"Bare Tiki" is a project to improve Tiki to make it great for use cases that need next to no features.

One of the 3 Rules is "Make it Optional". However, some of the features can't be turned off. As a community, let's review this, and confirm for which ones we should create a new preference, so they can easily be turned off.

Why?

  • Security: If a vulnerability is discovered, you can only be affected if the feature is activated.
  • More suitable for some use cases: For example, you want to use Tiki as an Identity provider. You don't want content features. You just want user management. As of Tiki20, there are some features which can't be turned off in Tiki.
  • GDPR, HIPPA, or other compliance, as well as possible ISO standard qualification :
    • "For Muhib, one of the main issues with low code platforms is the governance of the applications themselves. Anyone might be able to design an app very quickly, but not everyone might be familiar with the requirements of GDPR or HIPAA and how the app might violate compliance with these. These applications, he says, may also not be easy to secure and could create unintended vulnerabilities in the infrastructure of an organization." source
    • example GDPR: OnlyOffice
    • example HIPAA: OnlyOffice

Who

  • Scott Tresor (leading development on this project)
  • Roberto Kirschbaum (coach)
  • luciash d' being 🧙 (providing guidance)
  • Marc (providing guidance)
  • Michael Imbeault (providing guidance)
  • You?


Major Features

That need a preference so we can turn them off:

  • There should be a pref for comments that turns off all comments, and this panel: tiki-admin.php?page=comments (see how it's done for blogs as an example)
  • Modules could be optional
  • Profiles could be optional
  • i18n
  • Maps
  • Feeds
  • Tiki Connect
  • Stats
  • Packages
  • RTC

Social networks

When the feature is off, it should not render the proprietary og: and twitter: meta tags in the page source like: 

<meta content="Baretiki" property="og:site_name">
<meta content="Baretiki" name="twitter:site">

Minor Preferences

(Sub-)Preferences of the main features like Wiki related preferences etc.

  • CodeMirror syntax highlighter: var syntaxHighlighter gets loaded even when not used?
  • jQuery TreeTable JS and CSS loaded on every page even when not used (used only on tiki-objectpermissions.php?)
  • lib/query_tiki/pluginedit.js is loaded on every page even when the pref Allow plugin-specific edits is disabled

User Information Display

For example: https://dev.tiki.org/tiki-user_information.php?userId=1
Should be optional preference too. See related wish list item: https://dev.tiki.org/item5982

System Menu

Menu ID 42

  • External Feeds
  • External Wikis
  • Mail Notifications?
  • Scheduler - when the feature_scheduler is off it should not display the option in the Settings submenu
  • Tiki Importer
  • Tiki Logs
  • Toolbars could be optional
  • Transitions
  • phpinfo

To discuss

Wiki

  • Rename is not optional - could be wiki_page_rename pref

There could be apps where print settings are not needed.

Membership

  • tiki-admingroups.php has settings like
    • Membership expiry Anniversary
    • Number of Days
    • Pro-Rate Membership


These should be active only if the feature is activated.

Perhaps one pref feature_membership?

Decided to keep as a non-option

Major features

  • Groups
  • Log in /Log out
  • Look & Feel
  • Menus
  • Performance
  • Permissions
  • Security
  • Tiki Cache/Sys Admin
  • Users
  • User Settings

Minor features

to keep always on (e.g. when major feature is enabled)

  • Edit (like wiki page editing; depending on edit permissions of course)
  • Plugin Aliases
  • Tiki Check (aka Server Fitness link on the General control panel)
  • What else?

Questions