From be4d2e53b4777b224308d5d688b712f8ec1e139d Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Sat, 25 Apr 2020 22:22:13 +0000 Subject: [PATCH] --- ayanova/devdocs/todo.txt | 54 +++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt index 78d4b170..e309b78c 100644 --- a/ayanova/devdocs/todo.txt +++ b/ayanova/devdocs/todo.txt @@ -68,33 +68,7 @@ CURRENT TODOs -todo: Fix the above, then retest on all devices locally to ensure it's working properly - - -todo: have a look at ordering the file list in attachments - - people might want to see them in order or not. - - when doing an image the ipad just calls it image.jpg, could be more than one how to find in the list - (or they should just make a note maybe) - - -todo: User options input photo? - - and show the photo on the list menu and in internal message etc? - - Not critical but flashy for sure - - Could be part of a feature to show the client the tech's image somehow? - - Maybe it's a case for v.next - -todo: have a look at this: devices and sensors specs - https://www.w3.org/wiki/DAS/Implementations - https://wpt.fyi/results/?label=experimental&label=master&aligned - -todo: session tracking to prevent logging in from multiple devices with same account - - right now if I login as same user on another browser the download token becomes invalid on the first computer - - so wiki images don't load etc - - Perhaps we track the download token or something during certain requests to server so it can return a 403 and redirect to login if they are on another session - - or maybe the download route should return the not authenticated response to force login again - - maybe part of JWT session key of some kind that must be current to work to prevent multiple logins -todo: Look at attachment saving code on server, should it zip? todo: THIS! At this point, upload to dev server and thoroughly test with devices, it seems a bit slow at times @@ -106,6 +80,7 @@ todo: careful and thorough PERF tests remotely and local todo: after attachments - DATADUMP - v7 wiki to RAVEN markdown - https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3468 - Need to export images and attached docs as attachments + todo: Datadump EXPORT and RAVEN IMPORT of all attachment / wiki stuff - v7 attached files, internal documents all handled - Code it now @@ -117,14 +92,37 @@ todo: EventLog Processor at server has TWO! separate skip and take portions in t todo: Can't hide custom fields on widget form? (no code to check if it's hidden?!) - maybe because each individual field can be hidden in it so if they are all hidden then nothing shows? -todo: look at geolocation api and adding that into a field - https://wpt.fyi/results/?label=experimental&label=master&aligned + +todo: Look at attachment saving code on server, should it zip? + - pros and cons? todo: change trial detection route that client first hits - make it a different controller and renamed to something like server ping or "hello" or something friendly and useful - maybe the route that gets Notifications - because there could be a notificatoin type that doesn't need logged in users for general server down announcements etc +todo: session tracking to prevent logging in from multiple devices with same account + - right now if I login as same user on another browser the download token becomes invalid on the first computer + - so wiki images don't load etc + - Perhaps we track the download token or something during certain requests to server so it can return a 403 and redirect to login if they are on another session + - or maybe the download route should return the not authenticated response to force login again + - maybe part of JWT session key of some kind that must be current to work to prevent multiple logins + ACTION: + - First determine if this is a bad thing or should be supported to some degree. + - like, maybe user is in more than one tab at the same time? + - or, maybe user is signed in at office and on road and needs both up?? + - Is there *any* reason to support this considering users can just make as many accounts as they need to ensure no overlap. + - what could go wrong other than dl tokens? + - See if jwt gets sent back to server with the dl token, if not, consider adding it somehow so can ensure it's still valid at server + - if not valid then sends a 401 not authorized + + + + + + + + TODO: PRIORITIZE THE FOLLOWING BLOCK AND move INTO appropriate STAGES ****************************************************************** (these items came up looking through the raven priority 1 cases for general UI stuff)