Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 288 lines (209 sloc) 12.441 kb
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
1 ################################################################################
2 # Structures_DataGrid TODO File #
3 ################################################################################
6b9f7f9 added cvs file id
Olivier Guilyardi authored
4 CSV file id: $Id$
43bf2c7 added TODO :
Olivier Guilyardi authored
5
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
6 Remarks about this file :
7 - each entry should be separated by a "-" line
8 - each entry should have a title formatted as :
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
9 TODO <number> - <summary> (<pear user name>) - Priority: High|Medium|Low
6aae0a4 fixed TODO 3: added support for custom attributes to the XML renderer ; ...
Olivier Guilyardi authored
10 - once an entry is fixed, I recommend not to remove it. Mark it as "Done" instead
11 and move it to the "Done Items Archive" (at the bottom of this file).
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
12
13 --------------------------------------------------------------------------------
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
14 TODO 1 - SQL sort expression support (olivierg) - Priority: Medium
43bf2c7 added TODO :
Olivier Guilyardi authored
15
16 Ensure that when one sets Column::orderBy with an SQL expression (like an
17 SQL function etc...) the SQL based drivers properly pass this expression
18 to the backend
19
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
20 --------------------------------------------------------------------------------
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
21 TODO 2 - SQL sort expression / field name mapping (olivierg) - Priority: Medium
43bf2c7 added TODO :
Olivier Guilyardi authored
22
23 if Column::orderBy is an SQL expression then it does not make sense for
24 this expression to make the trip to and back from the browser. Let's
25 the take the following example :
26
d16a4eb use more useful example in TODO 2
Olivier Guilyardi authored
27 $column->setOrderBy("REPLACE(title, '\"', '')");
28
29 A such expression allows to sort titles properly, whether they start by
30 a double-quote or not (I already needed this is in a real-world case).
43bf2c7 added TODO :
Olivier Guilyardi authored
31
32 With the current implementation, this expression is likely to
33 be printed directly into the html links, with something like :
d16a4eb use more useful example in TODO 2
Olivier Guilyardi authored
34 <a href="...?orderBy=REPLACE%28title%2C+%27%22%27%2C+%27%27%29">
43bf2c7 added TODO :
Olivier Guilyardi authored
35
36 It might work, but it raises a security issue, because we can't properly
37 escape that string before including it into our SQL query. In this
38 context, when one supplies a value with setOrderBy(), it should be
39 required to also have something set with setField()
40
41 Example :
42 $column->setLabel("The Bar");
43 $column->setField("bar");
d16a4eb use more useful example in TODO 2
Olivier Guilyardi authored
44 $column->setOrderBy("REPLACE(title, '\"', '')");
43bf2c7 added TODO :
Olivier Guilyardi authored
45
46 Should produce links like :
47 <a href="...?orderBy=bar">
48
49 And when generating SQL, this "bar" value should be mapped to the
d16a4eb use more useful example in TODO 2
Olivier Guilyardi authored
50 orderBy value : SELECT ... ORDER BY REPLACE(title, '\"', '')
51
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
52 --------------------------------------------------------------------------------
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
53 TODO 4 - Ensure protection against SQL injection (olivierg) - Priority: Medium
43bf2c7 added TODO :
Olivier Guilyardi authored
54
55 - Are orderBy, direction and page HTTP arguments properly escaped before
56 they are included in SQL queries ?
65b9af8 added note to TODO 4 and won't fix TODO 12
Olivier Guilyardi authored
57
58 --> Answer: they are NOT (at least with DBDO). I just changed this for the
59 direction argument, but securing the orderBy value(s) is a bit more
60 challenging. The best way to fix this IMO is explained in TODO 2
61
43bf2c7 added TODO :
Olivier Guilyardi authored
62 - Could we write security tests that try to perform SQL injection ?
63
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
64 --------------------------------------------------------------------------------
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
65 TODO 5 - Don't fetch data if it not needed (wiesemann) - Priority: Medium
6b9f510 - add a new TODO task (we don't need to fetch the data for all renderers...
