Log table can fill up quite a bit, so it would be nice if it would clean up automatically. Multiple ways of doing this but the most logical seems to be to remove everything older than X days (configurable). A similar approach already exists for cache cleanup which simply the "next clean up time" and checks every time whether it's passed it and if so removes everything older than X.
The downside of this is that (currently) it uses the session to maintain the "next clean up time" which means...
When switching projects via the APIs it does load the new project but overwrites the current session (clearing the login etc). Depending on the scenario this may be desired behavior however it seems more logical to take a similar approach as how the backend handles multi project sessions.
Moreover it seems debatable whether switching projects with the APIs is something that should be allowed on a project basis. If project A allows it but project B doesn't then there's no way to switc...
When distributing plugins they often require static data to be setup to function correctly. While this can be handled in the postSetup function, it isn'/files/ in its storage directory which are loaded automagically.
So far to big issues arise:
The order in which the data is loaded is crucial. Mostly this is the order of the modules which is typically dictated by their references. However self-referencing modules also require the order of the individual entries to be correct.
...
Cross-Site Request Forgery (CSRF) are request to the server initiated from other websites. Allowing this is potentially dangerous as the request piggybacks on the existing session on the server if it's ran from the same browser (imagine 2 tabs, 1 logged in on the server, the other with a malicious site that sends a request to the server).
The most suitable way to prevent this seems to be Synchronizer Token Pattern
(STP) which effectively requires a unique token to be sent...
Currently when setting the 1:* reference field value the MySQL use referenced field instead of the ID field of the referenced module. Using the former is rather useless since that's effectively the ID field of the original module.
So change:
FROM `module`
LEFT JOIN `referenceModule` ON `module`.`nr`=`referenceModule`.`referenceField`
WHERE referenceModule
`.`referenceField
`="123"
To:
FROM `module`
LEFT JOIN `referenceModule` ON `module`.`nr`=`referenceModule`.`referenceFi...
JAS should support JSON parsing and rendering which in turn can be used for a full-fledged read/write API. The JavaScript HTTP class should be extended to support this as well.
Currently only the initial installation is foreseen, however upgrades should be easy to install as well. This could be handled in a similar fashion as plugins, i.e. download the latest version and upgrade JAS using the backend.
The JAS backend should have a filter section to more effectively drill down in the data. the filters should be automatically generated based on the module (similar to the CMS). Text fields should have a inline dropdown with available values (like the search box).
Additionally it should remember the last set filters if the user comes back to the page later. This will require a "Reset" button to set all values to their defaults.