forked from maxjustus/sinatra-authentication
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
53 lines (46 loc) · 3.16 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
TODO:
ensure all calls to new in adaptors are equivelant to "find or create by"
- this is done in the Tc adaptor, and essentially works in Dm adaptor
because I validate the uniqueness of email
implement some way to allow for the creation of users with different
permission levels in an untamperable manner. Perhaps with some secret key
that must be sent in the form
- look at other permissions systems for some feature ideas
- add a config method that you pass a hash for configuring it's behavior
- secret signup urls
- account activation through email
- ?implement a session store which isn't cookie based
- turn on sessions unless they're already on
- randomize the session key on every installation?
- clean up adapters
- write simple attribute declaration method for TcUser
- condense the adapters down to the simplest solution that could possibly work
- right now it's like I have two seperate goals, both which are important
one is to write a simple ORM for rufus tokyo, the other is to create a simple adapter
for different database backends. I think it would be better if I made the datamapper adapter more abstract
and the api simpler, and then changed the way the controllers and views work to interface with the more abstract and simpler adapter.
maybe make the adapter class called UserAdapter, and then TkUser and DmUser become User. All my controller method calls go to UserAdapter
but then for people wanting to talk to the model, they just use User, since they aren't dealing with multiple backends and thus don't need
a creepy adapter.
- make site admin work the same for dm and tc, because I like how permission == -2 is site admin, then you could set a user as site admin instead of it being limited to the first user created
and they wouldn't be deletable.
or maybe I just make a heirarchy for that so users with lower permissions can't delete users with higher.
just remember, this is supposed to be a simple authentication solution
- for the User adapter
- add pagination to all
- serious cleanup of rufus_tokyo_user.rb
- add virtual attribute declaration
- add validations
- remove the object syntax method_missing? and stick to hash accessors?
- or rather then use method missing, dynamically create class methods based in the contents of the hash?
- or create a validator tool for hashes. hash.valid?
- change User to AbstractUser and DmUser and TcUser to User
- add error messages for failed logins and stuff
- PROBLEM the way I have method missing working right now, it doesn't behave the same way I've documented, since I use it for attributes
- throw configuration errors on startup
- investigate why sinatra_auth doesn't seem to work unless it's the last thing required..
- add facebook connect
- using facebooker and frankie
- using the same method as datamapper vs tokyo in that the functionality is only included if the libraries are required
before sinatra_auth is.
- when a user signs in using facebook and doesn't have an email specified, an email field is included in the edit form.