admin more control. You can now track running tasks, resume stalled
tasks, cancel running tasks, and remove finished tasks.
Added graphics::compose() as a placeholder for future watermark
operations.
Added CSRF protection to maintenance urls.
the database. They're started with admin/maintenance/start/[task_name]
which sends down some JS/HTML which regularly pings the task at
admin/maintenance/start/[task_id] until its done.
The UI is still very rough. It works, though!
1) they now have their own matching severity constants
2) they both have convenience functions success(), info(), warning() and error()
3) they both have severity_class()
communicate. Almost all controllers now use JSON to speak to the
theme when we're dealing with form processing. This means tht we only
send the form back and forth, but we use a JSON protocol to tell the
browser success/error status as well as the location of any newly
created resources, or where the browser should redirect the user.
Lots of small changes:
1) Admin -> Edit Profile is gone. Instead I fixed the "Modify Profile" link
in the top right corner to be a modal dialog
2) We use json_encode everywhere. No more Atom/XML for now. We can bring those
back later, though. For now there's a lot of code duplication but that'll be
easy to clean up.
3) REST_Controller is no longer abstract. All methods its subclasses should create
throw exceptions, which means that subclasses don't have to implement stubs for
those methods.
4) New pattern: helper method get_add_form calls take an Item_Model,
not an id since we have to load the Item_Model in the controller
anyway to check permissions.
5) User/Groups REST resources are separate from User/Group in the site
admin. They do different things, we should avoid confusing overlap.
their results, as opposed to having them return their view back
upstream. This is a little more code in every controller, but it's
much less magical and more consistent.
Look up the active_theme and active_admin_theme inside the view
itself, no need to do that in the controllers. This makes view
initialization easier in the controllers.
1) Deleted in-place-editing. We'll be replacing this with a real edit
system that groups settings together and is more coherent.
2) Tweaked the way that dialog boxes work to get the ajax stuff working
again. It's imperfect and does not work properly for uploading images.
This is going to get redone also, but this is a good resting point.
3) Created edit forms for albums and photos. Moved _update and _create out
of Items_Controller and into the individual subclasses.
4) Created access::required which is a shorthand for:
if (!access::can(...)) {
access::forbidden();
}
5) Added validation rules to Items_Model
6) Converted login to use the regular modal dialog approach in the theme.
1) If the create request is Ajax, then return a 201 Created response code
2) If we receive back a 201 response, then switch to the new page.
3) Display a status message when we do an upload.
Track a set of rules in Graphics_Rule_Model which specify how we turn
original images into thumbnails and resizes. There's one set of rules
that applies to every image in the Gallery.
Track the state of thumbs and resizes with a "dirty" bit. The new
graphics helper manages the rules and can rebuild the thumbs and
resizes for any images that are considered "dirty".
Introduce the concept of an "album cover" which is an item that an
album points to. We'll use that item as the source for the album's
thumbnail/resize.
Conflated with this change (sorry!) I also changed the Var table to
use module_name instead of module_id. This may be marginally less
efficient, but it's much easier to follow in the database.
Each module now has a "module.info" file that has information about
the module, including the core. We can display the installed version,
and the version in the code.
Also take a first shot at a modules admin page.
1) They must all start with "admin_". This pattern is not directly
routable.
2) Their urls must be /admin/xxx.
3) The Admin_Controller will take the xxx and look for Admin_Xxx_Controller
and will delegate to that admin controller, after doing security checks.
Moved the users and dashboard views into individual modules for now.
just items viewable by the active user. Ie:
ORM::factory("item")
->where("name", "foo")
->find_all()
Would get all items with the name "foo".
ORM::factory("item")
->viewable()
->where("name", "foo")
->find_all()
Restricts it to just the set of items that the user is allowed to see.
Instead, use the level and the name to get a short list of candidates,
and check each one of those. In most cases, this query should give us
the right result the first time.