Mark Wiesemann authored
66
67 - renderers like Pager or HTMLSortForm don't need all data: Pager needs
68 only the number of records, HTMLSortForm needs only the field names
69
70 - Olivier's (agreed and accepted) idea for this from a bug report:
71 <<<
72 In this regard, I think that
73 a mechanism similar to the DataSource "features" (hasFeature(),
74 setFeatures(), etc...) could be needed.
75 There could then be features like "renderLimits",
76 "renderContent" (both true by default) and the DataGrid would
77 "ask" with :
78 if ($renderer->hasFeature('renderLimits')) {count the rows}
79 if ($renderer->hasFeature('renderContent')) {fetch the rows}
b88b8d4 format TODO ; add TODO #6
Olivier Guilyardi authored
80 >>>
81
82 --------------------------------------------------------------------------------
8eeb922 added TODOs and FIXME
Olivier Guilyardi authored
83 TODO 7 - Using Datasources out of SDG (olivierg) - Priority: Medium
84
85 Document how to use the DataSource layer out of SDG, as an abstract way to fetch
86 tabular data from a variety of sources.
87
88 --------------------------------------------------------------------------------
89 TODO 8 - "Custom renderers" manual page (olivierg) - Priority: Medium
90
91 This manual page is not finished.
7902ef0 - added three new TODO items
Mark Wiesemann authored
92
93 --------------------------------------------------------------------------------
94 TODO 9 - Debugging (?) - Priority: Medium
95
96 Add some debugging possibilities, e.g. similar to the way DBDO does it.
97
98 --------------------------------------------------------------------------------
99 TODO 11 - Allow access to the record set (?) - Priority: Medium
100
101 Users should be able to access the record set. This can be achieved either by
102 a new method in the core class or by a new (rather trivial) array renderer.
f91dba7 add TODO
Olivier Guilyardi authored
103 (Idea/request from Gregor Gramlich)
104
105 --------------------------------------------------------------------------------
292becc added TODO 15 & 16
Olivier Guilyardi authored
106 TODO 15 - Custom DataObjects (olivierg) - Priority: Medium
107
108 For a customer I've been asked to provide a faster replacement for DB_DataObject.
109 My DataObject class has the same interface as DB_DataObject, however SDG won't bind
110 it, even if I force the type in DataGrid::bind(). This is because
111 SDG_DS_DataObject::bind() does an intrusive test to ensure that the source is a
112 DB_DataObject.
113
114 --------------------------------------------------------------------------------
d9552fa added author, priority and updated TODO 16
Olivier Guilyardi authored
115 TODO 16 - Write mode (olivierg) - Priority: Medium
292becc added TODO 15 & 16
Olivier Guilyardi authored
116
117 In order to eventually allow users to edit the data, the DataSource layer now
118 has new insert(), update() and delete() prototypes (see DataSource.php CVS
119 revision 1.24)
120
c4713a9 added roadmap to TODO 16 and created TODO 17
Olivier Guilyardi authored
121 - design the abstract writeMode DataSource interface - Done
122 - make DataSource drivers support writeMode
123 - Array: Irrelevant (arrays are not persistent)
124 - CSV: Todo
125 - DB: Won't fix
126 - DBQuery: Won't fix
127 - DBTable: Done
128 - DataObject: Todo
129 - MDB2: Todo
130 - RSS: Todo
131 - XML: Todo
b30b80f added TODO 19 about DataSource::filter() and TODO 20 about Column::link(...
Olivier Guilyardi authored
132 - implement DataSource::filter() to be able to retrieve a specific row
133 by its primary key (see TODO 19)
c4713a9 added roadmap to TODO 16 and created TODO 17
Olivier Guilyardi authored
134 - test these drivers out of SDG
135 - code GET/POST arguments parsing into DataGrid.php
136 - create a new Renderer_HTMLEditForm driver
137 - couple it all together (that's the funny part ;)
138
b30b80f added TODO 19 about DataSource::filter() and TODO 20 about Column::link(...
