From geeklog at langfamily.ca  Sun Jun  1 09:39:52 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 1 Jun 2003 09:39:52 -0400
Subject: [geeklog-devel] Jahia
References: <5.1.0.14.2.20030531223043.00b58ba8@localhost>
Message-ID: <001401c32843$47a4ac00$9a0a10ac@xpbl1>

 "Dwight Trumbower" <dwight at trumbower.com> wrote:
> If you want to find out about more, you can subscribe to
http://cms-list.org/,

Dwight thanks, I did a few days ago after your note and it's a great list.
Thats where I got the info from :)
I've been reading each daily digest from the list.

Blaine

----- Original Message -----
From: "Dwight Trumbower" <dwight at trumbower.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Saturday, May 31, 2003 11:32 PM
Subject: Re: [geeklog-devel] Jahia


> At 02:11 PM 5/31/2003 -0400, you wrote:
> >I had not heard of Jahia before - but it is positioned as a Open
Corporate
> >Portal Solution.
> >
> ><http://www.jahia.org/jahia/Jahia>http://www.jahia.org/jahia/Jahia
> >
> >Written in Java (Tony will like that) - released under a "collaborative
> >source license".
> >It's not free and not cheap either but released with source code.
> >
> >Just looking around on their site - they have some nice features although
> >some of their portlets (plugins) look pretty crappy.
> >
> >Blaine
> >
>
> If you want to find out about more, you can subscribe to
http://cms-list.org/,
>
> Apache Lenya was just released this week, which is also Java.
> http://www.apache.org/dist/cocoon/lenya/
>
> Cocoon is a framework geared towards CMS.
>
> Dwight
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>



From geeklog at langfamily.ca  Mon Jun  2 19:26:14 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 2 Jun 2003 19:26:14 -0400
Subject: [geeklog-devel] GL 2.0 Consideration - WSRP
Message-ID: <003801c3295e$5c4bec10$9a0a10ac@xpbl1>

There are few evolving standards with Portals but WSRP (Web Services for Remote Portals) looks to be a key standard that we will want to support.

This presentation explains it well: http://xml.coverpages.org/wsrp-overview200206.pdf




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20030602/51b4075e/attachment.html>

From geeklog at langfamily.ca  Mon Jun  2 21:20:07 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 2 Jun 2003 21:20:07 -0400
Subject: [geeklog-devel] Gartners updated Magic Quadrant report on Portals
Message-ID: <002001c3296e$44e4e9e0$9a0a10ac@xpbl1>

I was surprised to find this in the public domain. It is Gartners updated as of March 2003 Magic Quadrant on Portal Solutions.
Obviously focused on the top comercial solutions - it is still interesting as industry information.

http://www.gartnervoice.com/Weekly/2003/Mar31/1hor/1hr.htm

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20030602/5ac8b596/attachment.html>

From dwight at trumbower.com  Tue Jun  3 12:09:08 2003
From: dwight at trumbower.com (Dwight Trumbower)
Date: Tue, 03 Jun 2003 11:09:08 -0500
Subject: [geeklog-devel] GL2 admin ui
Message-ID: <5.1.0.14.2.20030603110751.00bb5260@mail.tsystemscorp.com>

Another example of a decent ui for admin of a cms. 
http://www.mlore.com/mlore_tour/fullscreen.html

It is a flash presentation. Click on the "How it works" step.

Dwight
dwight at trumbower.com



From tony at tonybibbs.com  Fri Jun  6 14:45:27 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 06 Jun 2003 13:45:27 -0500
Subject: [geeklog-devel] lib-sessions.php
Message-ID: <3EE0E147.30103@tonybibbs.com>

Dirk,

Just a quick note to let you know that the fix you checked in does work. 
 Turns out when I added 'localhost' as my cookiedomain I forgot to 
remove it before testing.  When I removed that and retested it worked 
just fine.

--Tony



From dirk at haun-online.de  Fri Jun  6 15:21:03 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Fri, 6 Jun 2003 21:21:03 +0200
Subject: [geeklog-devel] lib-sessions.php
In-Reply-To: <3EE0E147.30103@tonybibbs.com>
References: <3EE0E147.30103@tonybibbs.com>
Message-ID: <20030606192103.10168@smtp.haun-online.de>

Tony Bibbs <tony at tonybibbs.com> wrote:

>Just a quick note to let you know that the fix you checked in does work. 
> Turns out when I added 'localhost' as my cookiedomain I forgot to 
>remove it before testing.  When I removed that and retested it worked 
>just fine.

