emberfeather / algid Goto Github PK

Provide a shorter way of retrieving plugin settings.

Version comparison and functionality should not be part of the application
sparkplug. Should be made into it's own component and instantiated in the
application sparkplug.

Add in support to be able to have multiple bundles associated with a model
so that it can 'extend' an already existing translation.

Something like:

<cfset addI18NBundle('inc/resource/base', 'modelWithDatagrid') />

The last added bundle should take precedence over the previous bundles.

Change the plugin settings to not be copied from settings.example.json.cfm
but to be extended from defaults.json.cfm and have a default of a blank
struct.

This will make all future updates to settings that the code is expecting to
exist valid with a default value as defined in the defaults.json.cfm but can
be changed via the settings.json.cfm file.

The settings.example.json.cfm file will no longer be necessary.

With the navigation generation the URL variables need to have a place in the
generation of navigation. For instance, if there is a level that should be only
shown when a pageID is in the url and is non-zero then the navigation should
respect that ID and only show the generated level of navigation if the id
requirement(s) are met.

Add the ability for a specific schema to be used when working with
navigation. If no schema is given the change is based of the master schema.

For instance, the master navigation would contain all of the navigation
information. You could apply a permission mask to a specific schema and
only have it affect that schema.

When applying masks it should be able to apply a single mask to multiple
schemas.

One use case for having schemas would be to have a different schema for
multiple domains so that permissions are different based upon the domain.

Allow for the debugging template to be extended by providing hooks that can be called to retrieve and display output.

Research the advantage of having the reading of plugins threaded on the
application sparkplug start.

If it is better performance, thread the read of the plugins to speed the startup.

Add in basic session security mechanisms.

• Ability to restart session if the IP addresses changes
• Manually trigger a session restart application wide
• Log session restarts from possible security issues

Add a warning message object to the session scope in addition to the message, success, and error objects.

See also: http://www.jankoatwarpspeed.com/post/2008/05/22/CSS-Message-Boxes-for-different-message-types.aspx

When trying to completely replace another plugin it would be good to be able
to specify in the settings if the plugin is made to replace another plugin so
that dependency checking does not fail if there is a plugin that can replace
the original.

Currently the debugging template looks for a variable defined called profiler. Need to modify this functionality to look instead for the singleton in the request singleton manager to make it more flexible.

When referencing model ids allow for using a shorthand reference.

For example, instead of using the full uuid it would understand if you passed the first 5 characters and search for IDs that start with those 5 characters. If there is more than one returned then it throws an error for not being able to uniquely identify the id.

Add a cache manager to each plugin on application start.

Allow for the ability to add a script with a fallback.

Needs to include the condition along with the fallback path.

Example:

<!-- Grab Google CDN's jQuery. fall back to local if necessary -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script>!window.jQuery && document.write('<script src="js/jquery-1.4.2.min.js"><\/script>')</script>

Create a master processing component for common processing tasks.

For instance, list filtering form submission into a url redirect.

Use a common stub for the missing singletons instead of creating a new one for each.

When starting up or reinitializing shared scopes need to have the scope locked when writing the information so that pages don't process before the scope is completely setup.

Use the metadata in the model to create the form fields instead of creating them manually.

Ability in navigation to add to the templates that get included instead of just replacing them.

For example, instead of overriding the content page additional content can be displayed by other plugins afterwards. Also works for the processing includes.

Need the to setup ignore the plugin directories. This will help prevent
accidentally adding a plugin directory to a application.

The application reinitialization code should be moved to the request
sparkplug so that any changes to the reinitialization process can be updated
by updating the Algid code base and not have to be updated in all of the
Application components in all applications.

Enable models to have ORM Functionality

When validating a model need to respect the ability for an attribute to have a confirmation value.

Ex:

There can be a password and a password-confirm that need to match values if they are present.

Ability to have an active filter be an array of values. Each value shows individually and can be removed individually.

Allow the template to do a partial content output when the isPartial setting is turned on in the template.

There could be multiple triggers that would cause the isPartial to be true:

Detect the HTTP_X_REQUESTED_WITH header that jquery sends for ajax requests.
Url variable for specifying that the page should be rendered as a partial using isPartial=true

Need to rework the application settings, information, and datasources to be
singletons.

Ability to provide a custom parent path for the navigation to be based off.

EX: Show the level 2 navigation for the /account path regardless of the current path.

Make the detection of Services, Models, and Views be made just in time.

When the application loads it only loads the definitions for the services, models, and views that are contained within the plugin.json.cfm file (usually for overriding other plugins).

Use an application manager singleton for formatting data. Allow for ability add multiple and custom formatters.

Would have a addFormatter(formatter) that would be added to an internal array of formatters.

When formatting is needed, the last formatter added with a matching function will be used to format the value. (LIFO)

For example, can use a formatPhoneUS(value, options) call to format a phone number in the US format. This would search the formatters for a function called phoneUS and call it with the arguments provided.

