roymiles / cms-server Goto Github PK

• Used in ErrorResponsesManager
• Needs to add to the database.

• Going for custom. Too much limitations with FOSUserBundle (Plus Id instead of id :P)
• Using Site references in all other tables with -1 as the local site

Instead refer explicitly to the object/module

• security will be split into login/registration

• Users will be privileged to perform certain Actions (foreign key)
• When an action is requests, system will check if User has these privileges or is in an appropriate UserGroup that does

Using CamelCase convention for all variables, tables etc.

• Every word most have a capital first character even if its only 1 word
• Move all Entity classes into same folder and adopt ApiUsers, ApiXXX convention

• http://www.sceditor.com/ seems promising

• Links to the parent documentation up until it reaches the root (documentation with no parent)
• Root link (home) does not have a parent documentation page

https://github.com/FriendsOfSymfony/FOSOAuthServerBundle

• It will be more maintainable and secure for authenticating api requests
• Remove sessions table as would be redundant

Test the following actions:

• Unauthenticated user attempting to access restricted page (and for authenticated user)
• Login system with valid/invalid credentials
• Registration system with valid/invalid details
• Logout system
• Reset password system

Don't spend too much time on it Cover the main requirements of the system.
... For example, a test suite to see if the login system works with a long username and a valid password with the CSRF token manipulated is too specific!

Symfony built in validation with annotations seems very flexible

• http://symfony.com/doc/current/validation.html

Validation performed in service managers (eg UserManager add(array $Options) method)

• https://github.com/FriendsOfSymfony/FOSCommentBundle/
• Seems to be very flexible

see: http://stackoverflow.com/questions/39321604/500-status-code-for-symfony-functional-test/39321624

• Want to merge them all together

github.com has a cool 404 page - https://github.com/404

Why? Because would be difficult to completely customize the FOSUserbundle.
We don't want username and email field to be unique across all sites. Just across individual sites.
Logging in, registration is done with a different protocol for site users and external users.
etc..

Traditional login form may be useful

Setup: https://github.com/nelmio/NelmioApiDocBundle/blob/master/Resources/doc/index.rst
Annotation Documentation: https://github.com/swagger-api/swagger-core/wiki/Annotations

• This will be used for all responses to ajax requests
• http://fabien-d.github.io/alertify.js/

see http://symfony.com/doc/current/validation.html

Tried http://stackoverflow.com/questions/16679146/force-footer-on-bottom-on-pages-with-little-content

http://symfony.com/doc/current/event_dispatcher/before_after_filters.html

See: https://knpuniversity.com/screencast/guard/api-token

http://phppot.com/php/php-mysql-inline-editing-using-jquery-ajax/ - Might be useful

• Use custom themes and bbcodes
• http://www.sceditor.com/

It could prove annoying in the future considering the PHP is following a userId type convention and database is user_id

AJAX request should return a json error response
Web request will return the appropriate HTML error page

This will include all the methods required to rank results based on a query

• XSS protection is important

• Add methods to AuthenticationManager
• Add another entity for LoginAttempts that store the Id of the user and the timestamp of the login request
• If more than 3 login attempts made within 1 minutes, block the account for 10 minutes

Use https://github.com/jenssegers/optimus to encode all ids from database

• All controllers should be in one place Api/ directory is confusing
• Using bbcode rather than markdown now