120 lines
9.1 KiB
Plaintext
120 lines
9.1 KiB
Plaintext
todo: add query fail logging to datalist just like done with picklist so in production can catch mysterious problems more easily
|
|
TODO: BizRoles.cs seems to get hammered on every single request, is it efficient?
|
|
- Why is it not cached in some way?
|
|
- Look into Lazy initialization (i.e. private static readonly Lazy<IDictionary<string, string>> mappings ....etc)
|
|
|
|
todo: CHANGE TO A DEDICATED SPOT IN GLOBAL RATHER THAN INFERRING AS IT IS NOT RIGHT PRACTICALLY for reasons
|
|
Get the auto-id most recent values at boot time
|
|
internal static void SetMostRecentAutoIdValuesFromDatabase(AyaNova.Models.AyContext ct)
|
|
todo: search tables in schema, I think there is a missing index here, need to look at the search query section again as it was changed several times from the original schema creation
|
|
TODO: API REFACTORING (note: workordercontroller / biz should be following all these rules so it's the template if need reference)
|
|
todo: consider and then get rid of PATCH in all routes
|
|
unless compelling reason to keep
|
|
Would there be a place in the UI where I would want to patch part of an object?
|
|
Because I already ditched that for the workorder which is the heaviest and most patchable object in the bunch
|
|
if I change a name would I patch it or just put the whole record?
|
|
supporting it only for the use of third party users is not a good idea
|
|
todo: consider renaming ConcurrencyToken to a shorter string?
|
|
todo: all api route parameters, post object sb "newObject", put="putObject"
|
|
IN BIZ TOO
|
|
todo: all api routes, re-arrange code in controller in this order POST (and postlike such as duplicate), GET, PUT, DELETE for consistency and logicality
|
|
BIZ TOO
|
|
todo: all api route URI's sb lower case with dashes if necessary (use plural noun scheme)
|
|
https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#organize-the-api-around-resources
|
|
todo: Controllers should not need to know about databases
|
|
refactor code so controller never fetches or deals with saving an object, all that is biz responsibility
|
|
todo: Routes should check rights *BEFORE* they fetch the object, not after, all routes affected
|
|
i.e. delete route instantiates biz object, then it fetchs object from db *then* it checks if they have rights to delete (generically, not specific to that object)
|
|
This is out of order as it triggers a db call even if they have no rights to do it
|
|
todo: all biz objects "ExistsAsync" is this required / necessary?
|
|
|
|
todo: Search get search result for workorder descendents doesn't fit into existing system due to it being a biz object wide feature but workorder having sub-get results
|
|
- CHILD objects need to point to their parent and be readable in code for searching and for opening objects based on child object
|
|
- so all child objects need a typeandid of the immediate parent
|
|
- Not sure where to document this so putting it here for reference
|
|
- Required for opening a search result of a descendent that is not directly openable an
|
|
- Need parent AyaType as an ENUM ATTRIBUTE in the AyaType table for easy traversal
|
|
|
|
|
|
todo: some kind of ops specific event log or system that triggers alerts to ops people, I guess notifications would be the word I'm looking for...
|
|
- Once that exists a lot of backfilling needs to be done for example attachment files missing notification etc etc etc
|
|
todo: api / server landing page is shitty on a mobile
|
|
and really just shitty, add a logo or some shit
|
|
todo: Should server show uptime somewhere?
|
|
todo: VET translations
|
|
- There are still a large number of non translated items in the non english stock languages
|
|
- Make it easy to dump the local storage translation text for vetting the translations (at the client did I mean?)
|
|
- Login as each language, exercise the entire UI and then dump all the translation text that was fetched from the server and look for non english words
|
|
todo: BACKUP & related stuff that should be in v.initial release https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3369
|
|
todo: there are several outstanding AUTHENTICATION related cases in rockfish for RAVEN
|
|
e.g. https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1924
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1835
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1998 <---this is an important case for consideration
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3367 <--time limited accounts for support or temporary access?
