This is just a collection of ideas, notes, resource and less important stuff. Please refer to the issue tracker at http://artweb-design.lighthouseapp.com/projects/13992-adva_cms/overview TODO make article.allow_comments more easy to read like this? article.allow_comments? => true/false; article.allow_comments = true/false script/spec -O spec/spec.opts vendor/adva/engines ruby stories/run.rb [glob_pattern] rg test/run.rb [glob_pattern] ruby spec/run.rb -O spec/spec.opts spec vendor/adva/engines ------------------------------------------------------------------------------ [theme] separate login and admin/login pages (same thing, different layout) ? [feature] admin section: have an activity center/dashboard where engines can register their widgets (partials) to. e.g.: "x comments are awaiting your approval", "Please change your administrator password!" etc. [fix] wiki categories aren't that common. should be available, but probably not by default. possible solution: have a section setting "manage categories for this section"? that would even allow to manage categories per Section, but requires to explicitely turn it on. [theme] microformat everything: hcard, hatom git commit -a --author "mseppae " # missing specs [specs] controllers: spec various error conditions like record not found [specs] spec usage of xss_terminate in one place (so that one can easily see which attributes get filtered and which don't) [specs] spec assets [specs] spec widgets # resources viking http://github.com/technoweenie/viking/tree/master defensio http://blog.teksol.info/2008/3/4/mephisto-defensio-refactored-to-patterns acts_as_snook http://github.com/rsl/acts_as_snook/tree/master mollom http://mollom.com/features ruby-mollom http://github.com/DefV/ruby-mollom/tree/master authentication http://authentication.rubyforge.org/ apache multisite config http://www.appelsiini.net/2007/6/mephisto-multiple-site-config /public/cache/www.example.org/ # users [feature] ajax users online feature? [feature] have a config option to allow users to register for all sites or per site (?) # forum use categories to model sub-forums + forum lists? use a separate Board model for sub-forums? recent posts list feeds hot topics topic activity since last visit (highlight topics that have changed since the user read them last) hits ? monitorship for forum topics, wikipages, blog articles etc. moderatorships => role :moderator add a description and description_html to sections? list forum moderators? refactor to generic actions that check permissions and then delegate the command to the target model? current_user.act :create, :topic, params[:topic] (or something like that) this is what tentacle does: create_table "monitorships", :force => true do |t| t.integer "profile_id" t.integer "topic_id" t.boolean "active", :default => true t.timestamps end generally: breadcrumbs validation on has_many :through join tables: def uniqueness_of_relationship if self.class.exists?(:profile_id => profile_id, :topic_id => topic_id, :active => true) errors.add_to_base("Cannot add duplicate profile/topic relation") end end # activity [fix] deactivate activity tracking for associated objects when section, article etc. is deleted (?) [feature] observe user registration, deactivation .... [feature] observe section, category, asset creation etc. # general [enhance] how to move observer config from environment.rb to init.rb? # themes [enhance] decouple admin interface through using a themeable instead of site [major] add liquid layer (drops + helpers) (?) ยป add an ActionView Liquid template handler? [major] port a simple liquid theme and test it with drops (?) # content [major] add attachments for wikipages (are they also in beast?) # Rails got bitten by this for the second time now: def caches_page(*actions) # return unless perform_caching page caching is turned off globally test_1 requires class MyModel caches_page :foo end no after_action is added test_2 turns page caching on and requires class MyModel (which was already loaded, so requiring is skipped) still no after_action added so page caching does not kick in Asset Helpers: apparently they need a server restart to rebuild a cached file when it got deleted Currently there's no method to expire compiled templates. http://pastie.org/private/2vqi8gnfwfepjtb3mz6aa Lifo says Rails edge makes it easier Role::Admin.new :object => nil seems to run into SystemStackError with: class Role belongs_to :object, :polymorphic => true class Role::Admin < Role force certain after_actions to be run even if the filter chain has been halted: :after_action => :bla, :force => true section.articles.maximum(:position) returns nil when table is empty. shouldn't that be 0? ActionController::Base#layout can't be restricted to certain formats, can it? (see BlogController + feeds) section.radio_button :type, type (and other helpers) should create an id="section_type_blog" even when the section is a blog (i.e. that's an STI related bug) wikipage routing/controller: change :id to :permalink ... doesn't seem to work with resources