When you create the projects, the url should be a hash or a UID, not the ID of the project, the ID of the project is a auto increment number, which will tell how many projects there are.

Add navbar link and login page.

In the URLS page either separate words by - not _ .

Potential things to consider down the line

• Gmail extra dots make emails unique.
• Show unverified emails
• Put the form functions in a more compact interface. ie. in that top card panel, implement multiple functionalities:
  • make public
  • make primary
  • delete

When the fixture creates the profile it doesn't link the profile to a user, also, the user's password should be in a password format, not plain text.

email address should probably not be primary key in user model, because people will want to change their email address.

Navbar:

• Publish/Contribute
• About
  • about physionet
  • faqs
  • contact
• Content
  • Data
  • Software
  • Challenge

Footer: Put contact info and some other content possibly.

Create the page/form letting a user create a project.

Put DOI field in PublishedProject so that there's one for each version, and remove it from BaseProject.

Implement all functionality, including confirmation email.

Running the following command:

 python manage.py shell < resetdbs.py

raises an error:

In [14]: Operations to perform:
  Apply all migrations: admin, auth, contenttypes, project, sessions, user
Running migrations:
  Applying user.0001_initial... OK
  Applying contenttypes.0001_initial... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0001_initial... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying project.0001_initial... OK
  Applying sessions.0001_initial... OK
  Applying user.0002_auto_20170921_2056... OK
  Applying user.0003_auto_20170929_1459... OK

In [15]: 
In [15]: 
In [16]: 
In [17]: 
In [18]: 
In [19]: 
In [19]: 
In [20]:     ...:     ...:     ...:     ...: Installed 3 object(s) from 1 fixture(s)
---------------------------------------------------------------------------
OperationalError                          Traceback (most recent call last)
<ipython-input-20-4b0c042487be> in <module>()
      2     app_fixtures_dir = os.path.join(settings.BASE_DIR, app, 'fixtures')
      3     if os.path.isdir(app_fixtures_dir) and os.path.isfile(os.path.join(app_fixtures_dir, app+'.json')):
----> 4         execute_from_command_line(['manage.py', 'loaddata', app])
      5 

/usr/local/lib/python2.7/site-packages/django/core/management/__init__.pyc in execute_from_command_line(argv)
    365     """
    366     utility = ManagementUtility(argv)
--> 367     utility.execute()

/usr/local/lib/python2.7/site-packages/django/core/management/__init__.pyc in execute(self)
    357             sys.stdout.write(self.main_help_text() + '\n')
    358         else:
--> 359             self.fetch_command(subcommand).run_from_argv(self.argv)
    360 
    361 

/usr/local/lib/python2.7/site-packages/django/core/management/base.pyc in run_from_argv(self, argv)
    292         handle_default_options(options)
    293         try:
--> 294             self.execute(*args, **cmd_options)
    295         except Exception as e:
    296             if options.traceback or not isinstance(e, CommandError):

/usr/local/lib/python2.7/site-packages/django/core/management/base.pyc in execute(self, *args, **options)
    343             if self.requires_migrations_checks:
    344                 self.check_migrations()
--> 345             output = self.handle(*args, **options)
    346             if output:
    347                 if self.output_transaction:

/usr/local/lib/python2.7/site-packages/django/core/management/commands/loaddata.pyc in handle(self, *fixture_labels, **options)
     62 
     63         with transaction.atomic(using=self.using):
---> 64             self.loaddata(fixture_labels)
     65 
     66         # Close the DB connection -- unless we're still in a transaction. This

/usr/local/lib/python2.7/site-packages/django/core/management/commands/loaddata.pyc in loaddata(self, fixture_labels)
    108         table_names = [model._meta.db_table for model in self.models]
    109         try:
--> 110             connection.check_constraints(table_names=table_names)
    111         except Exception as e:
    112             e.args = ("Problem installing fixtures: %s" % e,)

/usr/local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.pyc in check_constraints(self, table_names)
    293                         primary_key_column_name, column_name, table_name,
    294                         referenced_table_name, column_name, referenced_column_name,
--> 295                         column_name, referenced_column_name,
    296                     )
    297                 )

