-
Notifications
You must be signed in to change notification settings - Fork 3
/
TODO
192 lines (183 loc) · 19.6 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
Django bugs
-----------
* Fix the multiple inheritance bug
- http://code.djangoproject.com/ticket/10808
* Either rewrite save_versioned so that we don't have nested transactions (when after_create and permissions call save_versioned again) or wait for this bug to be fixed
- http://code.djangoproject.com/ticket/2227
* HTML special chars are being escaped twice in RSS feeds
- http://code.djangoproject.com/ticket/6533
* Wait for https://code.djangoproject.com/ticket/16159 or rather https://code.djangoproject.com/ticket/15321 to get fixed (for uniqueness error in email_list_address)
* Wait for https://code.djangoproject.com/ticket/13781 to get fixed (in order to be able to use select_related in things with multiple inheritance like TextComment)
Legitimate bugs
---------------
+ When in New Item menu the back button will close the menu but not go back one step. For example: I click agents>anonymous agents and see that it is empty so I click back and that closes the menu instead of going back to agents. (Jimmy, 6/20/2011)
* Diff functionality can break on complicated formatting changes of HTML documents
+ All links need to use default_viewer, not item_type.lower()
+ I get server error when I try to add this HTMLDocument to the Deme Team Blog on Deme.Stanford.edu: http://deme.stanford.edu/viewing/htmldocument/676 (Todd, 10/8/2011)
+ When you deactivate a membership from a collection and try to reactivate it, the membership creator doesn't check to see if a deactivated membership exists and creates a new one. This leads to a server error. (Jimmy 8/19/11)
+ Modify privacy settings ability doesn't work on symsys site (boxes just grayed out). (Mike 2011-09-28)
+ Subscription interface is buggy. Logged in as Todd Davies, I was able to subscribe Tim Luo to the Advising Fellows folio on Symsys. He showed up in the dropdown after I typed his first name, and the subscription went through. Typing Clayton Mellina's name (or just "Clayton"), I get no drop down options, and if I type "Clayton Mellina's primary email contact method" into the subscription window, logged in as Todd Davies, I get an error that says I have to choose one of the options in the dropdown menu, even though that is a valid item name and EmailContactMethod. When I try to delete or edit the subscription between Tim Luo and the Advising Fellows folio, I don't get an edit or deactivate button, even though I created the subscription. I get these buttons if I log in as Admin, and can then deactivate the subscription. If I try to destroy it, I get a server error. If I then click on the subscription item in Recent Changes, I also get a server error. (Todd, 8/1/2011)
* Even if you don't have permission to edit the name, the field still shows up in the edit form (but ultimately you can't change it).
Interface
---------
* Truncate event description in div onlick from calendar
* Make the action at top-right of item more of a javascript menu, like in gmail
* There should be a full interface for specifying CommentLocations
* Include hCard in user profiles
* Include iCal export of calendar
+ Make things more user friendly, i.e. making the accordion more easily understandable.
* When an agent logs in for the first time, and other agents have login_as (or do_anything) ability w.r.t. the agent that just logged in, display that in a warning message.
