admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-05-13 00:31:14 +00:00
parent 884649562d
commit 61e6f27b21
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
devdocs/todo.txt
View File

@@ -29,7 +29,6 @@ todo: Routes should check rights *BEFORE* they fetch the object, not after, all
i.e. delete route instantiates biz object, then it fetchs object from db *then* it checks if they have rights to delete (generically, not specific to that object)
This is out of order as it triggers a db call even if they have no rights to do it
todo: all biz objects "ExistsAsync" is this required / necessary?
todo: add query fail logging to datalist just like done with picklist so in production can catch mysterious problems more easily
todo: AUTO ID GENERATOR
change to a dedicated spot in global rather than inferring as it is not right practically for reasons
@@ -66,5 +65,18 @@ todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHEN
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
todo: Look into 2fa
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
todo: look into how to use an SSL certificate with the RAVEN server directly when not behind nginx
- this should be supported by default out of the box working with Let's encrypt ideally
- is it now considered ok to host .net core web api directly internet facing?
todo: onboarding and default manager account password
- Need to come up with a safety plan for this so people don't leave it at default
- Maybe the very first thing required of a user is to change the password before any tasks can be performed
- Server stays in safety lock until they set a password?
- Or maybe a random password is generated on seeding and somehow provided to user through console or something?
- Maybe an empty db if no other users can be set password only so no one has made a hidden backdoor user account before ops changes it?
- maybe tied to license if licensed so they bring some info they have from rockfish / their license purchase or something?
- don't want it to be onerous too much and have some very inexperienced users so...
- see what other programs do, like our forum software
todo: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.