/usr/local/lib/python2.7/site-packages/django/db/backends/utils.pyc in execute(self, sql, params)
     77         start = time()
     78         try:
---> 79             return super(CursorDebugWrapper, self).execute(sql, params)
     80         finally:
     81             stop = time()

/usr/local/lib/python2.7/site-packages/django/db/backends/utils.pyc in execute(self, sql, params)
     62                 return self.cursor.execute(sql)
     63             else:
---> 64                 return self.cursor.execute(sql, params)
     65 
     66     def executemany(self, sql, param_list):

/usr/local/lib/python2.7/site-packages/django/db/utils.pyc in __exit__(self, exc_type, exc_value, traceback)
     92                 if dj_exc_type not in (DataError, IntegrityError):
     93                     self.wrapper.errors_occurred = True
---> 94                 six.reraise(dj_exc_type, dj_exc_value, traceback)
     95 
     96     def __call__(self, func):

/usr/local/lib/python2.7/site-packages/django/db/backends/utils.pyc in execute(self, sql, params)
     60         with self.db.wrap_database_errors:
     61             if params is None:
---> 62                 return self.cursor.execute(sql)
     63             else:
     64                 return self.cursor.execute(sql, params)

/usr/local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.pyc in execute(self, query, params)
    333     def execute(self, query, params=None):
    334         if params is None:
--> 335             return Database.Cursor.execute(self, query)
    336         query = self.convert_query(query)
    337         return Database.Cursor.execute(self, query, params)

OperationalError: Problem installing fixtures: no such column: REFERRED.id

We need to implement some library or set of rules regarding which file/folder names are illegal, so we can implement them to the profile file forms cleans.

There's probably a standard implementation.

Steps to reproduce:

1. From a fresh database build, login at http://127.0.0.1:8000/login/ as [email protected]
2. Navigate to the Email form at: http://127.0.0.1:8000/settings/emails/
3. Add [email protected] to the "Remove email" form, select [email protected], and click "Remove email"
4. The form behaves as expected ([email protected] is removed) but the notification message says "Your email: [email protected] has been removed from your account."

Add readme for project. Outline steps for running locally.

This is going to be a big issue for deciding and justifying whether to use the default Django option, or whether we should create our own custom definitions, for each authentication functionality.

The views and forms are all up for discussion, but we definitely want to define our own templates for every case. There is zero point in trying to use/adapt/extend/etc the ugly default templates when it is much less hassle to make our own.

To decide on specific views/forms, we have to decide what pages we want. Also, don't think about the django admin functionalities at this point. The pages we will want there will be different, and more straightforward to add in. I believe the following urls and views are appropriate (some inspiration from github settings). Note how I believe that it's cleaner/more visually usable not to provide a single page to edit one's authentication info along with their profile info. This is in contrast to what we may want in the admin page where we can edit all parts of a user/profile at once:

urlpatterns = [
    url(r'^login/$', views.login), # Email and password. Upon success, redirect to userhome.
    url(r'^logout/$', views.logout), # Redirect to home page of site
    url(r'^register/$', views.register), # Email, password, confirm password
    url(r'resetpassword/$', views.reset_password),
    url(r'^home/$', views.user_home), # Personalized home dashboard
    url(r'^users/(?P<email>[\w\-\.]+@[\w\-\.]+)/$', views.profile), # Public profile. No editing done here.
    url(r'settings/profile/$', views.change_profile), # edit profile info such as name, location, etc.
    url(r'settings/password/$', views.change_password),
    url(r'settings/emails/$', views.change_emails), # Each user can have multiple verified emails, one of which is primary
]

Tick each following item for which we should use the default django provision:

• login view - Works as intended. Just have to change settings.LOGIN_REDIRECT_URL. Note, we use the class based view LoginView.as_view() because the view function is deprecated.
• login form - NO. The default form used for the login view is AuthenticationForm which does work. But I want to add some html classes to its fields to make them look better, and add a 'remember me' field. I don't think there is any harm in subclassing this form, keeping all the main functionalities and just overriding the form fields with the exact same code, plus the html attributes we want. In the form's docstring, it even does suggest subclassing it for certain cases.
• logout view - YES. Works as intended. Note, we use the class based view LogoutView.as_view() because the view function is deprecated.
• register view -NO. There is no django default for this.
• register form - NO. There is a usercreationform but we'd end up overriding 95% of it anyway.
• password reset view - YES. Works as intended.
• password reset form - YES. Works as intended.
• profile edit view - NO. There is no django default for this.
• profile edit form - NO. There is no django default for this.
• password edit view - YES. Works as intended. I commented earlier about a weird popup box. That was from firefox password manager. Annoyingly though, it forces a success redirect url. If I set it to the same page, I can't show a 'success' alert since I can't control the view.
• password edit form - YES. Works as intended.
• emails edit view - NO. There is no django default for this.
• emails edit form - NO. There is no django default for this.

Possible reasons for needing custom definitions:

• The default view contains unwanted logic such as unwanted redirects.
• The default views are trying to access certain model fields which we have overwritten, and cannot be stopped from doing so.

For everyone's information, here is the django auth urls file so you can see what views they do have:

urlpatterns = [
    url(r'^login/$', views.LoginView.as_view(), name='login'),
    url(r'^logout/$', views.LogoutView.as_view(), name='logout'),

    url(r'^password_change/$', views.PasswordChangeView.as_view(), name='password_change'),
    url(r'^password_change/done/$', views.PasswordChangeDoneView.as_view(), name='password_change_done'),

    url(r'^password_reset/$', views.PasswordResetView.as_view(), name='password_reset'),
    url(r'^password_reset/done/$', views.PasswordResetDoneView.as_view(), name='password_reset_done'),
    url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
        views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
    url(r'^reset/done/$', views.PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]

Reference: https://docs.djangoproject.com/en/1.11/topics/auth/default/

Issue to list/keep track of periodic jobs the system will have to run.

Every N days:

• delete all unverified non-primary emails.
• delete outstanding invitations past expiration date.

I believe user notifications are a necessary feature to implement. Some uses of a notifications box are for:

• Project review status update
• Being invited to be a project collaborator
• Having storage requests approved/denied

If we're all happy with this idea, I will start a new branch to implement notifications.

Do a complete work flow of how the new PhysioNet website will work.

Set up the Dev and staging Django projects in the server.

Implement the view of a published project.

Published projects should be a snapshot in time (not possible to change them) but there should be a core project that allows additional versions etc to be submitted.

Add/update models for project (core) and publishedproject.

In the primary emails dropdown bar should always display the email and not -------- in the /settings/emails/ page

Currently I don't know how to put datetime fields in fixture files. This would be useful for demo data, and perhaps for future data migrations.

Use the url variable for templates, and the reverse function for views instead.

We need to define and organize custom password validators. Django by default uses:

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': { 'min_length': 8, }
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

which Felipe pointed out is weaker than ideal.

I don't know much about password validators but we should define them in a custom file, I think user/validators.py, which we will add to the AUTH_PASSWORD_VALIDATORS variable in settings.py. We should not define validation rules in the clean functions.

Docs:

• https://docs.djangoproject.com/en/1.11/ref/validators/
• https://docs.djangoproject.com/en/1.11/topics/auth/passwords/#writing-your-own-validator

Would like to gather ideas for searching data in physionet beyond searching for individual records (only waveforms in MIT or EDF format) that satisfy certain criteria. Right now we have the pbs which searches records and annotations (tied to records by name) using information parsed from the header files.

Features which would be nice to have:

• Non-waveform record search. We will be receiving images and other file types in the future.
• Benjamin pointed out that in many cases, there are multiple different records from the same patient. For instance in the mimic waveform database, a patient's waveform and numerics (that occur at the same time) have slightly different names, hence are not seen as related in the search. Can we implement a search that ties together patient information from multiple records/files (aside from using annotation names)?

Perhaps having a standardized csv flat file in database index pages which map files to subjects would be a method. We could generate the search database from those. If so, we would have to figure out the exact structure of that csv.

