0.2.2 Feature request list

This document is for historical reference only.

Documentation

General design

• Implement persistent sessions!
• Plugin system with menu templates (added 0.2.1, thanks @lilfade)
• Create templating system to generate forms and tables (added 0.2.1, via bootsole
• Overall abstractification of backend layers to make modifications less tedious
• Try implementing a Prolog-driven approach to access control rules? Would be too slow and prone to unintended consequences

Authentication

• Admin can allow users to log in via email address instead of username (added butterflyknife)
• Add OAuth support, for users to create accounts and log in via Facebook/Google.
• Prompt user to change password on first login #236

Security

• Eliminate temporary passwords, use reset link instead
• Deploy CSRF tokens on all forms
• Add "bulletproof sessions" as per http://blog.teamtreehouse.com/how-to-create-bulletproof-sessions.
• Admin control over session timeout
• Add rate limiting on register/login attempts, and password hash compare against known weak passwords #224

Frontend Design

• Allow user list page to filter by column contents. Paginate if user list becomes very long.
• Upgrade to Bootstrap 3.2, fix CSS for nav bars to work with 3.2.
• Gravatar support (should be pretty easy, see https://en.gravatar.com/site/implement/images/php/)
• Add group description field.
• Switch over to the onvert all .click() items for dialogs into .submit() and add appropriate form elements.
• Possibly switch over to the jQuery Forms plugin
• Endless scroll and server-side pagination. Filter by group membership, other advanced criteria.
• "Remember me" feature
• Graph for new users/day, signins per day, etc
• Timezone support
• Deploy the bootstrapvalidator plugin (https://github.com/nghuuphuoc/bootstrapvalidator) for client-side validation (as opposed to our own, clunkier validator).

Language support

• Standardize all site messages using MessageStream
• Add more languages

Admin tools

• Add ability for admins to add/remove user account fields, without having to modify code.
• Add ability for admins to do a "password reset" on user accounts.
• Add ability for admins to enable/disable captcha.
• Add ability for admins to bulk add/remove users from groups.
• Add ability to easily copy auth rules from one group to another.
• Expand authorization feature to control other types of resources besides actions (e.g. links, templates, images, etc).
• Log in as another user #197.

Data flow

• Consolidate server-side validation using Fortress (https://github.com/alexweissman/fortress)
• Continue improving error-handling and rendering system. Two types of errors: "immediate" and "after reload". Do we still like the idea of having an "error stream" api (user_alerts)?
• Auto-redirect to last visited page on login

Database structure

• Break user table into users and user_events?
• Detect edit conflicts - concurrent update/delete management
• Use an ORM so as to support other DB types (sqlLite, etc) Decided against - too slow and cumbersome. But it is easy to extend the Model for other databases.
• Persistent DB connection? Bad idea b/c connections can be externally closed

Other ideas

• PM System - ( https://github.com/lilfade/UF-PMSystem - Needs to be fixed )
• Server-side JS?
• Profile management per user
• Online Users (shows logged in users navigating the site in the last X minutes)
• SMTP mail system
• Invite System #151