Good, thanks.

I guess that new cookie handling in CVS has more surprises in store when
it's actually tested on all those browser / server setup combinations out
there. So if someone here finds some time to test it out, I'd appreciate it.

Summary: In another attempt to resolve what was once the "www vs. non-
www" problem, I've removed the redirection code from index.php. Instead,
all setcookie() calls throughout Geeklog now use all six parameters which
seems to have the desired effect (i.e. user is recognized no matter from
which URL s/he logs in).

If it does not work, you may need to set the $_CONF['cookiedomain']
variable (although lib-sessions.php tries to guess the correct value, it
may fail on some setups). Preferrably, if your domain is example.com, it
should be set to '.example.com' (notice the two dots).

In some cases, especially when upgrading a site while you still have
valid cookies / sessions, you may need to delete the cookies for the site
before the login will work.

I assume this will have to be a new entry for the FAQ ...

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From dirk at haun-online.de  Sat Jun  7 17:41:16 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 7 Jun 2003 23:41:16 +0200
Subject: [geeklog-devel] Geeklog version number
Message-ID: <20030607214116.2735@smtp.haun-online.de>

In the light of recent events, I was thinking about removing the version
number from Geeklog's footer (at least for the default themes - simply
not setting the {geeklog_version} variable would leave a hard-coded 'v'
in most themes).

Obviously, we would need another place to display the version number, but
preferably one where only Admins can see it.

Ideas:
- After the "GL Version Test" link (instead of the "N/A")
- In the headline of the Command and Control block
- both

Other places, ideas?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From dirk at haun-online.de  Mon Jun  9 08:24:18 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 9 Jun 2003 14:24:18 +0200
Subject: [geeklog-devel] Search queries ...
Message-ID: <20030609122418.1878@smtp.haun-online.de>

When running the geeklog.net logfiles through Analog, I noticed that the
Top 5 search queries (in search engines, not on the site) that brought
people to geeklog.net were:

1. geeklog, 951 hits
2. casual sex, 154 hits
3. geeklog themes, 152 hits
4. watermellon, 108 hits
5. ibrattleboro
   hate mail, 84 hits each

Now, I know where the "casual sex" comes from (do you?). "watermellon"
and "ibrattleboro" are sites listed on the links page - with the former
not even running Geeklog any more :-(

A bit further down the list we also have such interesting queries as
"engine problems" (58 hits), "geek wallpaper" (56), and "the additional
features for working with linked tables have been deactivated" (sic!)
with 41 hits.

Just found this amusing ...

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From tony at tonybibbs.com  Mon Jun  9 09:10:34 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 09 Jun 2003 08:10:34 -0500
Subject: [geeklog-devel] Geeklog version number
References: <20030607214116.2735@smtp.haun-online.de>
Message-ID: <3EE4874A.4060300@tonybibbs.com>

Both places makes sense to me.

--Tony

Dirk Haun wrote:

>In the light of recent events, I was thinking about removing the version
>number from Geeklog's footer (at least for the default themes - simply
>not setting the {geeklog_version} variable would leave a hard-coded 'v'
>in most themes).
>
>Obviously, we would need another place to display the version number, but
>preferably one where only Admins can see it.
>
>Ideas:
>- After the "GL Version Test" link (instead of the "N/A")
>- In the headline of the Command and Control block
>- both
>
>Other places, ideas?
>
>bye, Dirk
>
>
>  
>





From tony at tonybibbs.com  Tue Jun 10 10:06:00 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 10 Jun 2003 09:06:00 -0500
Subject: [geeklog-devel] WSRP, GL2 and other stuff
In-Reply-To: <003801c3295e$5c4bec10$9a0a10ac@xpbl1>
References: <003801c3295e$5c4bec10$9a0a10ac@xpbl1>
Message-ID: <3EE5E5C8.3060409@tonybibbs.com>

Holy bloat batman.

Don't get me wrong, I see and understand the value in this.  However, my 
hunch is that simply implementing the 1.0 spec (if it is even out) would 
take months (at my current rate) and you haven't even begun to address 
the core GL2 features.