* Make permissions easier to use in general
* When creating ContactMethod or AuthenticationMethod via button from agent's profile viewer, viewer should default autofill the name field to "<Agent>'s [Authentication or Email] Contact Method". We can add populate_name in templatetags/item_tags.py for the link to add contact method or authentication menu. (Todd, 6/20/2011)
+ When the Subscribe button is clicked for an item while user is logged in, the dialogue box should prompt the user with a list of ContactMethods that point to that user, which can be selected for the subscription. (Todd, 7/7/2011)
+ Action summary field should appear in regular view, not advanced options, when editing an item, to encourage updaters to create action summaries. (Todd, 7/10/2011)
* Subscribe should include an RSS option in the interface - just a link to the RSS viewer which provides a subscription dialogue. (Todd, 7/11/2011)
* Transcluded documents should render in HTMLDocument view of the transcluding document. (Todd, 7/11/2011)
* Permissions displayed in Item Data menu should include negative permissions (e.g."As Anonymous you cannot * View body"). (Todd, 7/11/2011)
* Permission failure message should tell the user why they do not have permission. (Todd, 8/2/2011)
+ If you click away from an HTMLDocument you are editing (e.g. by clicking on Modify Permissions during editing), you can lose your edits. Back clicking goes to a fresh edit page. This should be fixed so that people don't lose their edits. (Todd 2011-09-13)
* Member Of widget should say "This item is not a member ony Collections" if it has no Memberships. (Todd, 10/3/2011)
+ The viewer for a Webpage item should show the URL of the link and provide way to open it in a new window/tab. (Todd, 8/2/2011)
+ In the email about a located comments we should put in two lines and show the comment for context. (Jimmy 9/10/2011)
* The viewer for a Collection and the one for Groups both have the same buttons: "Add an item to this Collection" and "Become a member of <Collection>." The latter button only makes sense for Groups, not Folios and other types of Collections. The former does not make sense for Groups. (Todd, 8/2/2011)
+ Default Deme layout
* remove "Subscribe" button from views when not logged in
* Rename "More" button to "Item Data"
* Hide Items pulldown bar, Item Type icon, and breadcrumbs, as well as Metadata menu, when Item Data is minimized; Show all of these when "Item Data" is clicked
* Don't display "Login as" in Login pulldown options if there is no one to log in as
+ Make password setting easier
* Change wording of Related Items in metadata menu
* Change more buttons to jquery ui buttons
* add customizable columns to list view
* Get forward links to include breadcrumbs (difficult problem, since there are so many forward links)
* Come up with better breadcrumb url if possible
* We need a bulk uploader for ImageDocuments, so you can upload a bunch of photos without having to fill out a fresh form (html5 http://code.google.com/p/jquery-html5-upload/). (Todd)
* Permission setting should have a much easier interface. Replace unchecked versus checked box with minus and plus to indicate negative and positive permissions. Create hierarchies of permissions so that one setting can result in a whole bunch of abilities being assigned. (Todd, 12/4/10)
+ Navigation and layout (NEEDS MORE DISCUSSION)
* Discussion viewer - full page view of comment threads
* Make event links in calendar shareable
* If you go to "new" and one of the initial model fields is permission denied (e.g., you're creating a membership on a collection you aren't allowed to modify_membership for, or creating a comment on an item you can't reply to), let the user know
* Give more data about each version in Versions metadata display (e.g. datetime, updater)
* Spreadsheet UI with hierarchy like finder (regular view)
- http://ludo.cubicphuse.nl/jquery-plugins/treeTable/doc/index.html
- Won't let us have DAG or incrementally load data using ajax
- http://www.hanpau.com/index.php?page=jqtreetable
- Even simpler, no ajax
- http://trirand.com/jqgrid/jqgrid.html
- Most flexible, looks funny though, but currently uses nested set model which we don't use
* When viewing a Folio and expanding the Accordion the viewer does not adjust width and overlaps the accordion. Might not be an issue since we're getting rid of the accordion.
Documentation
-------------
* Document more functions with docstrings more
* Generate some sort of API doc website
Unusual things to remember
--------------------------
* In order to know that X is a member of Y, you only need to have permission to "view item" for the Membership
* The Meta class of a model does not get propagated to the ItemVersion
* remember to fully respect active=0 everywhere, like in groups, comments, etc.
