"Bare Tiki" is a project to improve Tiki to make it great for use cases that need next to no features.
One of the 3 Rules is "Make it Optional". However, some of the features can't be turned off. As a community, let's review this, and confirm for which ones we should create a new preference, so they can easily be turned off.
Why?
- Security: If a vulnerability is discovered, you can only be affected if the feature is activated.
- More suitable for some use cases: For example, you want to use Tiki as an Identity provider. You don't want content features. You just want user management. As of Tiki20, there are some features which can't be turned off in Tiki.
- GDPR, HIPPA, or other compliance, as well as possible ISO standard qualification :
- "For Muhib, one of the main issues with low code platforms is the governance of the applications themselves. Anyone might be able to design an app very quickly, but not everyone might be familiar with the requirements of GDPR or HIPAA and how the app might violate compliance with these. These applications, he says, may also not be easy to secure and could create unintended vulnerabilities in the infrastructure of an organization." source
- example GDPR: OnlyOffice
- example HIPAA: OnlyOffice
Who
- Scott Tresor (leading development on this project)
- Roberto Kirschbaum (coach)
- luciash d' being 🧙 (providing guidance)
- Marc (providing guidance)
- Michael Imbeault (providing guidance)
- You?
Major Features
That need a preference so we can turn them off:
- There should be a pref for comments that turns off all comments, and this panel: tiki-admin.php?page=comments (see how it's done for blogs as an example)
- Modules could be optional
- Profiles could be optional
- i18n
- Maps
- Feeds
- Tiki Connect
- Stats
- Packages
- RTC
Social networks
When the feature is off, it should not render the proprietary og:
and twitter:
meta tags in the page source like:
<meta content="Baretiki" property="og:site_name"> <meta content="Baretiki" name="twitter:site">
Minor Preferences
(Sub-)Preferences of the main features like Wiki related preferences etc.
- CodeMirror syntax highlighter:
var syntaxHighlighter
gets loaded even when not used? - jQuery TreeTable JS and CSS loaded on every page even when not used (used only on
tiki-objectpermissions.php
?) -
lib/query_tiki/pluginedit.js
is loaded on every page even when the pref Allow plugin-specific edits is disabled
User Information Display
For example: https://dev.tiki.org/tiki-user_information.php?userId=1
Should be optional preference too. See related wish list item: https://dev.tiki.org/item5982
System Menu
Menu ID 42
- External Feeds
- External Wikis
- Mail Notifications?
- Scheduler - when the
feature_scheduler
is off it should not display the option in the Settings submenu - Tiki Importer
- Tiki Logs
- Toolbars could be optional
- Transitions
- phpinfo
To discuss
Wiki
- Rename is not optional - could be
wiki_page_rename
pref
Print Settings
There could be apps where print settings are not needed.
Membership
- tiki-admingroups.php has settings like
- Membership expiry Anniversary
- Number of Days
- Pro-Rate Membership
These should be active only if the feature is activated.
Perhaps one pref feature_membership
?
Decided to keep as a non-option
Major features
- Groups
- Log in /Log out
- Look & Feel
- Menus
- Performance
- Permissions
- Security
- Tiki Cache/Sys Admin
- Users
- User Settings
Minor features
to keep always on (e.g. when major feature is enabled)
- Edit (like wiki page editing; depending on edit permissions of course)
- Plugin Aliases
- Tiki Check (aka Server Fitness link on the General control panel)
- What else?
Questions