Furthermore, I have no feel for any progress being made on a PHP Portlet 
API.  I think having one would be nice but a google search on "PHP 
Portlet API" brings up an old geeklog-devtalk post first which leads me 
to believe we are the only ones even thinking out load about this.  I 
think we could recruit the right people from various PHP CMS systems to 
start building the API but do we really want to spend our time doing 
this?  I would love to but at the current rate GL2 will be lucky to be 
in beta by this winter given the general lack of additional support I have.

Which brings me to my next point.  I am growing increasing frustrated 
with the general disinterest in GL2.  I have architected what I believe 
to be a good foundation thus far but have received little to no input 
and hardly any programming support.  Doing no one any discredit, I 
understand why it is important to keep 1.3.x moving and I don't want to 
stop that.  However, long ago we had ear marked a few new features in 
1.3.x and had talked about freezing that codebase except for security 
and bug fixes.  Now, I admit there wasn't broad consensus then but I 
guess I had always hoped for this.  In an effort to correct this, I have 
been back in contact with Jason and he is still onboard albeit it in a 
limited capacity.

I guess my point is I feel we are at a point where we should shit or get 
off the pot.  Perhaps I woke up on the wrong side of bed and I admit 
today the glass is half empty so I apologize if this sounds harsh.   
With all this said, is a 1.3.x code freeze feasible?  If not, I will 
need help building a general roadmap for GL2 and help recuiting new help 
because, to be honest, GL2 has enough code that I need extra eyes to 
validate or invalidate what I already have and I will need consistent 
help moving forward with it. 

I think we all agree GL 1.3.x is quickly outgrowing it's capabilities, I 
think the user community is interested in the prospect of GL2 so unless 
I am way off base I think the need is there.  I just don't feel the 
commitment is there and it is to the point that I have begun to lose 
interest in it and I hate that.  I think if we could all get engaged 
with GL2 to some degree that would provide sufficient motivation.  My 
point is something needs to change.  I have ideas of what those things 
are but they all require more fresh bodies...a rare commodity in 
building OSS.

Again, none of this is meant to be personal.  It is just my current 
perspective and a cry out for help.

--Tony

Blaine Lang wrote:


> There are few evolving standards with Portals but WSRP (Web Services 
> for Remote Portals) looks to be a key standard that we will want to 
> support.
>  
> This presentation explains it well: 
> http://xml.coverpages.org/wsrp-overview200206.pdf
>  
>  
>  
>  





From tony at tonybibbs.com  Tue Jun 10 11:17:19 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 10 Jun 2003 10:17:19 -0500
Subject: [geeklog-devel] WSRP, GL2 and other stuff
In-Reply-To: <3EE5EDF3.1030301@abtech.org>
References: <003801c3295e$5c4bec10$9a0a10ac@xpbl1> <3EE5E5C8.3060409@tonybibbs.com> <3EE5EDF3.1030301@abtech.org>
Message-ID: <3EE5F67F.7070007@tonybibbs.com>

Vincent, my comments are below.  I cc'd the list as I think my repsonses 
will shed some light for others.

--Tony

Vincent Furia wrote:

> Tony,
>
> There are several of us 'non-core' (no cvs access) developers waiting 
> in the wings, wondering when you're going to start farming out work 
> for geeklog.  I can only really speak for myself, but I'm pretty 
> frustrated at the lack of communications we get. 


The communication structure for GL2 doesn't really exists because, to be 
frank, it has been a one person effort thus far.  I would love to add 
people to the mix and if you are volunteering to be engaged and 
accountable for certain pieces that is great.  So, for the record, I 
will assume you are interested unless I hear otherwise.

>
> A couple of months ago I gave you a bunch of input on the MVCnPHP 
> library, that appear to have just been ignored.  I don't mind being 
> ignored if I can see that my code is (a) being incorporated in CVS or 
> (b) the problems I found were being addressed in another way.  
> Otherwise a response back would be nice indicating what you think of 
> the changes (even a "don't bother me with this" would be better than 
> being ignored).  This was especially frustrating because you even 
> asked people on the devel mailing list to review your MVCnPHP code. 