http://dev.rubyonrails.org/ticket/6814 => wontfix http://archive.jvoorhis.com/articles/2006/08/01/announcing-resource_hacks => seems to break url_helpers def to_param "#{username.gsub(/[^a-z0-9]+/i, '-')}" if self.username end # better_nested_set add before_move and after_move hooks to better_nested_set # cacheable_flash make cacheable_flash behave transparent (do not clear flash after writing it to the cookie) rational: controller specs should work and controllers behave correctly not matter if the plugin is installed or not after_action won't be called when the filter chain is halted. maybe an around_action is a better choice? # rspec [patch] changed to following. ask for a patch: Spec::Rails::Example::ControllerExampleGroup.class_eval do def params_from(method, path, env = {}) ensure_that_routes_are_loaded env.merge!({:method => method}) ActionController::Routing::Routes.recognize_path(path, env) end end PROJECT ---------------------------------------------------------------------- Website Design Documentation overview-level tech-level howtos Plugins Themes Mailinglist Bugtracker + GitHub RESOURCES -------------------------------------------------------------------- Themes http://quotedprintable.com/pages/scribbish http://mad.ly/about/ http://powazek.com/posts/516 http://powazek.com/depo-skinny http://warpspire.com/hemingway/ http://wordpress.org/ http://www.bestwpthemes.com/ http://railsgrunt.com/ http://labs.reevoo.com/ http://haddock.org/ Research other CMS features wordpress movable type http://railfrog.com/ http://slateinfo.blogs.wvu.edu http://opensource.bitscribe.net/page/Bitswiki (wiki) http://almosteffortless.com/eldorado/ (forum) http://www.rubyinside.com/community-engine-rails-plugin-that-adds-social-networking-to-your-app-901.html http://somerandomdude.net/srd-projects/bitcons/ http://somerandomdude.net/srd-projects/clearbits NOTES ------------------------------------------------------------------------ check http://josevalim.blogspot.com/2008/06/easy-http-cache.html http://github.com/josevalim/easy-http-cache/tree/master check http://ultraviolet.rubyforge.org/ check http://code.bitsweat.net/svn/redirect_back check http://code.bitsweat.net/svn/implicit_respond_to check http://rubymatt.rubyforge.org/mailtrap/ for mail-related dev check Google Syntax Highlighter ? check http://jquery.com/blog/2008/06/09/jquery-ui-v15-released-focus-on-consistent-api-and-effects/ check http://github.com/rpheath/input_css/tree/master check http://github.com/rtomayko/rdiscount/tree/master (RedCloth replacement in C) check fleximage http://github.com/Squeegy/fleximage/tree/master check http://github.com/walf443/classx/tree/master check http://github.com/tokumine/awesome_nested_set/tree/master # Spam protection Users should be able to add and configure custom spam filters easily. Users should be able to configure the applications response to spam filter results flexibly. Spam filters can be registered to the application (e.g. from a plugin). There are built-in spam filters for Akismet and Defensio as well as a Default Filter. For a Site (maybe later: for a Section) one can activate and configure which spam filters are active. One can also change the order in which the spam filters will be run. When a Comment is created a spam filter chain is assembled and run. Each filter can add to the spam analysis results. The results are then accumulated to a final spaminess value. The individual analysis results can be saved for statistical reports. Filters can decide to halt the execution of futher filters on certain conditions. E.g. when the user is logged in with a certain role a filter might skip executing additional filters and report a spaminess of 0. After the filter chain has been run the application judges how to handle the comment. It might be approved, pushed to the moderation queue, marked as spam or even deleted. In any case when a Comment is eventually marked as ham or spam by either the application or the user every filter is given the chance to report back to their backend if the spam status does not match their initial analysis. class Comment acts_as_spam_report_set end acts_as_spam_report_set has_many :spam_reports attr :spaminess def add_spam_report(filter, result) spam_reports << SpamReport.create! :priority => filter.priority, ... end def update_spaminess sum = spam_reports.inject(0){|report, sum| sum += report.spaminess } self.spaminess = sum / spam_reports.size end class SpamReport attr :priority attr :engine attr :spaminess attr :data end # Sanitizing input contact xss_terminate developer regarding improvements/refactorings http://code.google.com/p/xssterminate/ http://actsassanitized.devjavu.com/browser/lib/acts_as_sanitized.rb http://code.google.com/p/sanitizeparams/ http://safe-erb.rubyforge.org/svn/plugins/safe_erb/ http://code.google.com/p/xss-shield/ http://www.ruby-forum.com/topic/133285 http://blog.thinkrelevance.com/2008/1/17/never-untaint http://blog.thinkrelevance.com/2008/1/9/is-your-rails-app-xss-safe # Dependency/reloading issues collect User(#34074500) expected, got User(#13312670)