/
TODO
184 lines (175 loc) · 18.5 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
Django bugs
-----------
* Fix the multiple inheritance bug
- http://code.djangoproject.com/ticket/10808
* Either rewrite save_versioned so that we don't have nested transactions (when after_create and permissions call save_versioned again) or wait for this bug to be fixed
- http://code.djangoproject.com/ticket/2227
* HTML special chars are being escaped twice in RSS feeds
- http://code.djangoproject.com/ticket/6533
* Wait for https://code.djangoproject.com/ticket/16159 or rather https://code.djangoproject.com/ticket/15321 to get fixed (for uniqueness error in email_list_address)
* Wait for https://code.djangoproject.com/ticket/13781 to get fixed (in order to be able to use select_related in things with multiple inheritance like TextComment)
Legitimate bugs
---------------
* Diff functionality can break on complicated formatting changes of HTML documents
+ All links need to use default_viewer, not item_type.lower()
--- can't reproduce (Michael 6/1/2013) + When you deactivate a membership from a collection and try to reactivate it, the membership creator doesn't check to see if a deactivated membership exists and creates a new one. This leads to a server error. (Jimmy 8/19/11)
--- can't reproduce (Michael 6/1/2013) + If you destroy an item that is a member of a collection, it gives an error in viewing the collection because the membership of the destroyed item in the collection is not destroyed. Collection viewer should be modified so this doesn't happen. (Todd, 2/15/2012; updated 5/11/12)
+ Modify privacy settings ability doesn't work on symsys site (boxes just grayed out). (Mike 2011-09-28)
+ Creator of a Membership does not get permission to deactivate/destroy that Membership. I think this is a bug. (Todd 2/18/2012)
--- Not relevant (Michael 6/1/2013) + Layout does not render properly in IE8. Must scroll down to see the page. This needs to be fixed asap. (Todd 5/7/2012)
--- Not relevant (Michael 6/1/2013) + Fix bug with grid view occluding metadata window. When viewing all the items (viewing 100 at a time on the item menu) the top banner disappears behind the list viewer. When creating an html document TinyMCE overlaps with the banner and metadata window when you scroll. (Jimmy 10/27/11; Todd 5/11/12)
* Cannot edit FileDocuments by uploading new version (Todd, 5/11/11
* Destroying items may cause an error because the outgoing email code will try to access created_at which is now None.
--- Fixed (Michael 6/1/2013) + Pulldown selector does not reliably autocomplete - often requires multiple backspacings and other fiddling, and sometimes does not work at all (Todd, 9/27/12)
Interface
---------
* There should be a full interface for specifying CommentLocations
* Include hCard in user profiles
* When an agent logs in for the first time, and other agents have login_as (or do_anything) ability w.r.t. the agent that just logged in, display that in a warning message.
* Make permissions easier to use in general (add read_anything and write_anything)
* When creating ContactMethod or AuthenticationMethod via button from agent's profile viewer, viewer should default autofill the name field to "<Agent>'s [Authentication or Email] Contact Method". We can add populate_name in templatetags/item_tags.py for the link to add contact method or authentication menu. (Todd, 6/20/2011)
* Subscribe should include an RSS option in the interface - just a link to the RSS viewer which provides a subscription dialogue. (Todd, 7/11/2011)
* Transcluded documents should render in HTMLDocument view of the transcluding document. (Todd, 7/11/2011)
* Permissions displayed in Metaata menu should include negative permissions (e.g."As Anonymous you cannot * View body"). (Todd, 7/11/2011)
* Permission failure message should tell the user why they do not have permission. (Todd, 8/2/2011)
* Permission changes should be included in Action Notices (5/11/2012)
