zyxist / cantiga Goto Github PK

Create a RESTful API to fetch the data about approved areas and routes. The API shall have a possibility to extract only the changed records since the given moment in time.

Current PHPUnit version does not support the PHP7 constructs and uses an old, outdated API.

In addition, the whole test suite must be rewritten from scratch to drop the dependency on the database.

Trimming of CoreBundle is ongoing. We want to have the functionality of Application texts moved to a separate bundle.

Other bundles shall access all application texts via interfaces from Cantiga\Components\Application.

Copy-paste error from routes.

As a result, there is no way to select a language using _locale flag.

Affected pages are the public EDK pages.

Add the area filter for the routes and registration settings. The filter shall be present in the group and project workspace.

In the area request list visible in the project, we display just the public e-mail of the authors of the requests, if the user remembered to turn on the visibility for the project.

Currently, those fields are reset to the most restrictive settings, and 95% of users do not know that they should actually increase them to get meaningful information. The solution could be to change the default settings:

• populate public e-mail with the default e-mail of the user,
• change the default visibility to "For project members only".

The validation of input for invitations is missing. It worked, because usually browsers blocked sending null data, but if not, we get Error 500.

In the user profile, there is a spare place to display the user activity. Create an extensible subsystem to record the user activity and display it in the given place, filtered against certain criteria:

• show user activity in this project,
• show user activity in this group,
• show user activity in this area,
• show overall area activity,
• show overall group activity,
• show overall project activity.

Create a viewer for the messages from the participants. The viewer shall be available for the area workspace, and would allow setting the status for each message and "taking" the message to answer.

The data tables in the panel are not embedded within a DIV that allows them being responsive. As a result, they do not scale if the screen size changes, and we cannot i.e. hide certain columns. Wrap all the data tables in the necessary DIV to improve the UI experience.

We have an increasing number of features that duplicate similar functionality across project, group and area workspaces. The screens are almost the same, and there are only minor differences. However, the existing workspace solution requires a separate controller for each workspace which forces us to use traits etc. in order not to duplicate the code.

We can also think about changing the URL format, because right now the same resource can be accessed from different places under different URL-s. This will cause problems with the emergence of discussion board, etc. when people from different workspaces would work on the same resource.

Professional mailing services (e.g. Mailgun) bill their users for the number of sent e-mails. The administrators of Cantiga shall be able to set limits for the number of e-mails sent by particular projects, to ensure that the budget for mailing is not exceeded.

Each project, group and area shall have a mail limit: the limit of e-mails the members of the place can send. In addition to the default limit that is granted, when the place is created, it shall be possible to grant mail packs that increase the limit. All the granted packs shall be recorded, and the full history shall be available to the administrators.

The design shall allow introducing the system for buying new mail packs directly by project/group/area leaders in the future.

When we send an invitation to user X in the place Y, and there is an identical invitation in the database, we get an unique constraint violation. The code does not check whether the invitation has already been added.

The place shall have a panel that allows:

1. compose and send new e-mails to the given distribution list,
2. view the sent e-mails with the status information (author, date, etc.)
3. show the "progress bar" that indicates the usage of the granted mail limit

In the area request creation form the user selects the territory for the area. However, it is not displayed anywhere in the project panel.

1. QueryBuilder shall be kept in the Cantiga API as a part of Cantiga\Components.
2. There shall be some unit tests for this component.

Implement a configurable state machine for changing the area status. The change itself will be done by spawning a cron task.

Currently there is no way to find it, even for admins. Sometimes it is useful.

Check if the presentation of the geographical position of the area can be more deterministic and consistent with the pattern in the hint text. I think that this is a browser issue, and the fact that we rely on default formatting pattern for numeric fields.

As a result, changing the status is not recorded as a modification (according to modification time), and such an area won't be exported to the external system.

Introduce an additional text displayed under the chat in the area request preview.

why?
https://www.leaseweb.com/labs/2014/02/aes-php-mcrypt-key-padding/
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong
https://defuse.ca/secure-php-encryption.htm

consider replacing it with openssl or (better!) use a good wrapper like https://github.com/defuse/php-encryption

If our project (A) is a continuation of an older project (B), the user shall be able to import his/her area created in B project, with all the data.

Use case: the user wants to continue the area in the new project. He does not want to enter all the data again.

Add some unit tests for ImporterService from the core bundle.

Create a statistical screen with charts related to courses.

Add a statistical screen with charts related to routes:

• route length histogram,
• route ascent histogram.

Creating an initial implementation of a discussion board:

• categories,
• multiple levels of forums,
• creating topics (regular, pinned and announcements),
• writing posts,
• basic moderation options: deleting posts, closing topics, deleting topics.
• forum structure management.

It is safer, especially for Polish users, where comma is used for marking decimal parts of numbers.

