot edit their own passwords and password questions by default. This should be changed. May be a general feature of Deme Accounts. (Todd, 2/8/2011)
Merge performance changes made directly on symsys site into git repository (Mike 12/4/10)
Symsys: We need a way to distinguish a student career that ended in graduation from one that ended with them leaving the degree program. E.g. Emilie Dannenberg, undeclared the B.S. and then declared a minor. If i mark her as "finished' with the B.S. career, she gets added to alums, which is not right. But if I give her an end date in her B.S. career without checking finished, she is still active in the B.S. career even after the end date has passed. (Todd, 2/17/2011)
from Todd:
We recently had a case on Symsys of the deme-on deactiving a membership
(13908) for reasons I don't understand. Rosenn Cima was taken out of the
Advising Fellows group
(http://symsys.stanford.edu/viewing/item/recentchanges?page=10) at around
the time she added herself to the HCI Concentration.
from Mike: Anytime someone creates/edits/deactivates/reactives a SymsysCareer
(note: this is not an affiliate, but a career, which an affiliate has
zero or more of), _guarantee_consistency_after_changes is called. It
looks at the properties of the affiliate, and makes a list of groups
that the *affiliate* should be a member of, and adds them to groups
they aren't part of and removes them from groups they shouldn't be in.
You're looking at the Advising Fellow group, so I will paste below the
code that determins whether they are in that group
(modules/symsys/models.py line 255):
if any(x.actual_item_type() == ProgramStaffSymsysCareer and
x.finished == True and x.programstaffsymsyscareer.admin_title ==
'Advising Fellow' for x in my_careers):
groups.append(get_or_create_group('past_af'))
if any(x.actual_item_type() == ProgramStaffSymsysCareer and
x.finished == False and x.programstaffsymsyscareer.admin_title ==
'Advising Fellow' for x in my_careers):
groups.append(get_or_create_group('present_af'))
For reference, my_careers =
SymsysCareer.objects.filter(symsys_affiliate=agent, active=True)
Is this consistent with what's happening? Does Rosenn have a
ProgramStaffSymsysCareer with finished=False and admin_title='Advising
Fellow'?
Symsys: Items added to a newsroll viewer diaplay the title to people who have permission NOT Do anything. For example, anonymous users cannot do anything with http://symsys.stanford.edu/viewing/event/14634, but Frontpage News viewer displays the title to all users. (Todd, 4/18/2011)
Symsys: Adding Symsys affiliates is too cumbersome - needs to be streamlined (Todd)
Symsys: Change "occupation" to "affiliation" for Symsys affiliates. (Todd
Symsys: Let's make the end date for a Symsys career be YYYY-12-31 instead of YYYY-01-01
Symsys: Need to enable Webauth logins. Get SSL working (Todd). Update 7/7/2011: we've been asked to either do this or disable Webauth option on Symsys until it is available.
Deme/Symsys: When I click on create new Deme Account while viewing a SymsysAffiliate, I get "You do not have permission to create authentication methods." even though I can create the account. (Todd, 12/4/10)
Academic Year Research Opportunities, Other Opportunities, and Jobs lead to New HTML Document when the Create new button is pressed. Should create a new HTML Advertisement instead. This is what the nav menu link for new jobs does. All these should be collections of HTML Adverstisements, not HTML Documents generally.
Upgrade symsyshoster to see more than 3.2gb memory: http://www.cyberciti.biz/faq/ubuntu-linux-4gb-ram-limitation-solution/ (Mike, 12/4/10)
Symsys module
-------------
* come up with specification for new symsys layout
* Figure out how to port mailing lists over
- announce list == manually created subscriptions with special permissions, such that you cannot unsubscribe, and announcements are just comments on the group
Mike's TODO list
================
2011-06-09
----------
* calculcatehistory breaks on destroyed items
2011-06-04
----------
* Maybe we need a db_index on email_list_address
* Group can have multiple folios
* Diff viewer
* Warn if editing when someone else is editing or just made a new version that you haven't seen yet
* Advanced fields is hacky the way it's done, and if there is a validation error in one of them, you don't see it unless you expand
* Form popups are hacky, don't do permissions, all fields
* Wait for https://code.djangoproject.com/ticket/16159 or rather https://code.djangoproject.com/ticket/15321 to get fixed (for uniqueness error in email_list_address)
* Wait for https://code.djangoproject.com/ticket/13781 to get fixed (in order to be able to use select_related in things with multiple inheritance like TextComment)
* Email-list-related fields in item aren't displayed anywhere (unless you go to edit)
* Start using django logging in email handling when we upgrade to django 1.3
Friday June 5 notes
-------------------
* Change more buttons to jquery ui buttons
* add customizable columns to list view
* Get forward links to include breadcrumbs (difficult problem, since there are so many forward links)
* Come up with better breadcrumb url if possible
* Create concentration groups for faculty that they can join and leave at will.
* Spreadsheet UI with hierarchy like finder (regular view)
- http://ludo.cubicphuse.nl/jquery-plugins/treeTable/doc/index.html
- Won't let us have DAG or incrementally load data using ajax
- http://www.hanpau.com/index.php?page=jqtreetable
- Even simpler, no ajax
- http://trirand.com/jqgrid/jqgrid.html
- Most flexible, looks funny though, but currently uses nested set model which we don't use
* Consider what to do with other permissions, like 'modify_membership' and 'view action_notices' and 'view_permissions', maybe we could unify names
Thursday May 29 notes
---------------------
* maybe later, automatically generate the foreignkey field permissions
Friday May 22 notes
-------------------
Priorities for symsys site
* Blog-like viewer that views collections of arbitrary items, items can be in multiple collections (like categories)
- Advertisements will be displayed in blog viewer, except blog viewer needs to check "expires_at" field
* Calendar with upcoming events to embed on home page
Friday May 15 notes
-------------------
* Try to move comment generating pages to the ItemViewer with a current item. Probably same with transclusions and highlights and contact methods and stuff.
Friday may 1 notes
------------------
* AF group gets permission to do things to careers, except confer them (only Bachelor and Minor careers), and they'll have a special declare view that does things automatically without giving them permission to change them later.
* If a user makes something on their career private, then the AF just can't view it.
* Everything I wrote above is wrong. AFs are automatically included in the default permissions with do_anything. Actually, nevermind: we can't let them view transcripts.
Absolutely necessary
--------------------
* Extract classes like AIMContactMethod to other modules
* Navigation and layout (NEEDS MORE DISCUSSION)
* Figure out the group hierarchy to have for Symsys.
- We might need an after_modify_permissions callback
* Make sure there is an interface to create new careers/students/whatever, confer them, and all of the permissions will be set by default here (or somehow in the model).
* Make an interface to upload a thesis
Nice to have
------------
* More sophisticated event day/time stuff.
Sprint priorities
* Email lists
* Email notifications - better wording
* Default Deme layout
* remove "Subscribe" button from views when not logged in
* Rename "More" button to "Item Data"
* Hide Items pulldown bar, Item Type icon, and breadcrumbs, as well as Metadata menu, when Item Data is minimized; Show all of these when "Item Data" is clicked
* Don't display "Login as" in Login pulldown options if there is no one to log in as
* Symsys homepage
* Webauth timing issue
* Pull new data from old Symsys
* Move from beta to Symsys
* Certificate transfer?
* Set up Todd's blog Mindroll
* Make password setting easier
* Migrations
* Change wording of Related Items in metadata menu