Yes, you have.  I haven't touched the MVC code since my last message to 
the list.  You aren't being ignored and I can understand how my silence 
can give you that impression so my apologies.  Your input I took as 
someone who simply gave an honest look at the code (and I do appreciate 
it) but not as a developer.  Had your intents been more clear I would 
have responded differently I'm sure.

>
>
> The lack of communication is hurtful in other ways.  About two weeks 
> ago a developer on the IRC channel was wondering what happened to 
> you.  It seems he had been trying to contact you to help with GL2 for 
> about a month and hadn't been able to get a response.  He was getting 
> so frustrated he considered spawning his own GL2 (obviously under a 
> different name).  I think this is a pretty common feeling with many 
> people who are looking forward to GL2. 

Who is this 'developer'?  To be honest, I have received no real input or 
interest for helping with GL2.  A quick search of in mailbox confirms 
this.  For someone to be to a point to spawn his own GL2 is a bit 
premature considering nobody has been contact with me.  If you can dig 
this person up, let me know and I can follow-up because, again, there is 
more than enough work to go around.

>
>
> In this case, I had recently spoken to you on IRC, so I mentioned to 
> this developer that you were planning on putting a story up on GL2 to 
> get input on the plugin API for GL2 ("the next big thing to do").  
> That was more than a month and a half ago.  I haven't seen the 
> developer's handle on IRC since. 

Well, that was about the point I started getting frustrated.  I have 
literally thousands of lines of code and I decided that before I started 
on the API I should get some feedback on what has already been done.  
Much of the code is still alpha or beta quality and it didn't make sense 
to start something new until some polish was given to things that have 
been done.  The only portions of code that have had any feedback to date 
is the MVC code and, in part, the Translation library.  That still 
leaves a lot of code to be reviewed (authentication and authorization in 
particular).

>
>
> Right now I'm working on a generic configuration module that uses 
> mysql to store config variables and caches them in a php file 
> (hopefully no more hassle with config.php...).  My intent is for this 
> code to be used for GL2, and possible GL1.3.x and other php projects.  
> I'd really prefer to be working on some core GL2 code, but it's 
> impossible to know what to work on when things just "appear" in CVS, 
> and then attempts to contribute are ignored.
>
> To make all this constructive, I'd like to recommend better 
> communication.  Maybe a weekly meeting in IRC that goes through status 
> reports (it could be really short) and a GL2 TODO list maintained on 
> the website and update regularly as task are accomplished and new work 
> appears. 

Actually, I just messaged Dirk that I plan on install the latest gForge 
code (http://gforge.org) and if it is usable I will put GL2 in there and 
work with Dirk to get 1.3.x in there as well.  That shoud serve as a 
suitable project website to facilitate better communication.  IMHO, IRC 
or IM is not worth much as I prefer archives of stuff so email should be 
the focus.  Should we create a geeklog2-devel list? That seems to be of 
value as a lot of mail goes through geeklog-devel that isn't relevant to 
GL2.  Just a thought.

>
>
> This sounds as bad as your post did.  I'm sorry, but this has building 
> for a while and then your post, "a cry for help", struck a pretty raw 
> nerve.   I think I'll send this to you exclusively, and let you mail 
> it to the list or keep it to yourself as you see fit (and I apologize 
> for the two email's, I'm not sure which box your using or even if they 
> are the same box).

No, don't worry, the result is all I am after.  As long as this spurs 
the conversation we need to get things going I will be happy.  So 
consider yourself 'in'.  Track me down in IRC today and I can set you up 
in CVS so you have direct access to the code and then we can talk about 
divying up the tasks.

Please be sure to send me the handle or email of that 'other developer' 
you eluded to.