Please contribute ideas.

Are we going to have a file size limit? how we can deal with files bigger than 100MB or bigger than the limit?

Provide a dataset for new builds. Some suggestions at: https://docs.djangoproject.com/en/1.11/howto/initial-data/

If we keep the changelog, then we have to make it a changelog not a free text input with no snapshot of the time of change.

Add a license file for the project.

After logging in, users should be able to update profile fields.

Complete the reference class. there should be added fields to point to the paper citation and/or other.

We've agreed to rebuild using the Django framework, so a vanilla install of the latest version of Django needs to be added to the repo as a starting point .

Implement everything. Most work is in the form.

For tracking changes that will be made to existing signal names and annotator extensions in files already on physionet.

What is the difference between the user home and the my projects page ?
Apart from projects, are we going to show something else?

Set up testing framework (either Travis or on internal Jenkins server)

Create a logo for the site for display in the site header, marketing materials, etc (being handled by Ken P).

Require users to create a unique username during registration. This username will be used in the public profile URL (see: #57).

What will be in the project admin panel? just the storage requests? if so, then change the name to storage requests.

In the project set owner, it should display the current owner, even if its the only person in the project not --------

In the project branch, collaborators of projects can edit descriptions, upload files, make storage requests, etc. Currently for projects, I have made views for:

1. project overview
2. project metadata (edit metadata)
3. project files (upload/delete... content)
4. project collaborators (view/add/remove collaborators).

I'm about to code up functionality for admins to approve/deny storage requests, which get listed in their project_home view. Aside from the approve/deny button on this page, admins would usually want to check out what the project is about. But does it make sense to give them universal access? ie. to the project_files page where they can upload/create folder/delete items etc.

So overall, which views should the admins have access to, for projects they don't own, if any?

Add a feed of latest published contributions

How are we going to deal with different training courses in the project if they want multiple?
How we add paper citations and references?

Bear in mind, we don't need to talk about names here.

We should distinguish:

1. A published projects section of the site (physiobank).

• Content here can be both open, and protected.
• The point is, people should be looking at physiobank to find all data.
• Content from here should not be directly editable.

2. A projects in works section of the site (physioworks, as in, 'in the works').

• Content originates from here. After a curation step, it may get accepted and transformed into a physiobank project, where it becomes released.
• This section of the site can also be used to edit/update physiobank content, acting as a staging area. Eg. Someone releases 1000 xray images in the xraydb on physiobank. As physiobank content, no-one can directly edit it. But this guy wants to add on 500 more images, so he creates a physionetworks project based on the published state of the physiobank one (automated function obviously). The initial files will be symbolic links (or something similar) so that there is no duplication of files for storage. Then they can add, delete, rename, etc... files without any restriction because the changes only appear in the works project, not the bank one. Finally when they are ready, they can request us to approve the changes and we can push it to physiobank.

The idea is that we separate the published databases section of the site, from the works in progress section of the site. Works should be dedicated to initially setting up databases to publish, and where the editing/updating effort goes into. Using bank and works to separate public and protected projects is counterintuitive and confusing.

Right now, we put potentially sensitive projects, or databases that the owners do not want to make completely open, on physionetworks, because physiobank content is forced to be completely open. A project like MIMIC-III should not be put into a 'works in progress' section solely because we want to protect who has access to it. All sensitive databases with potential PHI under the current scheme would be perpetually placed in a 'in the works' section of the site, even if the project will never be changed. Under the new layout, it would go under physiobank as a protected database.

If you want data, go to bank. If you want to work on a project, go to works.

The "publication requirements" / "request a review" buttons in the projects dont work they href to #, they should point to {% url page-x %}

The public emails checkbox and email are not in the same line in the /settings/emails/ page

I thought we'd raised an issue for this, but I can't see it so maybe not. Currently the personal profile URL includes the user email address (e.g. http://127.0.0.1:8000/users/[email protected]/).

It would be better if the URL was based on a unique user hash (or perhaps a user specified username), because ideally the link should be persistent (even if the user updates their email address/es).