TODO
====

- Fix XSRF vulnerabilities (or at least make this harder) by adding
  random token value for forms which is checked in form handler, concerns
  the addition of new resources the most
- internationalization and localization
- resizeable map
- multiple maps
- instead of BadRequest, give user-friendly error pages
- Instead of numbers for resource, let people assign slugs for URLs
- how to make /static and /maps return NotPermitted (when no file specified?)
...