The code specific to EDK project shall not be a part of the generic Cantiga distribution. It was originally done just for convenience, but now it's the right time to separate.

The task is to use git subtree to split /src/WIO directory as a separate repository and write a general-purpose tutorial on how to integrate customizations with the generic code base without loosing the ability to pull commits from the generic repository.

composer.json:

{
    "name": "Cantiga Project",
-     "license": "MIT",
+     "license": "GPL-3.0",
    "type": "project",

The distribution lists may be quite big, and contain thousands of e-mail addresses. The task of sending the e-mail shall be delegated to some external process working in the background in order not to block the threads responsible for serving the HTTP traffic.

Explore the available solutions, choose one and implement. The chosen solution might utilize Cron or a background process, and it must allow further integration with Rackspace Mailgun.

I know personal preferences may be crucial but following PSR-2 on opensource symfony-based project would be good for contributing.

The main issue I see here is using tabs and when you look through the code on github you'll notice it is inconsistent because leading spaces are here or there (tabs on github are expanded to 8 for default so you can easily spot the difference).

There is a great tool, Sensio CS Fixer, http://cs.sensiolabs.org/ which helps keeping the code in a good shape. You can run it with --level=symfony to ensure it follows the same CS as Symfony or use prs2 setting to ensure it's psr2 compliant.

Later, I suggest creating a .editorconfig file in the root of the project, it is recognized by major IDEs and code editors (either native or by plugin) and allows consistent encoding, tabs, and other preferences for source projects. More on this: http://editorconfig.org/

For this project I suggest the following:

root = true

[*]
end_of_line = LF
charset = utf-8

[*.php]
indent_style = space
indent_size = 4
insert_final_newline = true

[*.yml]
indent_style = space
indent_size = 4

[*.json]
indent_style = space
indent_size = 4

[*.twig]
indent_style = space
indent_size = 4

[*.md]
trim_trailing_whitespace = false

of course it can be tweaked for future other file formats.

In the ACP, there should be a possibility to search users via login or e-mail, too.

http://codahale.com/how-to-safely-store-a-password/
https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded
and so on...

security:
    encoders:
        Cantiga\CoreBundle\Entity\User:
-             algorithm: sha256
+             algorithm: bcrypt
-             encode_as_base64: true
-             iterations: 0
+             cost: 12

and of course, reset current user passwords.

Symfony already requires ircmaxell/password-compat package which provides password_hash, password_verify and password_needs_rehash for PHP < 5.5 but you can explicitly require it in your composer.json.

Currently, membership information is spread across three tables: cantiga_project_members, cantiga_group_members, and cantiga_area_members. This makes the management complicated:

• you must choose the table name and proper name of the key field prior to accessing the data,
• 3 SQL queries to obtain user membership,
• hard to collect information about the projects the user is associated with (e.g. by being a member of a group), needed for the new contact data manager.

There is a table cantiga_entities, that contains basic, common information about every project, area and group. New membership table should link directly to it.

Impact on a system:

• invitation code to be updated,
• membership code to be updated,
• profile viewing code to be updated.

Group and project members cannot edit EDK routes due to the bug in the entity. The editing form contains the Area field that allows to change the assignment of the route to the area. However, in the entity this property is disabled for editing and it throws an exception, when the form engine tries to update the entity state.

Add an extension that will display the routes in the given area information page (groups, projects).

Current privacy module is extremely limited and causes many problems. Because there is no global user registry, the satisfactory boundaries of the personal data visibility are projects, groups and areas, with the restriction that the lower units can't see the data of the members of the upper ones.

Project members shall be able to view e-mails sent by group and area members.
Group members shall be able to view e-mails sent by area members.

Write unit tests for the stuff in Cantiga\CoreBundle\Api\ExtensionPoints namespace.

We are being flooded by some files we do not use, but are expected by browsers etc.

The mailing module shall allow sending e-mails only to predefined distribution lists. Distribution list is an algorithm that selects the e-mail addresses that will receive the given message.

Cantiga shall:

1. expose an API that allows the bundles to add new distribution lists to the system,
2. provide a set of default distribution lists, e.g. to send e-mails to all the area leaders.

In addition, the project shall have a panel for:

1. viewing the available distribution lists,
2. adding additional descriptions to them,
3. enabling or disabling given distribution lists for given types of places.

It seems that there is a problem in the calculation of the number of areas in the groups. I'll change that to recount it.

Implement an editor for the registration settings for routes.

The editor shall be available in project, group and area workspaces.

Currently, the list of available areas does not have any filter. We should install AreaFilter there to allow selecting areas via status, territory, group or category.

The user reported that there's a problem with downloading route maps in JPG format (cannot download the file).

CourseBundle - the text course:list:area is displayed on the course list only, if this is a system-wide text. Project-specific text does not work despite the fact that we have an access to Project instance.

Create the initial bundle structure for the mailing module, and register it in the framework.