product-os / jellyfish Goto Github PK
View Code? Open in Web Editor NEWThe Jellyfish Project
Home Page: https://jel.ly.fish/
License: GNU Affero General Public License v3.0
The Jellyfish Project
Home Page: https://jel.ly.fish/
License: GNU Affero General Public License v3.0
Users should be able to see their own views
Currently the community chat view filters for chat threads, ideally it should just show all chat messages that the user can see. To implement this we will need to ensure that community users cannot see chat messages that are attached to cards that they cannot see, so there is a requirement on #153
When creating and updating a card, I would expect the card's timeline to credit the user who initiated the create or update action to be the actor
shown on the timeline. Instead the actor for update
and create
cards is always the actions user.
This makes using the timeline as an audit trail impossible, as we can't tell which user did what.
User write permission should be checked client side to determine if an action on a card is available or what fields on a card can be edited.
At the moment, suitable lenses are detected automatically. We should change this so that lenses are specified by the view card
It would be very useful to extend json-schema to support semver
and semver-range
formats
Currently, you can only add fields to a card that are defined in that card type's schema.
Currently, logged in users can change other users passwords
await sdk.card.update('USER_ID', {
data: {
password: {
hash: '6dafdadfffffffaaaaa'
}
}
})
After logging in, the following warning can be seen in the console
Warning: a promise was created in a handler at http://localhost:9000/bundle.js:144116:16 but was not returned from it, see http://goo.gl/rRqMUw
at new Promise (http://localhost:9000/bundle.js:17705:10)
at getGravatar (http://localhost:9000/bundle.js:584:12)
at Gravatar../lib/ui/components/Gravatar.tsx.Gravatar.load (http://localhost:9000/bundle.js:616:9)
at Gravatar../lib/ui/components/Gravatar.tsx.Gravatar.componentWillReceiveProps (http://localhost:9000/bundle.js:607:22)
at callComponentWillReceiveProps (http://localhost:9000/bundle.js:92665:16)
at updateClassInstance (http://localhost:9000/bundle.js:92905:9)
at updateClassComponent (http://localhost:9000/bundle.js:94118:22)
at beginWork (http://localhost:9000/bundle.js:94755:16)
at performUnitOfWork (http://localhost:9000/bundle.js:97587:16)
at workLoop (http://localhost:9000/bundle.js:97616:26)
at renderRoot (http://localhost:9000/bundle.js:97647:9)
at performWorkOnRoot (http://localhost:9000/bundle.js:98222:24)
at performWork (http://localhost:9000/bundle.js:98143:9)
at performSyncWork (http://localhost:9000/bundle.js:98120:5)
at requestWork (http://localhost:9000/bundle.js:98020:7)
at scheduleWorkImpl (http://localhost:9000/bundle.js:97895:13)
at scheduleWork (http://localhost:9000/bundle.js:97855:12)
at Object.enqueueSetState (http://localhost:9000/bundle.js:92417:7)
at Connect../node_modules/react/cjs/react.development.js.Component.setState (http://localhost:9000/bundle.js:145193:16)
The purpose is to be able to expand it to perform queries based on the timeline of a card.
See https://www.flowdock.com/app/rulemotion/p-cyclops/threads/YWRCmqSqxS-0SYrYa5_MXX3ftd3
Th jsonSchema.filter
method is using the removeAdditional
option in AJV ( https://github.com/epoberezkin/ajv#filtering-data ), which, when combined with user permissions allows us to whitelist fields. This is very useful for doing thing like stopping users from viewing other users password hashes.
At the moment, not every query result gets run through the filter function which means there may be cases where a malicious user could see data they are not meant to ( getElementBySlug
, getElementById
etc)
UI state stored in localstorage should be treated as untrusted and validated on load
At the moment configuration like Type cards is stored in LocalStorage and only gets reloaded if you logout and log back in again. This data should be refreshed on page reload and automatically via a socket connection.
There is a good guide for testing React + TypeScript using Ava and Enzyme here https://semaphoreci.com/community/tutorials/testing-react-components-with-ava
utils.waitForMatch
can hang indefinitely if a matching card is created whilst the stream is initialising. To resolve this, a query for matching cards should be run once the stream is initialised, similar to how the actions server does it.
You should be able to create new views, or extend an existing view
We need to add error handling for sockets and API requests
This can be particularly useful to determine, client side, what type of card we should create given a certain active view.
When adding a new chat message, its created twice
Currently there is no message shown if you enter the wrong login details
If a user cannot view a card they should not be able to view any cards that are attached to it.
For example a card of type repo
can have cards of type update
, create
and chat-message
cards that target it. If a user cannot view the repo
card, they should not be able to see any of these cards.
Currently, when a query is run, we filter the results on the server using JSONSchema.
This solution won't scale well and we need to be converting JSONSchema directly into Reql queries.
Users should be able to use @
to mention other users. Messages they are mentioned in should be shown in a new view
If a view has multiple groups available, the user should be able to choose between them
At the moment, its not obvious that signup has worked. Additionally we should make sure you can't signup with the same email/username
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.