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2059 <--- time restricted accounts so user can only login during business hours (still to be considered)
|
|
2fa stuff, some logging and lockout stuff
|
|
Go through the auth related cases and notes in client side and implement or close
|
|
todo: 2fa? (if not in first release, is there something needed to support it in future dbwise?)
|
|
todo: Auth Backdoor reset password feature
|
|
how to code it here, pretty easy to do:
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
|
|
|
|
TODO: HOw is it that I'm able to login and view widgets while the server is seeding?
|
|
- is it because I'm logging in with full ops rights?
|
|
- shouldn't it be locked out for any non-ops actions?
|
|
- maybe if get server closed return value from any operation then
|
|
check if user has ops rights, if so go to ops server status page directly
|
|
if not then go to ops server status page...?
|
|
need an ops server status page!
|
|
- There should be some kind of client UI that handles this like an overlay on screens where there is no access or a redirect to an no-access page or something
|
|
|
|
todo: Server ops EMAIL address for server to send health messages to!!!!
|
|
- also maybe whatever other methods people use these days (text?)
|
|
- Boot config setting
|
|
- maybe this should be mirrored as a setting in global biz admin as well because the biz admin needs to know about critical server issues or impending doom of the server (disk space etc) just as much as OPS
|
|
- also OPS people are not always trustworthy
|
|
|
|
todo: Log configuration into server log at startup? https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3523
|
|
|
|
todo: Event log pruning
|
|
- at least make a case for it, it's going to be needed if not in the first release
|
|
todo: add a post backup maintenance job (or very long periodic built in job that rarely runs) which does the following:
|
|
Search dictionary: Auto remove orphaned words https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1878
|
|
TODO: Is there a log that records past jobs, how long can they be viewed?
|
|
TODO: Rename the link to AyaNova App on the server page to just "AyaNova"
|
|
TODO: translation cjkindex, no way to set this value currently
|
|
TODO: Licensing - make sure tech type use license works properly: a tech license is consumed if a user has **any one** of the four roles of TechFull, TechLimited, SubcontractorFull, SubcontractorLimited
|
|
TODO: JobsBiz::Create -> should log an event in order to be able to see who created a job, but maybe not for automatic internal jobs
|
|
TODO: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.
|
|
TODO: UNLOCALIZED TEXT
|
|
- Look for old translation text keys that were not translated, there are more than a few keys that were added later to v7 and never translated out of english.
|
|
- Some may never be used so be careful about this.
|
|
- Unused keys won't be taking up any bandwidth so maybe this is a non-issue but you never know if I might need something in future as well so...tricky, maybe this is a 2.0 thing
|
|
|
|
todo: hang trial off of App.ayanova.com or make that domain and put a landing page there because it's going to be needed for self host eventually and trials now
|
|
|
|
-------------------------------
|
|
MAYBE??????????
|
|
|
|
??: Built in automatic job available that will regenerate sample data on a timer for display purposes. Maybe need a board with a variety of built in automatic jobs to choose from to enable or not since there will likely be others.
|
|
|
|
|
|
-----------------
|
|
FUTURE
|
|
|
|
TODO: API RATE LIMITING / THROTTLING (NOTE: THIS IS MOST IMPORTANT WHEN GET INTO SELF SERVE / HOSTING)
|
|
- Return code 429
|
|
- Going to need rate limiting to save people from themselves
|
|
- Have this link from solutions.txt about this: https://github.com/stefanprodan/AspNetCoreRateLimit
|
|
- All the big api's have hourly limits on requests and also limits on total data throughput per hour
|
|
- (minute as well which actually makes more sense since it means they would only be down for a minute if they exceed it) too
|
|
- Find out what others do
|
|
- Twitter: https://developer.twitter.com/en/docs/basics/rate-limiting
|
|
- Zendesk = 100 requests per minute max
|
|
- https://developer.yammer.com/docs/rest-api-rate-limits
|
|
- Good developer info here: https://medium.com/clover-platform-blog/conquering-api-rate-limiting-dcac5552714d
|
|
- Would be nice to have a switch to set for if we host as maximum rates they pay for maybe
|
|
- On the other hand it's likely a can of worms and maybe it's best they pay for their own hosting and we just set it up or something?
|
|
- but then it's going to be hard to self serve them where it's all done easy peasy unless we host
|
|
- Maybe it's a cadillac problem that can wait?
|
|
- Maybe DigitalOcean has rate limits we can set for the entire server and just mention it as a hard cap to customers |