* There are cases when there is a cur_agent but no associated account (anonymous, login_as other)
* Some code (especially recursive comments and memberships) assumes that immutable fields actually cannot change
- This also assumes that `active` can only change in deactivate() and reactivate(), and items are always created active
* Don't forget to update crystal icons for new models
* If someone has permission to edit the body of an item, we allow them to add transclusions in some situations (TextDocumentViewer.edit)
* We do not [knowingly] support OneToOneFields and ManyToManyFields in item types
New Functionality (longer term)
-------------------------------
+ Auto-complete needs overhaul
- Including ability to select items with no name
- Give way to show options when completing a text box (e.g. adding an item to a collection should not require one to type a random character in order to see the options) - make list alphabetical
* Recent Changes does not show changes to permissions. It seems like it should do this for a user who has global Do anything, and also if a user is the one who made the permissions change. (Todd, 4/20/2011)
+ Related items should include itmes that the current item points to, in addition to the already included items that point to the current item
* Versions should add a field for "Minor Change" - a boolean checkbox to indicate unsubstantial difference with previous version. This could be used to display only the most recent version in a chain of Minor Changes in the default view of Versions of an Item. (Todd, 8/1/2011)
* Be able to destroy individual versions
* The creator of an Item should be able to create EmailContactMethod subscriptions to the Item. There should be a way to specify that every member of a group whose Folio corresponds to an email list, for example, gets subscribed to the Folio email list. The servers should send each bulk subscribed member a message asking for confirmation. (Todd, 8/1/2011)
+ Thumbnails in the list/collection/group viewers
* If you destroy a comment, the subcomments won't appear in the same thread since there is no evidence they are descendents of the destroyed comment's parent. (Mike 2011-09-08)
* I'd like to be able to create a new Item (not subtyped), to attach comments to. (Todd, 10/3/2011)
* The list viewer should allow you to refer to related items (a particular field) in a column, which will load all related items and display that field, as permissions allow. Sorting and searching will also need to be implemented. Maybe this would use subgrids? (Mike 2011-09-12)
+ Have an "other" field for priority on Project. When the user specifies "other" then a dialog box will show up on the form to set a custom status. (Jimmy, 9/8/2011)
* Consider how to set permissions on comments, based on the permissions of the parent item. For example, if you have a very private item, and someone posts a comment on it, should the comment be just as private? Should it be just the default, or should it be enforced, and should it be dynamic whenever either permission changes? Should it be based on the parent item, or the top-most item? How do we reconcile abilities which are not shared between the items (for example, if the parent item is Agent with invisible name, how do we set the visibility of the comment body? E.g. http://symsys.stanford.edu/viewing/webpage/16235 (comment was public by default)
* Fix captcha or better prevent spam in anonymous postings
* Group can have multiple folios
* Should support graphic layout design within Deme, e.g. for DjangoTemplateDocuments, or at least editing the standard menus (Navigation menu). Potentially a set of skins (Todd, 12/4/10)
+ Improve search. It should search for more fields than just the name (but keep permissions in mind), and it shouldn't require exact match
* More sophisticated event day/time stuff.
* Advanced search; combinatorial search, etc.
Distant Future (sorted by approximate order of planned implementation)
----------------------------------------------------------------------
* Allow widgets to specify stylesheet and javascripts to add to the layout.
* Write PermissionCache.filter_agents_by_permission so we can display which agents have a particular ability w.r.t. an item.
+ Specific-version destroying
* Implement some sort of SiteAlias so a Site can have more than one hostname
* Internationalize using ugettext_lazy
* Add Shortcut (maybe call it Reference) item type, with one subclass like ItemShortcut that just points to another item, and others like URLShortcut that point to webpages
* Customizable email template per site that gets sent out for each notification
* When HtmlDocuments are uploaded, the server should do checks to make sure there is nothing malicious.
* Facebook API
* Installation-to-installation API
- Allow, as an option, an alias to refer to the hostname of the installation, such as i-numbers (to allow a consistent identifier when people change hostnames for their installation).
* Think about PermissionActionNotices (where you need permission to view_permissions).
* Add options to subscriptions, like which kinds of action notices you want and whether you want to subscribe to the entire comment thread.
* Add other types of subscriptions, like text messages / IMs
* Add exceptions to subscriptions, so you can deeply subscribe to an collection or item, but cut off certain parts you want to ignore
* Captchas
* Way to subscribe to "all items", such that the subscription will include newly created items.
* We will eventually want to have a item_type table
* More efficient versioning (like like latest version in db, but have deltas to prev versions)
- Consider not necessarily having linear deltas. If we start with version 1, a spammer comes in and messes it up for version 2, and I "edit" version 1 so that it becomes version 3, the delta would be more efficient if it knew I started with version 1 in order to get to version 3.
* We're going to have to integrate permissions into binary files (e.g., MediaDocument) so that users can't bypass Deme and download things from Apache directly.
- I'd like to have a settings option where you either have apache with no permissions, django with no permissions, or django with full permissions (or maybe later a workaround with apache and permissions based on cookie)
* More dynamic way of setting whether certain fields can be blank (or other constraints) within an installation.
* Have XML output and stuff
* User-friendly item type creator (like cck in drupal)
* Maybe events can have multi-field dates, like you can specify the year and month but not the day and time.