>
> Thanks for all the hard work though Tony.  No one can fault your 
> dedication or commitment to GL2.
>
> -Vinny
>
> Tony Bibbs wrote:
>
>> Holy bloat batman.
>>
>> Don't get me wrong, I see and understand the value in this.  However, 
>> my hunch is that simply implementing the 1.0 spec (if it is even out) 
>> would take months (at my current rate) and you haven't even begun to 
>> address the core GL2 features.
>>
>> Furthermore, I have no feel for any progress being made on a PHP 
>> Portlet API.  I think having one would be nice but a google search on 
>> "PHP Portlet API" brings up an old geeklog-devtalk post first which 
>> leads me to believe we are the only ones even thinking out load about 
>> this.  I think we could recruit the right people from various PHP CMS 
>> systems to start building the API but do we really want to spend our 
>> time doing this?  I would love to but at the current rate GL2 will be 
>> lucky to be in beta by this winter given the general lack of 
>> additional support I have.
>>
>> Which brings me to my next point.  I am growing increasing frustrated 
>> with the general disinterest in GL2.  I have architected what I 
>> believe to be a good foundation thus far but have received little to 
>> no input and hardly any programming support.  Doing no one any 
>> discredit, I understand why it is important to keep 1.3.x moving and 
>> I don't want to stop that.  However, long ago we had ear marked a few 
>> new features in 1.3.x and had talked about freezing that codebase 
>> except for security and bug fixes.  Now, I admit there wasn't broad 
>> consensus then but I guess I had always hoped for this.  In an effort 
>> to correct this, I have been back in contact with Jason and he is 
>> still onboard albeit it in a limited capacity.
>>
>> I guess my point is I feel we are at a point where we should shit or 
>> get off the pot.  Perhaps I woke up on the wrong side of bed and I 
>> admit today the glass is half empty so I apologize if this sounds 
>> harsh.   With all this said, is a 1.3.x code freeze feasible?  If 
>> not, I will need help building a general roadmap for GL2 and help 
>> recuiting new help because, to be honest, GL2 has enough code that I 
>> need extra eyes to validate or invalidate what I already have and I 
>> will need consistent help moving forward with it.
>> I think we all agree GL 1.3.x is quickly outgrowing it's 
>> capabilities, I think the user community is interested in the 
>> prospect of GL2 so unless I am way off base I think the need is 
>> there.  I just don't feel the commitment is there and it is to the 
>> point that I have begun to lose interest in it and I hate that.  I 
>> think if we could all get engaged with GL2 to some degree that would 
>> provide sufficient motivation.  My point is something needs to 
>> change.  I have ideas of what those things are but they all require 
>> more fresh bodies...a rare commodity in building OSS.
>>
>> Again, none of this is meant to be personal.  It is just my current 
>> perspective and a cry out for help.
>>
>> --Tony
>>
>> Blaine Lang wrote:
>>
>>
>>> There are few evolving standards with Portals but WSRP (Web Services 
>>> for Remote Portals) looks to be a key standard that we will want to 
>>> support.
>>>  
>>> This presentation explains it well: 
>>> http://xml.coverpages.org/wsrp-overview200206.pdf
>>>  
>>>  
>>>  
>>>  
>>
>>
>>
>>
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>>




From mark.limburg at baesystems.com  Tue Jun 10 19:53:18 2003
From: mark.limburg at baesystems.com (LIMBURG, Mark)
Date: Wed, 11 Jun 2003 09:23:18 +0930
Subject: [geeklog-devel] GL2 and coder apathy
Message-ID: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com>

Howdy

I won't bother to quote anyone, I'm sure we all read the list.

I got out of core GL coding because it was over my head - simple as that.
GL1.3.x I can understand, and although I had a bunch of different opinions
on what and how to implement parts of GL, we still worked together and
pretty well I might add.  This was why I was interested in the 1.3.x
codebase.  

I am HIGHLY interested in the 2.x codebase, but I just don't get it.  I've
tried to read it a few times, and I get lost in the methodology and object
level coding.  It's not something I've done before, at all .. so it's a
little hard to feel that I can make a contribution.  I really wish I could,
as although I've been playing with tikiwiki and phpbb2, I do think GL2 has
the best aim on what is needed and how to get there.  As such, I've reverted
into lurk mode, hoping GL2 gets to the point where I *can* help out ... with
themes, modules, and the whole user interface issue.

I *really* want to help, I just don't know how ...

Mark Limburg

Operations Support Team Leader
Information Services
BAE SYSTEMS Australia



From tony at tonybibbs.com  Wed Jun 11 09:56:23 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 11 Jun 2003 08:56:23 -0500
Subject: [geeklog-devel] GL2 and coder apathy
In-Reply-To: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com>
References: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com>
Message-ID: <3EE73507.2020603@tonybibbs.com>

Mark,

I think you can handle GL2 just fine.  Don't let the OO nature scare you 
away, I know you are capable of picking it up.  I think the easiest way, 
if you are serious, is to take a very simple maintenance task on some of 
the existing code.  That my help you see how it all comes together.