Olivier Guilyardi authored
139 Also see the TODO 20 for a way to couple an HTMLTable with an HTMLEditForm.
140
c4713a9 added roadmap to TODO 16 and created TODO 17
Olivier Guilyardi authored
141 --------------------------------------------------------------------------------
142 TODO 17 - HTMLDetailView Renderer (olivierg) - Priority: Medium
143
144 In the .NET DataGrid/GridView, there's a thing called "DetailView". It
145 is rather useful. It is primarily meant for displaying one record at a
146 time with all details, while the grid has less details by definition.
147
148 We need a such thing that's for sure. And it shouldn't be that hard to
149 code. Additionally, it implies coding some routines to handle passing
150 a unique record identifier, which we'll need for TODO 16.
292becc added TODO 15 & 16
Olivier Guilyardi authored
151
b30b80f added TODO 19 about DataSource::filter() and TODO 20 about Column::link(...
Olivier Guilyardi authored
152 --------------------------------------------------------------------------------
153 TODO 19 - DataSource::filter() (olivierg) - Priority: Medium
154
155 Implement the filter(array(field => value, ...)) method in some DataSource drivers
156 to filter the data by one or more fields values.
157
158 Ex :
159 filter(array('f1' => 'foo', 'f2' => 'bar' )
160 => SELECT ... WHERE f1 = 'foo' AND f2 = 'bar' ...
161
162 --------------------------------------------------------------------------------
163 TODO 20 - Column::link() (olivierg) - Priority: Medium
164
165 The Link method would help linking two datagrid instances, as in:
166 http://www.samalyse.com/code/pear/linked_grids
167
168 Calling (pseudo-code):
169 $column = new Column();
170 $datagrid1->addColumn($column);
171 $column->link($datagrid2, array('f1', 'f2'))
172
173 should format the column to contain links like: ?f1=<value>&f2=<value>
174 (where values would differ from row to row, like with normal formatters)
175
176 The $datagrid2 instance could be rendererd as an HTMLTable or anything else,
177 including an HTMLEditForm.
178
daefbf7 fixed TODO 20
Olivier Guilyardi authored
179 This is related to TODO 16 and 19
b30b80f added TODO 19 about DataSource::filter() and TODO 20 about Column::link(...
Olivier Guilyardi authored
180
5636b42 - new TODO item about unit tests
Mark Wiesemann authored
181 --------------------------------------------------------------------------------
182 TODO 21 - Unit tests improvements (?) - Priority: Medium
183
184 Improve the unit test suite, especially with the following items
185 * class Structures_DataGrid_DataSource_SQLQuery: test subquery handling in
186 combination with ORDER BY detection (c.p. Bug #13339)
187 * (to be continued)
61990f0 - new TODO item
Mark Wiesemann authored
188
6aae0a4 fixed TODO 3: added support for custom attributes to the XML renderer ; ...
Olivier Guilyardi authored
189 ####################### Done Items Archive #########################
190
191 --------------------------------------------------------------------------------
192 TODO 3 - XML attributes set from the Column object (olivierg) - Priority: Medium - Done
193
194 The HTML driver renders the Column::atribs, but attributes are also
195 valid with XML, and should also be rendered by the XML renderer.
f768661 - fixed TODO 6: new SDG_Column::format() method for easy date and number
Olivier Guilyardi authored
196
197 --------------------------------------------------------------------------------
198 TODO 6 - Predefined column formatters (olivierg) - Priority: Medium - Done
199
200 There are common formatting needs such as date, numbers. These could be achieved
201 with predefined column formatters.
202
6aae0a4 fixed TODO 3: added support for custom attributes to the XML renderer ; ...