+ If you click away from an HTMLDocument you are editing (e.g. by clicking on Modify Permissions during editing), you can lose your edits. Back clicking goes to a fresh edit page. This should be fixed so that people don't lose their edits. (Todd 2011-09-13)
* Member Of widget should say "This item is not a member of ony Collections" if it has no Memberships. (Todd, 10/3/2011)
+ The viewer for a Webpage item should show the URL of the link and provide way to open it in a new window/tab. (Todd, 8/2/2011)
+ In the email about a located comment we should put in two lines and show the comment for context. (Jimmy 9/10/2011)
+ The viewer for a Collection and the one for Groups both have the same buttons: "Add an item to this Collection" and "Become a member of <Collection>." The latter button only makes sense for Groups, not Folios and other types of Collections. The former does not make sense for Groups. (Todd, 8/2/2011)
+ Default Deme layout
* Make Item Type clickable in Item Details panel of Metadata - takes to Item type hierarchy
* Don't display "Login as" in Login pulldown options if there is no one to log in as
+ Make password setting easier
+ Create an automatic password reset feature (require user to have email contact method to do this)
* Change wording of Related Items in metadata menu (done?, 5/11/2012)
* Change more buttons to jquery ui buttons for consistency
* add customizable columns to list view (e.g. in Group viewer)
+ make list tables resizable (5/11/12)
* Get forward links to include breadcrumbs, including clickable arrows to get to all links from A to B (difficult problem, since there are so many forward links); could include history arbitrarily far back, with no link arrow when you get to a page without clicking on a link from another page
* Come up with better breadcrumb url if possible
* We need a bulk uploader for ImageDocuments, so you can upload a bunch of photos without having to fill out a fresh form (html5 http://code.google.com/p/jquery-html5-upload/). Take default image doc name from file name. (Todd)
--- done (Michael 6/1/2013) * Permission setting should have a much easier interface. Replace unchecked versus checked box with minus and plus to indicate negative and positive permissions.(Todd, 12/4/10)
* Discussion viewer - full page view of comment threads - implement by letting metadata viewer take over main window
* If you go to "new" and one of the initial model fields is permission denied (e.g., you're creating a membership on a collection you aren't allowed to modify_membership for, or creating a comment on an item you can't reply to), let the user know
* Give more data about each version in Versions metadata display (e.g. datetime, updater)
* Spreadsheet UI with hierarchy like finder (regular view)
- http://ludo.cubicphuse.nl/jquery-plugins/treeTable/doc/index.html
- Won't let us have DAG or incrementally load data using ajax
- http://www.hanpau.com/index.php?page=jqtreetable
- Even simpler, no ajax
- http://trirand.com/jqgrid/jqgrid.html
- Most flexible, looks funny though, but currently uses nested set model which we don't use
* In a long document (I tested a 700 page document to see what would break) the line does not show up for located comments. (Jimmy 10/27/11)
* Action drop-down menu should display action when in progress (e.g. when in Edit view, Action menu should display "Edit" (Todd 2/27/2012)
* List viewer should have a Submit button to make it easier for users to see how to filter item types. (Todd, 2/29/12)
+ Search should include an option to include Deactivated items. Right not it is very hard to find and reactivate a membership, for example. (Todd, 9/27/12)
+ Redo group viewer with nice UI
Documentation
-------------
* Document more functions with docstrings more
* Generate some sort of API doc website
Unusual things to remember
--------------------------
* In order to know that X is a member of Y, you only need to have permission to "view item" for the Membership
* The Meta class of a model does not get propagated to the ItemVersion
* remember to fully respect active=0 everywhere, like in groups, comments, etc.
