################################################################

$RCSfile: TODO.txt,v $

Author: Craeg Strong

$Date: 2003/04/18 03:10:45 $

################################################################


ExternalFile is a fully compliant Zope Product, according to the "Zope
Developer Guide":http://www.zope.org/Documentation/Guides/ZDG

There are a great many possible features we could add to ExternalFile.
I have separated them into three categories: high priority, nice to
have, and blue sky.  Feedback is greatly appreciated, both on new
feature ideas and bugs, and on their relative priorities.

Priority Items

  - Security::

     Create a facility whereby ExternalFiles must be created within a
     set of allowed directory(ies), specified in

     etc/allowedDirectories.txt

     For example:
     #
     # helpful comment goes here
     #
     /     # allow everything
     #
     
     Or:
     #
     /home/webserver/public  # public stuff
     /archive/repository/    # read only dir full of downloaded PDFs
     /space/temp             # temporary area for testing
     
     Or:
     #
     c:\Documents And Settings  # docs dir
     
     - the create dialog will list the current set of allowed
       directories, but not allow changes (changes must be done by
       hand to the txt file)
     
     - there is no default for allowedDirectories.txt I will ship it
       with no entries, meaning that the product is effectively
       disabled by default
     
     - If no directory is set, ExternalFile.py will raise an Exception
       at Zope startup time, indicating that at least one allowdir
       must be set The exception report will include appropriate
       instructions
     
  - Integration with Python Scripts

Nice to Have 

  - Allow an administrator to restrict ExternalFiles to only accept
    certain mime types, or to disallow certain types

  - Different mime types should use different icons.

Blue Sky

  - Do webDAV locking like the real DTMLDocument does.  Subclass
    DTMLDocument?  Or wait until Zope3?

  - Make ExternalFile into "ExternalizableFile?"  ExternalizableFiles
    can be made external or not, and changed on the fly.  This can
    support a development process where files are normally stored
    inside the version control system (via the file system) but at
    some point the file is "released" and given an official version.
    This version should be frozen/uneditable.  A nice way to do this
    is to copy it into the ZODB and disable editing.

  - Support for ZCatalog/PrincipiaSearchSource should do the right
    thing based on mime type.  Should include support for "pluggable"
    converters for full text search (for example XML files omit tags),
    field search and keyword search (for example grab XML metadata or
    MS Word metadata or HTML META tags).

  - Intercept the Zope copy command to warn the user that the "copy"
    being made is only a copy of the pointer to a file, not the file
    itself, and that subsequent edits to either object will modify the
    contents of _both_ (i.e. shallow copy). This is a good idea
    because most Zope users expect _contents_ to be copied (i.e. deep
    copy).