Let me know if you are interested...

--Tony

LIMBURG, Mark wrote:
> Howdy
> 
> I won't bother to quote anyone, I'm sure we all read the list.
> 
> I got out of core GL coding because it was over my head - simple as that.
> GL1.3.x I can understand, and although I had a bunch of different opinions
> on what and how to implement parts of GL, we still worked together and
> pretty well I might add.  This was why I was interested in the 1.3.x
> codebase.  
> 
> I am HIGHLY interested in the 2.x codebase, but I just don't get it.  I've
> tried to read it a few times, and I get lost in the methodology and object
> level coding.  It's not something I've done before, at all .. so it's a
> little hard to feel that I can make a contribution.  I really wish I could,
> as although I've been playing with tikiwiki and phpbb2, I do think GL2 has
> the best aim on what is needed and how to get there.  As such, I've reverted
> into lurk mode, hoping GL2 gets to the point where I *can* help out ... with
> themes, modules, and the whole user interface issue.
> 
> I *really* want to help, I just don't know how ...
> 
> Mark Limburg
> 
> Operations Support Team Leader
> Information Services
> BAE SYSTEMS Australia
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From tomw at pigstye.net  Wed Jun 11 10:27:55 2003
From: tomw at pigstye.net (Tom Willett)
Date: Wed, 11 Jun 2003 14:27:55 +0000
Subject: [geeklog-devel] GL2 and coder apathy
In-Reply-To: <3EE73507.2020603@tonybibbs.com>
References: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com> <3EE73507.2020603@tonybibbs.com>
Message-ID: <20030611141300.M75380@pigstye.net>

Tony,

This coder is not apathetic, just snowed under.  I thought that after the 
first of this year, things would slow down form me.  But, my current 
software business is growing faster than I can keep up with and there is no 
slowdown in sight.  I have had to turn away several good oportunities, 
because I do not have the time to pursue them.  I am now at the point in a 
small business where I need more help but do not have quite enough work to 
justify hiring someone.  So I work days, nights and weekends to fill in the 
slack.  Its those nights and weekends, I would use for GL2.  

So I will just lurk and look in from time to time, until my time frees up.

--
Tom Willett
tomw at pigstye.net


From tony at tonybibbs.com  Wed Jun 11 12:18:16 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 11 Jun 2003 11:18:16 -0500
Subject: [geeklog-devel] [Fwd: [Phrame-devel] Industrial Strength MVC]
Message-ID: <3EE75648.1070905@tonybibbs.com>

Vinny,

Here is what I was referring to.

--Tony

-------- Original Message --------
Subject: [Phrame-devel] Industrial Strength MVC
Date: Thu, 5 Jun 2003 09:06:22 -0700 (PDT)
From: Jason Sweat <jsweat_php at yahoo.com>
To: Phrame <phrame-devel at lists.sourceforge.net>

Industrial Strength MVC is the sample article for the June issue of
PHP|Architect.

It is available for download at
https://www.phparch.com/issuedata/2003/jun/sample.php, source code is also
available for download from the same page.

This article takes some of the simple Phrame examples much further, showing
fully integrated database Model classes, using Smarty coupled with a Factory
pattern for views and implements security in the Controller classes.

I hope you find it useful.

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Phrame-devel mailing list
Phrame-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phrame-devel



From vmf at abtech.org  Thu Jun 12 15:11:08 2003
From: vmf at abtech.org (Vincent Furia)
Date: Thu, 12 Jun 2003 15:11:08 -0400
Subject: [geeklog-devel] 6/12/2003 GL2 IRC conversation
Message-ID: <3EE8D04C.7040805@abtech.org>

Tony and I sat down for about an hour in IRC today to talk about some 
GL2 development issues.  The conversation covered three main points:

1.  MVCnPHP (by Tony) vs. Phrame -- tabled until we get a more detailed 
look at the newest version of phrame.

2.  A&A issues -- Tony is doing a lot of work on this, I think it will 
be really cool once completed.

3.  ACLs -- talked about alternatives to the current geeklog *nix style 
permissions on stories, polls, etc.  I've been tasked to make a small 
demo of the generic ACLs we discussed.