* There are cases when there is a cur_agent but no associated account (anonymous, login_as other)
* Some code (especially recursive comments and memberships) assumes that immutable fields actually cannot change
- This also assumes that `active` can only change in deactivate() and reactivate(), and items are always created active
* Don't forget to update crystal icons for new models
* If someone has permission to edit the body of an item, we allow them to add transclusions in some situations (TextDocumentViewer.edit)
* We do not [knowingly] support OneToOneFields and ManyToManyFields in item types
New Functionality (longer term)
-------------------------------
+ Auto-complete needs overhaul
- Including ability to select items with no name
+ Related items should include itmes that the current item points to, in addition to the already included items that point to the current item
* Be able to destroy individual versions
* The creator of an Item should be able to create EmailContactMethod subscriptions to the Item. There should be a way to specify that every member of a group whose Folio corresponds to an email list, for example, gets subscribed to the Folio email list. The servers should send each bulk subscribed member a message asking for confirmation. (Todd, 8/1/2011)
+ Person has photo field
* If you destroy a comment, the subcomments won't appear in the same thread since there is no evidence they are descendents of the destroyed comment's parent. (Mike 2011-09-08)
* I'd like to be able to create a new Item (not subtyped), to attach comments to. (Todd, 10/3/2011)
* The list viewer should allow you to refer to related items (a particular field) in a column, which will load all related items and display that field, as permissions allow. Sorting and searching will also need to be implemented. Maybe this would use subgrids? (Mike 2011-09-12)
+ Have an "other" field for priority on Project. When the user specifies "other" then a dialog box will show up on the form to set a custom status. (Jimmy, 9/8/2011)
* Consider how to set permissions on comments, based on the permissions of the parent item. For example, if you have a very private item, and someone posts a comment on it, should the comment be just as private? Should it be just the default, or should it be enforced, and should it be dynamic whenever either permission changes? Should it be based on the parent item, or the top-most item? How do we reconcile abilities which are not shared between the items (for example, if the parent item is Agent with invisible name, how do we set the visibility of the comment body? E.g. http://symsys.stanford.edu/viewing/webpage/16235 (comment was public by default)
* Fix captcha or better prevent spam in anonymous postings: use javascript and absolute positioning to create words that are not predictable unless a human reads it
* Group can have multiple folios
* Should support graphic layout design within Deme, e.g. for DjangoTemplateDocuments, or at least editing the standard menus (Navigation menu). Potentially a set of skins (Todd, 12/4/10)
+ Improve search. It should search for more fields than just the name (but keep permissions in mind), and it shouldn't require exact match
* Advanced search; combinatorial search, etc.
Distant Future (sorted by approximate order of planned implementation)
----------------------------------------------------------------------
* Allow widgets to specify stylesheet and javascripts to add to the layout.
* Write PermissionCache.filter_agents_by_permission so we can display which agents have a particular ability w.r.t. an item.
* Implement some sort of SiteAlias so a Site can have more than one hostname
* Internationalize using ugettext_lazy
* Add Shortcut (maybe call it Reference) item type, with one subclass like ItemShortcut that just points to another item, and others like URLShortcut that point to webpages
* Customizable email template per site that gets sent out for each notification
* When HtmlDocuments are uploaded, the server should do checks to make sure there is nothing malicious.
* Facebook API
* Installation-to-installation API
- Allow, as an option, an alias to refer to the hostname of the installation, such as i-numbers (to allow a consistent identifier when people change hostnames for their installation).
* Add other types of subscriptions, like text messages / IMs
* Add exceptions to subscriptions, so you can deeply subscribe to an collection or item, but cut off certain parts you want to ignore
* Way to subscribe to "all items", such that the subscription will include newly created items.
* We will eventually want to have a item_type table
* More efficient versioning (like like latest version in db, but have deltas to prev versions)
- Consider not necessarily having linear deltas. If we start with version 1, a spammer comes in and messes it up for version 2, and I "edit" version 1 so that it becomes version 3, the delta would be more efficient if it knew I started with version 1 in order to get to version 3.
* We're going to have to integrate permissions into binary files (e.g., FileDocument) so that users can't bypass Deme and download things from Apache directly.
- I'd like to have a settings option where you either have apache with no permissions, django with no permissions, or django with full permissions (or maybe later a workaround with apache and permissions based on cookie)
* More dynamic way of setting whether certain fields can be blank (or other constraints) within an installation.
* Have XML output and stuff
* User-friendly item type creator (like cck in drupal)
* Maybe events can have multi-field dates, like you can specify the year and month but not the day and time.
