incubator-allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <brond...@users.sf.net>
Subject [allura:tickets] #4019 Add an easy way to filter ticket queries by open/closed without knowing Solr syntax
Date Fri, 03 Jan 2014 21:50:54 GMT
For UI polish, I think we should make it fairly similar to the earlier image attachment, like:

* expand the list of choices
* center it near the column
* probably make it a floating dialog, so it can be narrower (to help with centering) and taller
(to see all the expanded choices)
* icon on column header, so users know clicking will offer some options.  This unicode char
looks good to me and widely supported on desktop browsers: http://unicode.johnholtripley.co.uk/25BE/
 We may want a different icon or modified icon to put on columns that have current filters.

In the code:

* In `search_artifact` the fields & values in `fq.append` should be quoted and/or escaped.
 [c70e94f] was a similar fix, but a broader solution might be needed
* The `get_facets` method isn't clear to me what's going on right away.  I came across the
test case for it later and it is good and does help a lot.  Perhaps I might add a comment
like `# drop "_s"` to the `name[:-2]` line, but not a big deal.
* in `ticket_search_results.html` avoid `<div style="clear:both;"></div>` if you
can help it.  I know its around in many places, but its old and not good practice.
* having `{{filter|safe}}` in an html file makes me nervous.  It seems that is set as `filter=json.dumps(filter)`
in `paged_search` which is called via controllers and widgets, so it is actually safe currently,
but those two lines are far apart and if in the future anything changed in between them that
could insert dangerous JS, that'd be a security hole.  I think `{{h.json.dumps(filter)|safe`
in the html file would work, and that'd be much better IMO.
    * However, that's not the end of the story.  Even JSON isn't actually safe, see http://jsfiddle.net/kEkQ3/
for example.  The browser finds tags and parses that into the DOM before parsing the JS. 
We need a helper function to change `<` to `\u003C` or `\x3C` e.g. http://jsfiddle.net/kEkQ3/1/
if we want to put user-provided data into a JS var.

Excellent work on adding the right entries in LICENSE and rat-excludes.txt


---

** [tickets:#4019] Add an easy way to filter ticket queries by open/closed without knowing
Solr syntax**

**Status:** code-review
**Labels:** 42cc 
**Created:** Fri Apr 06, 2012 01:04 PM UTC by Patrick Lenz
**Last Updated:** Fri Dec 20, 2013 10:09 PM UTC
**Owner:** nobody

If you search from the "Search Tickets" form in the upper left and get an overwhelming number
of results, it often times helps to just weed out either open or closed tickets (depending
what you're looking for). I'd love a way to just add that filter with a click instead of redoing
the search all over remembering the appropriate Solr syntax and whether or not I need to add
`&&`.


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message