Here is a link to the irc discussion.  Sorry for the crappy formatting:
http://furia.abtech.org/gl2/irc-12062003.html

-Vinny



From geeklog at langfamily.ca  Thu Jun 12 17:35:28 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Thu, 12 Jun 2003 17:35:28 -0400
Subject: [geeklog-devel] 6/12/2003 GL2 IRC conversation
References: <3EE8D04C.7040805@abtech.org>
Message-ID: <004301c3312a$8b4e5560$9a0a10ac@xpbl1>

Thanks Vinny - that was helpfull.

I think we need to have regular IRC schedule to help bring everyone up to
speed on where GL2 development is and the better understand the code design
and develoment plan. They would only need to be every week or every other
week  - maybe early evening or early morning. Same idea and make the chat
logs available.

Blaine
----- Original Message -----
From: "Vincent Furia" <vmf at abtech.org>
To: <geeklog-devel at lists.geeklog.net>
Sent: Thursday, June 12, 2003 3:11 PM
Subject: [geeklog-devel] 6/12/2003 GL2 IRC conversation


> Tony and I sat down for about an hour in IRC today to talk about some
> GL2 development issues.  The conversation covered three main points:
>
> 1.  MVCnPHP (by Tony) vs. Phrame -- tabled until we get a more detailed
> look at the newest version of phrame.
>
> 2.  A&A issues -- Tony is doing a lot of work on this, I think it will
> be really cool once completed.
>
> 3.  ACLs -- talked about alternatives to the current geeklog *nix style
> permissions on stories, polls, etc.  I've been tasked to make a small
> demo of the generic ACLs we discussed.
>
> Here is a link to the irc discussion.  Sorry for the crappy formatting:
> http://furia.abtech.org/gl2/irc-12062003.html
>
> -Vinny
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>



From geeklog at langfamily.ca  Sat Jun 14 11:30:01 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 14 Jun 2003 11:30:01 -0400
Subject: [geeklog-devel] 404.php
Message-ID: <001701c33289$d21dc2e0$9a0a10ac@xpbl1>

I never really gave this much attention before but I just moved my site to a new server and was doing additional testing and used a .htaccess directive to redirect to the 404.php. I found it was reporting the bad page as 404.php.

Doing some testing, I found that if I replaced $HTTP_SERVER_VARS["REQUEST_URI"] with $HTTP_SERVER_VARS["DOCUMENT_URI"] then it worked fine.

Is this something unique with this webserver (ZEUS) or would using the DOCUMENT_URI not be a better option?

Cheers,
Blaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20030614/c670e010/attachment.html>

From dirk at haun-online.de  Mon Jun 16 18:23:37 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 17 Jun 2003 00:23:37 +0200
Subject: [geeklog-devel] Comments to templates
Message-ID: <20030616222338.21880@smtp.haun-online.de>

Moving the hard-coded HTML for the comments to template files has been a
pet peeve of mine over the course of 1.3.8 development. However, so far I
have been unsuccessful to come up with an implementation that I liked.

And today, in a case of extreme stupidity, I deleted my latest attempt.
No backups, of course ...

So, I'm on the verge of giving up on this for the 1.3.8 release.

The code in CVS has the comment bar and the outer tables for the comments
section in template files (comment/commentbar.thtml and comment/
startcomment.thtml) but the actual comment code is still using hard-coded
HTML. It's not what I had in mind, but it's better than nothing ...

This has been the major showstopper for a 1.3.8 release, so unless
someone else wants to give it a try, I will now concentrate on the
outstanding issues like

- some code changes for more flexibility in themes (Hi Simon)
- updating documentation
- possibly rearranging contents of config.php yet again
  (moving those settings that you need to change to get a site up and running
   to the top of the file)
- some code reviews here and there

And then there's the search ... Tony?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From robg at macosxhints.com  Mon Jun 16 18:32:37 2003
From: robg at macosxhints.com (Rob Griffiths)
Date: Mon, 16 Jun 2003 15:32:37 -0700
Subject: [geeklog-devel] Comments to templates
In-Reply-To: <20030616222338.21880@smtp.haun-online.de>
Message-ID: <6E93E8DA-A04A-11D7-B146-000393C94A94@macosxhints.com>

On Monday, June 16, 2003, at 03:23 PM, Dirk Haun wrote:

> And then there's the search ... Tony?