* When matching SiteDomain in alias, match iteratively until all subdomains are gone, so if we have deme.com, then www.deme.com matches unless already taken
* Add to ImageDocument metadata like width, height, exif, and a pointer to a thumbfile or 2
* Temporal history viewer that lets you look at the state of the world at a given time (e.g., the roster of a group 1 year ago)
* In CustomUrl, we should prevent top level names like 'static' and 'item' and 'modules', although not a big deal since it doesn't overwrite
* Synchro editing
* later, think about adding back "edit downcast". we'll have to think about
- what happens when viewer2 inherits from viewer1, and viewer2 item type subclasses viewer1 item type, and viewer2 inherits the edit/update functionality?
- make it work better when you downcast an item in the editor, with versioning backward, and calling actions that should be called on create
* work on google app engine
Performance
-----------
* add indexes on things besides foreign keys, like name, description (for search)
- Maybe Postgres has some nice full-text indexing for good searching
* we need multi-column indexes for permissions (so far it doesn't look like it's helping)
- we'll try http://docs.djangoproject.com/en/dev/howto/initial-data/#howto-initial-data
* Use spaceless tag to compress whitespace
- Be careful, since it will screw with body_str in TextDocumentViewer.show
* When admin (id=1) adds an item, no need to by default include the permission that he gets do_anything
* Maybe we need a db_index on email_list_address
* Figure out robust caching invalidation scheme for Deme
Code correctness
----------------
* validate new ViewerRequest.viewer
* Unify collection viewer with list action, include bulk actions such as bulk deactivate/reactivate/destroy, and if possible bulk edit where you can change some fields without modifying others, better sorting of any type (without violating permissions to view the name)
* Advanced fields is hacky the way it's done, and if there is a validation error in one of them, you don't see it unless you expand
* Form popups are hacky, don't do permissions, all fields
* Email-list-related fields in item aren't displayed anywhere (unless you go to edit)
* Start using django logging in email handling when we upgrade to django 1.3
* Consider what to do with other permissions, like 'modify_membership' and 'view action_notices' and 'view_permissions', maybe we could unify names
* maybe later, automatically generate the foreignkey field permissions
* Try to move comment generating pages to the ItemViewer with a current item. Probably same with transclusions and highlights and contact methods and stuff.
* Extract classes like AIMContactMethod to other modules
* Use virtualenv for simpler installation and dependencies (Mike, 2011-09-29)
* CustomURL layouts should inherit from parent CustomURL layouts
* Do a more thorough job ensuring fields are not null (unless allowed_to_be_null_before_destroyed == True). We might have to wait for real model-based validations (Django 1.2).
* Probably don't need auto-load modules: INSTALLED_APPS is more explicit and familiar
* Figure out correct way to manage assets (maybe like in rails)
* figure out how we are determining the permission to view comment hierarchy (i.e., comment.commented_item)
* Code cleanup: views, templatetags, and templates, and symsys everything
* Idea for conflicting HTML id attributes with embedded documents: each id has a prefix representing the current item (or a combination of the viewer/action/noun). In general though, we definitely have an issue where we assume a given HTML container will only be loaded once.
* Go through permissions and do sanity check for different categories of users
* If someone makes a layout and screws up django template syntax, the site is completely screwed. Come up with failsafe
* the destroy action notice will never be read by anyone (since all permissions are effectively denied)
* Methods that have to do with sending emails (about action notices) should go in EmailContactMethod, not ActionNotice
* The viewer should probably define a list of actions for each item type to be displayed in a menu
Obsolete
--------
* A comment posted via the Web to an item in a folio generates a comment on the overall folio. I posted a comment on http://symsys.stanford.edu/viewing/webpage/16235 and it got posted as a comment on http://symsys.stanford.edu/viewing/folio/31. This might be correct behavior, but I am not sure. I thought comments only got posted in once place. (Todd, 8/2/2011) NOTE: I just noticed that Symsys has not be updated in a while, in particular it doesn't include in the latter updates on email integration. Maybe this is the problem? (Todd, 8/2/2011)
* Recently Viewed widget should display all pages looked at recently (including list pages), not just items. (Todd, 10/3/2011)
* Deme project site should save permissions data in between restarts. I lost global abillities settings I had created for Anonymous on the Deme site after a recent restart. I had taken away create abilities for Anonymous so we wouldn't get spam and hacking attempts. (Todd, 12/4/2010)