forked from svenfuchs/adva_cms
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTODO
321 lines (215 loc) · 10.2 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
This is just a collection of ideas, notes, ressource and less important stuff.
Please refer to the issue tracker at
http://artweb-design.lighthouseapp.com/projects/13992-adva_cms/overview
[theme] separate login and admin/login pages (same thing, different layout) ?
[feature] admin section: have an activity center/dashboard where engines can register their
widgets (partials) to. e.g.: "x comments are awaiting your approval",
"Please change your administrator password!" etc.
[fix] wiki categories aren't that common. should be available, but probably not by default.
possible solution: have a section setting "manage categories for this section"? that would
even allow to manage categories per Section, but requires to explicitely turn it on.
[theme] microformat everything: hcard, hatom
git commit -a --author "mseppae <[email protected]>"
# missing specs
[specs] controllers: spec various error conditions like record not found
[specs] spec usage of xss_terminate in one place (so that one can easily
see which attributes get filtered and which don't)
[specs] spec assets
[specs] spec widgets
# resources
viking http://github.com/technoweenie/viking/tree/master
defensio http://blog.teksol.info/2008/3/4/mephisto-defensio-refactored-to-patterns
acts_as_snook http://github.com/rsl/acts_as_snook/tree/master
mollom http://mollom.com/features
ruby-mollom http://github.com/DefV/ruby-mollom/tree/master
authentication http://authentication.rubyforge.org/
apache multisite config http://www.appelsiini.net/2007/6/mephisto-multiple-site-config
/public/cache/www.example.org/
# users
[feature] ajax users online feature?
[feature] have a config option to allow users to register for all sites or per site (?)
# forum
use categories to model sub-forums + forum lists?
use a separate Board model for sub-forums?
recent posts list
feeds
hot topics
topic activity since last visit (highlight topics that have changed since the user read them last)
hits ?
monitorship for forum topics, wikipages, blog articles etc.
moderatorships => role :moderator
add a description and description_html to sections?
list forum moderators?
refactor to generic actions that check permissions and then delegate the
command to the target model?
current_user.act :create, :topic, params[:topic] (or something like that)
this is what tentacle does:
create_table "monitorships", :force => true do |t|
t.integer "profile_id"
t.integer "topic_id"
t.boolean "active", :default => true
t.timestamps
end
generally: breadcrumbs
validation on has_many :through join tables:
def uniqueness_of_relationship
if self.class.exists?(:profile_id => profile_id, :topic_id => topic_id, :active => true)
errors.add_to_base("Cannot add duplicate profile/topic relation")
end
end
# activity
[fix] deactivate activity tracking for associated objects when section, article etc. is deleted (?)
[feature] observe user registration, deactivation ....
[feature] observe section, category, asset creation etc.
# general
[enhance] how to move observer config from environment.rb to init.rb?
# themes
[enhance] decouple admin interface through using a themeable instead of site
[major] add liquid layer (drops + helpers) (?) » add an ActionView Liquid template handler?
[major] port a simple liquid theme and test it with drops (?)
# content
[major] add attachments for wikipages (are they also in beast?)
# Rails
got bitten by this for the second time now:
def caches_page(*actions)
# return unless perform_caching
page caching is turned off globally
test_1 requires class MyModel caches_page :foo end
no after_filter is added
test_2 turns page caching on and requires class MyModel (which was already loaded, so requiring is skipped)
still no after_filter added so page caching does not kick in
Asset Helpers: apparently they need a server restart to rebuild a cached file when it got deleted
Currently there's no method to expire compiled templates.
http://pastie.org/private/2vqi8gnfwfepjtb3mz6aa
Lifo says Rails edge makes it easier
Role::Admin.new :object => nil seems to run into SystemStackError with:
class Role belongs_to :object, :polymorphic => true
class Role::Admin < Role
force certain after_filters to be run even if the filter chain has been halted:
:after_filter => :bla, :force => true
section.articles.maximum(:position) returns nil when table is empty. shouldn't that be 0?
ActionController::Base#layout can't be restricted to certain formats, can it? (see BlogController + feeds)
section.radio_button :type, type (and other helpers) should create an id="section_type_blog"
even when the section is a blog (i.e. that's an STI related bug)
wikipage routing/controller: change :id to :permalink ... doesn't seem to work with resources
http://dev.rubyonrails.org/ticket/6814 => wontfix
http://archive.jvoorhis.com/articles/2006/08/01/announcing-resource_hacks => seems to break url_helpers
def to_param
"#{username.gsub(/[^a-z0-9]+/i, '-')}" if self.username
end
# better_nested_set
add before_move and after_move hooks to better_nested_set
# cacheable_flash
make cacheable_flash behave transparent (do not clear flash after writing it to the cookie)
rational: controller specs should work and controllers behave correctly
not matter if the plugin is installed or not
after_filter won't be called when the filter chain is halted. maybe an around_filter is a better choice?