Olivier Guilyardi authored
203
204 --------------------------------------------------------------------------------
205 TODO 10 - Remove constants (wiesemann) - Priority: High - Done
206
207 Remove the new constants for Renderers and DataSources (STRUCTURES_DATAGRID_*),
208 use strings insteads. To be discussed: Renderer file for HTML_Table is named
209 HTMLTable.php, 'HTML_Table' as parameter for render()/fill() would be more
210 precise and consistent. Similar for DataObject.php (=> DB_DataObject),
211 DBTable.php (=> DB_Table), Console.php (=> Console_Table) and others.
212
213 --------------------------------------------------------------------------------
f768661 - fixed TODO 6: new SDG_Column::format() method for easy date and number
Olivier Guilyardi authored
214 TODO 12 - Let renderers access Column objects directly (olivierg)
215 - Priority: High - WON'T FIX
216
217 When refactoring the rendering layer, I thought Column objects were like Records
218 objects: a waste of memory. So i tried to minimize their use, thinking we could
219 suppress them in the future. That's mainly why I chose to make renderers completely
220 ignore the existence of these Column objects.
221
222 But I now realize they're very useful, and the $_columns property is now what wastes
223 memory by duplicating all of the informations contained in $_columnObjects.
224
225 Additionally, such options as columnAttributes are redundant with the informations
226 contained in Column objects, etc...
227
228 We should change this ASAP, so that it does not cause too many BC breaks for
229 people who are writing their own renderers.
230
231 I propose to remove the $_columnObjects property, and put Column objects references
232 directly into $_columns
233
234 => WON'T FIX, because :
235
236 - It does work the way it is. It is not perfect and it will never be.
237 - I tried several times to "fix" this, and it is far from
238 trivial. Everytime it has raised several other quite complex issues.
239
240 Conclusion:
241 With the current design a Rendering driver is not supposed to know
242 anything about Column objects, and this strict separation seems to be
243 useful as far as I can tell (separating layers usually helps when
244 handling complexity).
245
246 However, on the user-side, there's no reason to minimize the use of
247 Column objects. The Renderers just do not know anything about them directly.
248
249 --------------------------------------------------------------------------------
6aae0a4 fixed TODO 3: added support for custom attributes to the XML renderer ; ...
Olivier Guilyardi authored
250 TODO 13 - Add a FAQ to the documentation (wiesemann) - Priority: Medium - Done
251
252 One FAQ would be: "How can I use multiple grids on one page?" (cp. bug #8392)
253
254 --------------------------------------------------------------------------------
255 TODO 14 - Repair handling of numbers in mkmanual.sh (wiesemann)
256 - Priority: Medium - DONE
257
258 The current version of mkmanual.sh breaks phpDoc comments like the one of
259 getCurrentRecordNumberStart(). The '0' after 'or:' gets lost and is missing
260 in the manual, therefore.
d8911b4 - new 'printfURL' auto-formatter for url-encoding + printf
Olivier Guilyardi authored
261
262 --------------------------------------------------------------------------------
263 TODO 18 - Easy HTML link maker (olivierg) - Priority: Medium - WON'T FIX
264
265 I wrote the prototype of SDG_Column::makeHtmlLink() but it still needs to be
266 implemented. It's a rather straight-forward idea :
267
268 $column->makeHtmlLink("Edit", "product_id", "edit.php");
269
270 More in makeHtmlLink()'s docblock
271
272 WON'T FIX: the new Column::format() method is flexible enough to replace
273 makeHtmlLink()
274
c9e268e - update TODO file: PDO driver and the needed changes in SDG are ready
Mark Wiesemann authored
275 --------------------------------------------------------------------------------
276 TODO 21 - new SQLQuery DataSource driver (wiesemann) - Priority: Medium - Done
277
278 The current DBQuery and MDB2 DataSource drivers should be merged into a
279 new SQLQuery DataSource driver. The old drivers should then be marked
280 as deprecated.
281
282 The new driver could also support PDO and/or the PEARified Doctrine
283 package.
284
285 => Implementation: new PDO DataSource driver; all SQL query based drivers use
286 now a common base class (SDG_DS_SQLQuery); new driver (e.g. for Doctrine)
287 can easily be added, without having to duplicate large parts of code
Something went wrong with that request. Please try again.