When distributing plugins they often require static data to be setup to function correctly. While this can be handled in the postSetup function, it isn'/files/ in its storage directory which are loaded automagically.
So far to big issues arise:
The order in which the data is loaded is crucial. Mostly this is the order of the modules which is typically dictated by their references. However self-referencing modules also require the order of the individual entries to be correct.
...
Add a configuration option to "store"/files/ are used in the session. Currently it always store this information which clutters the session and is other than being displayed in the backend completely useless.
Cross-Site Request Forgery (CSRF) are request to the server initiated from other websites. Allowing this is potentially dangerous as the request piggybacks on the existing session on the server if it's ran from the same browser (imagine 2 tabs, 1 logged in on the server, the other with a malicious site that sends a request to the server).
The most suitable way to prevent this seems to be Synchronizer Token Pattern
(STP) which effectively requires a unique token to be sent...
JAS should support Redis (http://redis.io/) next to (or maybe even instead of memcache) . What client should be used (see http://redis.io/clients#php)?
Loading the initial configuration (when setting up the session) take too long. This should be cached (automagically detecting the cache method, i.e. mem, module, file) on a project by project basis and any subsequent config loads should use the cached version.
To reduce dependency on Apache (and thus opening JAS up for other webservers) the htaccess+modrewrite rule should be moved to JAS. This also allows the configuration to more easily enable/disable the functionality.
Currently JAS uses the Data field values to build up the WHERE clause in the SQL query (and Storage::_filterDataset) in a straightforward but limited way. It should be possible to get data via a more flexible method that allows for advanced nesting.
Example:
SELECT *
FROM blog_entries
LEFT JOIN blog_tagsmapping ON
blog_entries.nr=
blog_tagsmapping.blog_entries --automagically determined based on where clause
LEFT JOIN blog_tag...
JAS should support PostgreSQL (and optionally other databases). The post sensible way seems to be to have a base SQL class which contains the majority of the query components (SELECT, INSERT, UPDATE, DELETE, FROM, WHERE, ORDER BY, etc) which can be overridden by the extending classes.
An interesting option would be to use PDO for the base class as this will support more than just MySQL and PostgreSQL. Additionally it allows for "named variables" for prepared statements which should m...
Currently when setting the 1:* reference field value the MySQL use referenced field instead of the ID field of the referenced module. Using the former is rather useless since that's effectively the ID field of the original module.
So change:
FROM `module`
LEFT JOIN `referenceModule` ON `module`.`nr`=`referenceModule`.`referenceField`
WHERE referenceModule
`.`referenceField
`="123"
To:
FROM `module`
LEFT JOIN `referenceModule` ON `module`.`nr`=`referenceModule`.`referenceFi...