# rspec
[patch] changed to following. ask for a patch:
Spec::Rails::Example::ControllerExampleGroup.class_eval do
def params_from(method, path, env = {})
ensure_that_routes_are_loaded
env.merge!({:method => method})
ActionController::Routing::Routes.recognize_path(path, env)
end
end
PROJECT ----------------------------------------------------------------------
Website
Design
Documentation
overview-level
tech-level
howtos
Plugins
Themes
Mailinglist
Bugtracker + GitHub
RESOURCES --------------------------------------------------------------------
Themes
http://quotedprintable.com/pages/scribbish
http://mad.ly/about/
http://powazek.com/posts/516
http://powazek.com/depo-skinny
http://warpspire.com/hemingway/
http://wordpress.org/
http://www.bestwpthemes.com/
http://railsgrunt.com/
http://labs.reevoo.com/
http://haddock.org/
Research other CMS features
wordpress
movable type
http://railfrog.com/
http://slateinfo.blogs.wvu.edu
http://opensource.bitscribe.net/page/Bitswiki (wiki)
http://almosteffortless.com/eldorado/ (forum)
http://www.rubyinside.com/community-engine-rails-plugin-that-adds-social-networking-to-your-app-901.html
http://somerandomdude.net/srd-projects/bitcons/
http://somerandomdude.net/srd-projects/clearbits
NOTES ------------------------------------------------------------------------
check http://josevalim.blogspot.com/2008/06/easy-http-cache.html
http://github.com/josevalim/easy-http-cache/tree/master
check http://ultraviolet.rubyforge.org/
check http://code.bitsweat.net/svn/redirect_back
check http://code.bitsweat.net/svn/implicit_respond_to
check http://rubymatt.rubyforge.org/mailtrap/ for mail-related dev
check Google Syntax Highlighter ?
check http://jquery.com/blog/2008/06/09/jquery-ui-v15-released-focus-on-consistent-api-and-effects/
check http://github.com/rpheath/input_css/tree/master
check http://github.com/rtomayko/rdiscount/tree/master (RedCloth replacement in C)
check fleximage http://github.com/Squeegy/fleximage/tree/master
check http://github.com/walf443/classx/tree/master
check http://github.com/tokumine/awesome_nested_set/tree/master
# Spam protection
Users should be able to add and configure custom spam filters easily.
Users should be able to configure the applications response to spam filter
results flexibly.
Spam filters can be registered to the application (e.g. from a plugin). There
are built-in spam filters for Akismet and Defensio as well as a Default Filter.
For a Site (maybe later: for a Section) one can activate and configure which
spam filters are active. One can also change the order in which the spam filters
will be run.
When a Comment is created a spam filter chain is assembled and run. Each filter
can add to the spam analysis results. The results are then accumulated to a
final spaminess value. The individual analysis results can be saved for
statistical reports.
Filters can decide to halt the execution of futher filters on certain conditions.
E.g. when the user is logged in with a certain role a filter might skip executing
additional filters and report a spaminess of 0.
After the filter chain has been run the application judges how to handle the
comment. It might be approved, pushed to the moderation queue, marked as spam
or even deleted.
In any case when a Comment is eventually marked as ham or spam by either the
application or the user every filter is given the chance to report back to
their backend if the spam status does not match their initial analysis.
class Comment
acts_as_spam_report_set
end
acts_as_spam_report_set
has_many :spam_reports
attr :spaminess
def add_spam_report(filter, result)
spam_reports << SpamReport.create! :priority => filter.priority, ...
end
def update_spaminess
sum = spam_reports.inject(0){|report, sum| sum += report.spaminess }
self.spaminess = sum / spam_reports.size
end
class SpamReport
attr :priority
attr :engine
attr :spaminess
attr :data
end
# Sanitizing input
contact xss_terminate developer regarding improvements/refactorings
http://code.google.com/p/xssterminate/
http://actsassanitized.devjavu.com/browser/lib/acts_as_sanitized.rb
http://code.google.com/p/sanitizeparams/
http://safe-erb.rubyforge.org/svn/plugins/safe_erb/
http://code.google.com/p/xss-shield/
http://www.ruby-forum.com/topic/133285
http://blog.thinkrelevance.com/2008/1/17/never-untaint
http://blog.thinkrelevance.com/2008/1/9/is-your-rails-app-xss-safe
# Dependency/reloading issues collect
User(#34074500) expected, got User(#13312670)