Tests shaping up nicely.

Over in group unit tests we can now create batches of test that test most anything and can be run in sets from tagrooms organized by tags. (This is where tags are really useful)  It’s a really nice integrated test system that only has one small hook in common code all the rest is loaded on demand. We can continue to expand it with tests to cover all parts of the system.

It also allows editing the tests directly from the thoughts (delving right down into the code) with a pop-up full feature code validating and syntactical colored javascript editor (similar to the ones for the quads in admin but for javascript). You can create and edit tests very easily on the fly, no IDE or site access needed. Just need the right-edit-scripts on your account.

This is the prototype for a full plugin development system.

Password same as administrators. right-edit-scripts required to actually delve on and edit the tests.

Comments


Seth says

just asking wink

i signed on to group administrators … so how do i get “right-edit-scripts” access?

 

Holmes says
Exactly that, you asked.
 Wanted you to see what others see when they don’t have the right first … so you the wizard know all the ropes.

Right now I will just put the entry in the quad table directly. Soon there will be an admin page for rights.

Holmes says
Okay. You should have the right now. :)

Seth says
nathan 2016-02-03 11:46:32 [item 19848#44460]
Did you get to delve into code yet?
gonna go try it now … was catching up on this active site...making a pineapple banna peanutbutter smoothie got me behind.

Seth says
could i write a script that retrieves from the db and displays a result in the thought?

Holmes says
seth 2016-02-03 12:01:24 [item 19848#44464]
what puts the “run” buttons on a thought?
They come from the features of the !test live reference. They appear in multi-rooms since the mocha test harness is a singleton and can only run on individual pages. All the run button really really is is a link to a single page view for that thought and then the test runs automatically.

The run all button is created by the script right there with it, which you can click and view.

p.s. The script live references are only appearing in full due to the thoughts being in draft mode. In published mode you would only see the script output, not the script reference or the file edit path.

Holmes says
Ha ha. That was  a trip. I was adding a comment when you put the thought into draft mode. When I saved the comment the whole screen was just blank. Presumably the comment is there through, no logic would have prevented it, only the display of draft thoughts outside your group.

Holmes says
If you want me to participate with you on scripts, you will need to work in a group we share.

Si says
Due to your experience with the [ !script ] reference I revised things a bit. That reference is primarily for sharing script code between thoughts. The point of using an external name.js file is so that the code can be shared … basically to create sharable plugins.

If you just want to put a script in a page, to do some little useful thing, or just to be a freak, you can do that now simply by using the <script> html tag in the editor. Obviously you must use source view for this or you will be creating text, not a html tag. Also, only those with right-edit-scripts can do this, otherwise the editor filters that tag.

A practical example of this could be to insert the current date. I could put
<script> document.write(new Date()) </script>
in a page and show the current date at that spot. Here, I’ll do it now.

as you can see, this does work in comments whereas the plugin version does not because it is simply edited there. I don’t see any value in allowing full scale plugins to be active in comments so the extra cost of parsing comment text for them can be avoided.

However, you could include .js files simply by using the src= attribute on the script tag if there were good reason to do so. A script included that way would not have all the plugin environment hooks and variables available, but it would “do what it wilt”, whatever that may be.
 
-- do not thread this comment or it may loose it’s date --

Si says
seth 2016-02-04 07:32:38 [item 19848#44506]
yes i like this at in Renton, WA
LOL … you could have just said “now”, because it always will be~!

Notice I CAN thread this because I am God.  

Seth says
Mark 2016-02-04 08:08:11 [item 19848#44515]
nathan 2016-02-04 07:13:41 [item 19848#44505]
There is one caveat to using the <script> tag. I don’t check for them before an edit and don’t really see that I should. If someone without right-edit-scripts edits your thought or comment your <script> will get filtered away.

Hence, this ability is only useful where all people able to edit the thought or comment have that right. This seems reasonable to me. The purpose of these abilities are to allow developers and administrators to create special pages and features, not for everyday authors to turn their pages into “myspace” looking pages.  