* When matching SiteDomain in alias, match iteratively until all subdomains are gone, so if we have deme.com, then www.deme.com matches unless already taken
* Add to ImageDocument metadata like width, height, exif, and a pointer to a thumbfile or 2
* Temporal history viewer that lets you look at the state of the world at a given time (e.g., the roster of a group 1 year ago)
* In CustomUrl, we should prevent top level names like 'static' and 'item' and 'modules', although not a big deal since it doesn't overwrite
* Synchro editing
* later, think about adding back "edit downcast". we'll have to think about
- what happens when viewer2 inherits from viewer1, and viewer2 item type subclasses viewer1 item type, and viewer2 inherits the edit/update functionality?
- make it work better when you downcast an item in the editor, with versioning backward, and calling actions that should be called on create
* work on google app engine
Performance
-----------
* add indexes on things besides foreign keys, like name, description (for search)
- Maybe Postgres has some nice full-text indexing for good searching
* we need multi-column indexes for permissions (so far it doesn't look like it's helping)
- we'll try http://docs.djangoproject.com/en/dev/howto/initial-data/#howto-initial-data
* Use spaceless tag to compress whitespace
- Be careful, since it will screw with body_str in TextDocumentViewer.show
* When admin (id=1) adds an item, no need to by default include the permission that he gets do_anything
* Maybe we need a db_index on email_list_address
* Figure out robust caching invalidation scheme for Deme
Code correctness
----------------
* validate new ViewerRequest.viewer
* Unify collection viewer with list action, include bulk actions such as bulk deactivate/reactivate/destroy, and if possible bulk edit where you can change some fields without modifying others, better sorting of any type (without violating permissions to view the name)
* Advanced fields is hacky the way it's done, and if there is a validation error in one of them, you don't see it unless you expand
* Form popups are hacky, don't do permissions, all fields
* Email-list-related fields in item aren't displayed anywhere (unless you go to edit)
* Start using django logging in email handling when we upgrade to django 1.3
* Consider what to do with other permissions, like 'modify_membership' and 'view action_notices' and 'view_permissions', maybe we could unify names
* maybe later, automatically generate the foreignkey field permissions
* Try to move comment generating pages to the ItemViewer with a current item. Probably same with transclusions and highlights and contact methods and stuff.
* Extract classes like AIMContactMethod to other modules
* Use virtualenv for simpler installation and dependencies (Mike, 2011-09-29)
* CustomURL layouts should inherit from parent CustomURL layouts
* Do a more thorough job ensuring fields are not null (unless allowed_to_be_null_before_destroyed == True). We might have to wait for real model-based validations (Django 1.2).
* Probably don't need auto-load modules: INSTALLED_APPS is more explicit and familiar
* Figure out correct way to manage assets (maybe like in rails)
* figure out how we are determining the permission to view comment hierarchy (i.e., comment.commented_item)
* Code cleanup: views, templatetags, and templates, and symsys everything
* Idea for conflicting HTML id attributes with embedded documents: each id has a prefix representing the current item (or a combination of the viewer/action/noun). In general though, we definitely have an issue where we assume a given HTML container will only be loaded once.
* Go through permissions and do sanity check for different categories of users
* If someone makes a layout and screws up django template syntax, the site is completely screwed. Come up with failsafe
* the destroy action notice will never be read by anyone (since all permissions are effectively denied)
* Methods that have to do with sending emails (about action notices) should go in EmailContactMethod, not ActionNotice
* The viewer should probably define a list of actions for each item type to be displayed in a menu
Obsolete
--------
* A comment posted via the Web to an item in a folio generates a comment on the overall folio. I posted a comment on http://symsys.stanford.edu/viewing/webpage/16235 and it got posted as a comment on http://symsys.stanford.edu/viewing/folio/31. This might be correct behavior, but I am not sure. I thought comments only got posted in once place. (Todd, 8/2/2011) NOTE: I just noticed that Symsys has not be updated in a while, in particular it doesn't include in the latter updates on email integration. Maybe this is the problem? (Todd, 8/2/2011)
* Recently Viewed widget should display all pages looked at recently (including list pages), not just items. (Todd, 10/3/2011)
* Deme project site should save permissions data in between restarts. I lost global abillities settings I had created for Anonymous on the Deme site after a recent restart. I had taken away create abilities for Anonymous so we wouldn't get spam and hacking attempts. (Todd, 12/4/2010)