Re: [Semanticscuttle-devel] Privatekey

[Christian W. <cw...@cw...>]

Hi Mark,



> Christian, I've updated privatekey with the following changes:
> 1) I added an enable checkbox to allow user to enable/disable the
> Private RSS feed.
That's a good addition since it allows people to easily deactivate
their private key without manually deleting the key.

I saw that you added a second column beside the private key;
enablePrivateKey. In my eyes this is not necessary since that
information can be transmitted in the private key column - when it's
empty/NULL, it's deactivated. Please change that.

> 2) I took out the ajax call in profile.php - I ran into some issues
> with trying keep the javascript for those who use it.  Didn't think
> it was that big enough of a deal to worry about it.
Fine with me.

I've got a little special configuration on my dev system:
> $sitename = 'b"m.bo\'go';
The site name here contains both single and double quotes, something
that helped me discovering quite a number of quoting/escaping bugs. It
seems that you double-htmlencode the title in the rss feed so that I
get
> title="b"m.bo'go: (private) b"m.bo'go"
instead of the 
> title="b"m.bo'go: Recent bookmarks"
as it is for the normal feed in the HTML head. Also add a newline
before the private <link> so the html looks cleaner. You also do not
escape the & in the link before privatekey=, which makes the page fail
to validate.

There is no fail message when an unknown privatekey is used.
SemanticScuttle should send a status 400 (Bad request) with an
explanatory message.

The user's bookmark list does also not contain a privatekey feed link.
I think that all pages that link feeds should also link the
associated private feed (i.e. useful when someone wants to bookmark a
search that may contain private bookmarks).

And unit tests are a must here:
- fetch feed with private key, do the private bookmarks appear?
- same without priv key
- are the private feed links on all relevant pages when logged in and
  the user has a private key?
- same for logged out -> no private links
- same for logged in bug no private key -> no private feed links


> 3) on a separate commit, I took a stab at updating the getBookmarks()
> function to make the queries a little more efficient.  The base of the
> problem was doing both a GROUP BY and an ORDER BY in the same query
> (as well as the use of multiple tables on the same query).  I got
> spoiled on Oracle because it tends to be a little more efficient.
> MySQL as well as other RDBS's don't optimize it enough to make it
> very efficient.  So I tweaked the queries to get around some of the
> issues.  I haven't tested it on MySQL 4 so I can't confirm if the
> query will work on that version.  There was one component that I
> couldn't make more efficient and that is searching by a tag, or by a
> user, or searching.  Those queries are simply too complex to make
> efficient.  However, they are fast if there is only a small
> resultset. Anyway, outside of doing a full redesign of the data
> tables, this is the best I could come up with.  My last commit
> contains the updates to the user table and the bookmarks table.  I
> simply added an additional index on the bookmarks table to help with
> the query.  Please let me know if you have any questions.

Do the tests do still run? I get a bunch of errors when running them.
Please also do that in a different branch; we're using one branch per
feature which makes it easier to merge the relevant features in the
master branch later. Just imagine that the private key feature is
ready, but your sql optimizations are buggy but we want to release a
new version. If we have clean feature branches, we just merge the ones
that are ready and are done. Currently this is not possible since an
unfinished feature is in the same branch as the other one.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-