Edit: just now added this so things can’t get lost. If you attempt to thread the above comment and do not have right-edit-scripts, like you Mark, you will be duly notified of your error in cognizance.  
Mark 2016-02-04 07:57:02 [item 19848#44511]
pondering
so me, the wizzard of the domain, have said this at Thu Feb 04 2016 08:05:29 GMT-0800 (Pacific Standard Time) in Renton.   Now Mark, please continue the train and see what happens.

looks like that did not totally work bug.   the threading got lost.   mark, what did you experience?  can’t tell exctly based on what got left behind. 

Mark de LA says
Mark 2016-02-04 08:08:11 [item 19848#44515]
nathan 2016-02-04 07:13:41 [item 19848#44505]
There is one caveat to using the <script> tag. I don’t check for them before an edit and don’t really see that I should. If someone without right-edit-scripts edits your thought or comment your <script> will get filtered away.

Hence, this ability is only useful where all people able to edit the thought or comment have that right. This seems reasonable to me. The purpose of these abilities are to allow developers and administrators to create special pages and features, not for everyday authors to turn their pages into “myspace” looking pages.  

Edit: just now added this so things can’t get lost. If you attempt to thread the above comment and do not have right-edit-scripts, like you Mark, you will be duly notified of your error in cognizance.  
Mark 2016-02-04 07:57:02 [item 19848#44511]
pondering
so me, the wizzard of the domain, have said this at Thu Feb 04 2016 08:05:29 GMT-0800 (Pacific Standard Time) in Renton.   Now Mark, please continue the train and see what happens.
Mark 2016-02-04 08:08:56 [item 19848#44516]
laughing
Mark 2016-02-04 08:10:55 [item 19848#44517]
pondering
dA 2016-02-04 08:13:01 [item 19848#44519]
I guess I will have to fix that bug that allows Mark to copy and paste and then edit stuff. He does it all the time even though he knows it is not a right thing to do. Notice that the dates no longer change. This is not a true edit, just a copy and paste.
I don’t do it “all the time” , but IS a valid test laughing

Seth says
dA 2016-02-04 08:25:57 [item 19848#44523]
What I can do though, is fix it to either zap attempted pastes of thread content, or restyle them to look completely different, so that people know that you are reworking their content.
seth 2016-02-04 08:42:04 [item 19848#44531]
do we need to make incremental changes in the way dialog works … or maybe wait untill we can make a revolutionary new one entirely different?
dA 2016-02-04 08:46:53 [item 19848#44534]
Well, I haven’t bothered with that fix yet for basically that reason. But though Mark says he doesn’t do it all the time, I have seen several other times he has done it and it even inspired a rwg game with you Seth a time or two. Do you want it blocked? It is not that hard to detect pasted thread content and change it’s styling classes or just zap it.
well i don’t think its worth spending time on now because of that.   i would like to assume that if i just ask mark not to edit my comments he will respect that. 

Seth says
Mark 2016-02-04 08:20:59 [item 19848#44520]
I think you should also de-authorize the delete trashcan.  I copied the original. deleted the old & added a couple of emoteys to the thread. QA stinkfinger strikes again. 
smug
dA 2016-02-04 08:23:39 [item 19848#44522]
yes, I followed your trail. But I can’t take the or trashcan away for authorized group memebers. the model allows anyone in the group to delete things. If you don’t play nice, you should be expelled from the group, that’s the model. you are not finding a QA bug, your just breaking group ediquite rules.
Mark 2016-02-04 08:29:43 [item 19848#44524]
I thought you didn’t believe in rules. QA your own stuff & let the real customers eat it & threaten them to make sure they chew it well. yesthumbs uprose
dA 2016-02-04 08:30:38 [item 19848#44525]
I doubt their egos will request such food. Seems to mainly be your diet.
Mark 2016-02-04 08:35:00 [item 19848#44526]
take some of your own advice see: 16833 rosethumbs up
dA 2016-02-04 08:36:40 [item 19848#44527]
Sometimes I feed you because you are there begging like a dog for it, like now. Often I don’t. You don’t notice when I don’t.
Mark 2016-02-04 08:46:19 [item 19848#44533]
Yep the RWG is more powerful then LOA! Q.E.D. laughing
dA 2016-02-04 08:49:42 [item 19848#44536]
The RWG is based on LOA. It is a prime example of LOA in action. It shows how a vibration has momentum and continues to attract that like itself. LOA also shows exactly how to stop it, if desired. Tolle’s method is a very good one, and LOA based, but LOA teaches others too.
“vibration has momentum” … yes … aka habit smug

Holmes says
nathan 2016-02-04 07:45:27 [item 19848#44510]
Also as to security. Anything someone could do in a <script> tag they can also do right in their javascript console.