Currently any time the reinit variable is found in the URL the application
is reinitialized. This should be modified to be more of a protected process.

The application should reinitialize when any of the following happen along
with the reinit variable:

• Is not a production system.
• A user with reinit privileges is making the request.
• A random, long token is posted with the reinit variable that matches the
  value stored in the application's config/reinitToken.cfm configuration
  file.

Add in hooks for onApplicationEnd, onSessionEnd, and onRequestEnd for the
plugins to utilize.

Create a helper object on the session start for tracking form submissions
that can be used by plugins.

Use a unique token for each form/functionality. The key here is that it
won't be automatically submitted by the browser so cookies won't work for
verifying this.

This should also be used on urls that are used to cause an action to occur
(such as deleting) and should be generated each time a new session starts.

Also the tokens should expire after a set time. Normally this would cause
problem with forms that take a long time to work on, such as for the
content plugin, but that can be worked around by saving drafts
periodically. As part of the automatic draft saving it should refresh the
token for the next request.

http://www.owasp.org/index.php/Cross-Site_Request_Forgery

"The more focused the token is to a particular function and/or particular
set of data, the stronger the protection will be, but the more complicated it
will be to construct and maintain"

http://www.cgisecurity.com/csrf-faq.html

"In addition to being tied to the user session it is important to limit the
time peroid to which a token is valid."

Add the sparkplug for the request to be triggered with the onRequestStart of the application and use the request scope.

When using the addLevel() in the currentPage should be able to specify what level you want to add, not just append to the end of the levels.

Also should be able to do a negative position. Ex: addLevel(..., -2) would add to the levels two levels from the last, regardless of how many levels there are.

Add GitHub project support to the setup utility.

Instead of having the main classes on the ULs place them on the surrounding <nav> element.

Add a shortcut function for formatting values in the view using the formatting manager singleton.

Example: format('phoneUS', value, options)

Use i18n labels in the template for themes to use.

Need to rework some of the code that occurs during the application and
session startups to eliminate possible race conditions. For example, doing
this:

var settings = {};

settings.title = "My application";
settings.foo = 42;
settings.bar = 60;
settings.baz = false;

application.settings = settings;

Instead of:

application.settings = {};
application.settings.title = "My application";
application.settings.foo = 42;
application.settings.bar = 60;
application.settings.baz = false;

So that the key always exists for the application or scope.

Allow for a custom value to replace the static navigation title when displaying the navigation.

For example: A navigation title of Account that gets replaced with the Username of the current user when available.

Ability to set a URL to look for the latest version information about a
plugin. This would allow a for an automated system to be built that would
check for updates to the plugin and notify the administrator when new
versions are available.

This needs to be worked into the plugin settings with a URL to look at for new
versions. The URL should point to a json representation of the latest version
that is released and the download link to get it.

Add the ability to use a rich content editor.

Start with using MarkItUp! as the editor.

Add the X-UA-Compatible to the list of http-equiv supported meta keys.

The X-UA-Compatible is used for Chrome Frame triggering.

See http://www.chromium.org/developers/how-tos/chrome-frame-getting-started

Need to modify the app object to be able to differentiate between more than just production and not production.

Currently debugging is turned on whenever the application is not in production mode. In order to prevent plugins from being installed at the inopportune moment the install/upgrades should not be processed while in production.

To prevent the debugging showing and still be able to modify the application the environment is going to consist of three environment options: Production, Development, and Maintenance.

The Development environment will show all debugging output and allow for installing/upgrading plugins.

The Maintenance environment will not show the debugging output and can optionally be used to prevent display of information.

The Production environment will not show the debugging and will indicate that no special treatment is required. This will be the default environment setting so that it defaults to a 'safer' mode of operation.

Make an feature to uninstall a plugin.

Run an uninstall function from the configure component and remove the version file.

Also should check for other plugins that have dependencies on the plugin being uninstalled.

Add the ability for plugins to have their own event observers and be able to create and trigger their own events.

Override the cf-compendium methods for serialization and deserialization to create/check for a __transient key.

If the transient key is found the transient manager will try to be used first to create the object and deserialize the data.

If the transient definition does not exist it can fall back to the default method of creating the object.

When manually adding a level to the currentPage it causes the navigation to be thrown off from the getLevel being wrong.

Need to rework the components that deal with navigation. Need to build in
a few more abilities:

• Should utilize many of the same functions for both query based
  navigation and file based navigation
• Internally store the navigation information in a query to use a common
  approach
• File based navigation should be cached since it is static
• Need to have the better paths for including files when needed

Ensure that the verification of files still works for file based navigations.

Use a query to store information from files (JSON or XML). When using a
database the column names from the getNav function just need to be
consistent for the navigation to work.

Need the cache identifier to unique enough to not be too cached.