Submission: MySQLList

[psic]

A simple plugin to fetch data in a MySQL database and put fields values into markdown.

[PhrozenByte]

First of all: Thank you for your contribution! ❤️ And sorry for the late response.

I've just added your plugin to https://github.com/picocms/Pico/wiki/Pico-Plugins

However, I'm not so sure whether we should officially promote it on http://picocms.org. It's without any question a great idea and the implementation is absolutely fine, I'm just a bit hesitant about adding database credentials and SQL queries to Markdown files. The plugin must ensure a secure configuration that guarantees that no credentials are exposed (e.g. by using a separate config.php for the database credentials). About adding plain SQL queries to Markdown files I feel like we shouldn't recommend this either. I prefer separation of concerns, i.e. the SQL queries should be configured separately and the data could then made available by hooking into onMetaParsed or onContentPrepared. Notwithstanding the above, some people share their content folder with other trusted users - but allowing them to execute arbitrary SQL queries is a different level.

I absolutely don't want to deny the purpose of this plugin! 👍 It's a great idea and I'm 100% sure it does exactly what you need. I'm also sure you use it responsibly so that my concerns don't apply to you. However, since we got users which aren't as experienced as you, I feel like it might put less experienced users at risk. What do you think?

[psic]

First thank you for your reply (late or not, it's not so late). And thank you for pico. Thank you again for adding the plugin to the wiki.
I understand your point of view.
My aim is to use picocms to make a monitoring system for a mysql DB (some KPI as user in my app, new user, etc..). I have some more plugins to add, and PR (MySQLGraph and CSVGraph).

1. First I should allow only SELECT query.
2. SQL queries should not be available for "normal' users, but should be available as ressources in the markdown
3. Database configuration should not been available in the mail config.yml (I do not find any config.php), but in a dedicated config file (where power users will also declare all the useable queries)

PS : yes my plugin does exactly what I need :)

[PhrozenByte]

Yes 👍

Database configuration should not been available in the mail config.yml (I do not find any config.php), but in a dedicated config file (where power users will also declare all the useable queries)

Pico no longer uses a config.php, but you can simply create a dedicated config.php in your plugin directory. The SQL query configuration could go into Pico's regular config.yml because they aren't really a secret. However, in my opinion it's important that users configure the SQL queries separately and use them - just as you said - as a resource in their Markdown files.

If you want to overhaul your plugin accordingly I'm very happy to promote it on http://picocms.org/plugins/ 😃

Looking forward to your other plugins! ❤️

[psic]

Separation of concern is achieved.

• The database configuration is made in a MySQLConfig.php
• The query are written in the Pico's conf file.
• User can use those query by name in their markdown files.

[psic]

I had a new pico plugin to draw charts (svg) from mysql data in the same PR. Let me know if you want me to make a new PR for this new plugin

[psic]

I had a simple plugin csvgraph plugin to draw charts from csv files.

[psic]

make other plugins and theme in new branch and new PR

[PhrozenByte]

@psic Thank you for your contributions - and sorry for the huge delays! Just to be sure, there was also a MySQLList plugin, right? Because there's no open PR for this plugin anymore.

@mayamcdougall Maybe we should think about how we want to manage plugins and themes in the future. Obviously I don't have enough time to actually do a code review for plugins. The idea behind this review process was to ensure a basic level of quality and to prevent malicious plugins. However, I feel like that we can't really achieve this anyway. Developers can update their plugins at any time. Furthermore there's our Wiki with yet another list of themes and plugins. So maybe we should abolish this "review required" process and switch to a much simpler process? The question is: How? I feel like the way we present plugins and themes on picocms.org right now isn't really suitable for this, is it? Moved to #45

[psic]

There was a MySQLList, this PR. I update it with your review. And close the PR.
I also had added some other plugins file in this submission, but I have moved them (CSVGraph and MySQLGraph) to other submission