Everyone thinks <script> tags are evil … but then they are forgetting that absolutely anything, and more, that anyone can do in a <script> tag they can also do in the console that comes with every browser now.
seth 2016-02-04 09:15:50 [item 19848#44542]
Interesting … so the only reason why we need the extra restrictions on writing scripts, is so somone cannot put mischief in their posts that affects others.  they can only do whatever in their own browser, but then that will only affect what they see, not what others see.
Yes. That’s it.

Holmes says
seth 2016-02-04 07:35:49 [item 19848#44507]
Can somone with script access write a retrieval from the db, perhaps using ajax or jquery or whatever?   In other words what is the scope of power?
nathan 2016-02-04 07:39:42 [item 19848#44508]
They can attempt to, but nearly all (all the ones I explicitly wrote) server side receivers also check the cookie for rights and proper authorizations before doing anything. As I have said many times though, the system needs a full security review to make sure all possible holes are plugged … especially ones in fbi1 code.
seth 2016-02-04 08:38:05 [item 19848#44528]
i was also interested in the new capability for calling up data from the server … not just the hacking hazard.

For example, if i have the rights to do so, can i get back a list of thoughts with coupons and show them in a table containing the through number with the date it was created?  In other words can i show ad hock queries in a thought?  … assuming of course that i know the server receiver and how to write the query.
dA 2016-02-04 08:41:25 [item 19848#44530]
Yes of course. That is basically what a plugin is. That’s what the plugins that create the group tables in admin etc do. That is the prime reason for this feature, to allow developers to create value added dynamic content.
seth 2016-02-04 08:47:38 [item 19848#44535]
okay, got it. 

I assume we are not limited to the script being executed whenever the thought is displayed.  So we will be able to put a button on a thought that executes a script when anyone who can see it, clicks it.  right?
dA 2016-02-04 08:53:12 [item 19848#44538]
Well you said that kind of weird, because if you can’t see a thought, you can’t see the button either. But essentially yes, you can put a button in a thought and have clicking on it do things outside the scope of that thought.
seth 2016-02-04 09:01:24 [item 19848#44540]
pondering hmmm…

So wizzard could put a script in an open group that would disclose private matters from another group.  Anyone in the open group could see the secrets.   Not that wizzard would ever do that. 
dA 2016-02-04 09:16:47 [item 19848#44543]
Well, essentially yes, at least as far as the rest of the normal scoped permissions allow. But that is why this is a administrator level feature too.

For plugin development, I envision a plugin development sandbox domain, where plugin developers can work out their plugins. Then they can submit their plugin for review (much like the apple app model) and if approved, then the plugin can be included in a plugin library for distribution via other considerations based on gaming, purchase, etc.
seth 2016-02-04 09:22:53 [item 19848#44545]
yes

i’m also thinking that the “server recievers” must enforce the confidentiality of information … and that there should be no way to even write a script that could bypass that regardless of where the script is put or who writes it.

maybe you already implied that … just feels good for me to say it myself smug
I always write code that way as much as possible and I am sure it is fairly good to that effect. But there is no way to be absolutely sure without a focused security review, identifying all possible paths, and a test suite to verify. Security review and testing is a normal step on the public release checklist for most software.

Seth says
seth 2016-02-04 09:27:21 [item 19848#44546]
so are the “server recievers” kind of our API ?
dA 2016-02-04 09:33:06 [item 19848#44548]
In a since. A private and loosely defined API. Usually the word API is reserved for contained channel with specific and documented methods and often it is made available to the public or vendors. But they function in a similar way.
like