search

k5o / flashcards

Flashcards WebApp developed in Sinatra during Week 5 of Dev Bootcamp
0 stars 2 forks source link

Late Night Thoughts #5

Open k5o opened 11 years ago

k5o commented 11 years ago

Some minor stuff:

  1. Would adding the "clear_last_card" method to the GET of the profile page allow it so that if a user exits out of a quiz, and then begins a new one, it won't retain the stats of his old, incomplete game? (As it currently does)
  2. We have incomplete validations, lol
  3. There's still that security issue where logged-in users can view other users' pages. This may not be a BUG perse (seeing other players' profiles is reasonable), but the text in that case shouldn't be e.g. "Welcome, not@you.com" when your e-mail is obviously different.
  4. Should show results for last card before wrapup
  5. @deck = Deck.find(deck).cards.shuffle in the play method (called in the view each time) means the deck gets shuffled every time, I think this can just go in start round, and just persist that @deck as part of the session instead?
parksilk commented 11 years ago

James and I added some code last night that should have made it so that if a logged-in user went to another user's page, it would just show the logged-in user's info. Not sure why it's back to the less-secure way, though.

Sent from my iPhone

On Mar 18, 2013, at 12:07 AM, Kevin notifications@github.com wrote:

Some minor stuff:

Would adding the "clear_last_card" method to the GET of the profile page allow it so that if a user exits out of a quiz, and then begins a new one, it won't retain the stats of his old, incomplete game? (As it currently does)

We have incomplete validations, lol

There's still that security issue where logged-in users can view other users' pages.

This may not be a BUG perse (seeing other players' profiles is reasonable), but the text in that case shouldn't be e.g. "Welcome, not@you.com" when your e-mail is obviously different.

— Reply to this email directly or view it on GitHub.

k5o commented 11 years ago

Yeah didn't mean to email spam everyone through github, just adding some notes because I'd like to eventually go back and polish the flashcards after DBC or something. I actually didn't test the security and just assumed it was still there, my bad.

On Mon, Mar 18, 2013 at 12:32 AM, Park Silkenson notifications@github.comwrote:

James and I added some code last night that should have made it so that if a logged-in user went to another user's page, it would just show the logged-in user's info. Not sure why it's back to the less-secure way, though.

Sent from my iPhone

On Mar 18, 2013, at 12:07 AM, Kevin notifications@github.com wrote:

Some minor stuff:

Would adding the "clear_last_card" method to the GET of the profile page allow it so that if a user exits out of a quiz, and then begins a new one, it won't retain the stats of his old, incomplete game? (As it currently does)

We have incomplete validations, lol

There's still that security issue where logged-in users can view other users' pages.

This may not be a BUG perse (seeing other players' profiles is reasonable), but the text in that case shouldn't be e.g. "Welcome, not@you.com" when your e-mail is obviously different.

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHubhttps://github.com/heyimkko/flashcards/issues/5#issuecomment-15042226 .