Just as an FYI; the project I talked about a while back is now underway 
-- I have my site and database files with a third party who is updating 
the search functionality to be much more robust.  I expect it will be 
done within two or three weeks (I don't think I'm being charged enough 
to be right at the top of their priority list), but when I get the code 
back, I'll distribute it to Dirk, Tony, etc.  I'm not sure how much 
work it will take to integrate it into the standard Geeklog release, 
but I'll leave it up to you guys to use, trash, whatever...

As a total aside, Geeklog is covered in this month's issue of Macworld 
magazine.  They review a number of (sigh) blogs, and include Geeklog 
(spelled GeekLog) in the selection.  In short, they rated it high for 
security, multi-author support, and threaded comments, but docked it 
for difficulty of install and lack of documentation...

-rob.



From mark.limburg at baesystems.com  Mon Jun 16 20:24:32 2003
From: mark.limburg at baesystems.com (LIMBURG, Mark)
Date: Tue, 17 Jun 2003 09:54:32 +0930
Subject: [geeklog-devel] Comments to templates
Message-ID: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED4C@sbw2ex1.au.baesystems.com>

Howdy

 > Moving the hard-coded HTML for the comments to template files has been a
 > pet peeve of mine over the course of 1.3.8 development. However, so far I
 > have been unsuccessful to come up with an implementation that I liked.

One idea I had was to use the template class from phpBB2 - which is a
variation on the same library we grabbed ours from.  As it standands, I'm
pretty sure it could be dropped right into GL1 with a minimum of fuss, as it
supports the way we currently do themes (as in straight replacement of
{placeholder} variables.  In addition, it also supports a simple form of
flow control and template blocks.

I am *offically* putting my hand up (as an option) to bring GL1 across to
this template class, as well as finish converting all hardcoded HTML into
templates and move the code to use the flow control and block system.  Lots
of good things flow down from this.

Now for the bad news ... if I were to do this, this would break existing
templates.  To help bring a resolution to this issue, I would a) convert all
the core templates across to the new system, b) take requests from any and
all comers to convert their theme to the new standard, and c) educate any
and all on the new process of creating themes.  Indeed, all the
documentation that phpBB2 have done could be leveraged as well as anything I
write.

I *really* want to do this ... as you all pretty much know, I've wanted to
do something along these lines for a long time.  As a theme developer (he
says putting on his Theme Author hat), moving to this type of environment
makes life easier and can do more.

If I were to go ahead with this, I would grab a copy of GL1 from CVS, do the
work to bring it across, and then a) place a working copy of the new codeset
on my website, and b) provide the codebase for the dev team to review BEFORE
it goes into CVS.

Why go all the way and establish flow control and blocks, just to get rid of
static html?  Because a lot of the hardcoded html performs block type
returns *and* because if I'm going to delve into the code, I may as well do
it right the first time.

Thoughts?  Post them to the list ...

Regards

Mark Limburg

Operations Support Team Leader
Information Services
BAE SYSTEMS Australia



From dirk at haun-online.de  Tue Jun 17 08:14:13 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 17 Jun 2003 14:14:13 +0200
Subject: [geeklog-devel] Comments to templates
In-Reply-To:  <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED4C@sbw2ex1.au.baesystems.com>
References:  <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED4C@sbw2ex1.au.baesystems.com>
Message-ID: <20030617121413.3521@smtp.haun-online.de>

LIMBURG, Mark <mark.limburg at baesystems.com> wrote:

>Now for the bad news ... if I were to do this, this would break existing
>templates.  To help bring a resolution to this issue, I would a) convert all
>the core templates across to the new system, b) take requests from any and
>all comers to convert their theme to the new standard

So you are volunteering to help out hundreds of site owners who all want
to upgrade their sites to that new version at the same time?

Sorry Mark, this is just not going to work.

Also, it's not clear if replacing the template engine would actually help
here.  The comment code is recursive and making sure tags are properly
closed and nested is not trivial. I'd suggest you have a look at it ...


>I *really* want to do this ... as you all pretty much know, I've wanted to
>do something along these lines for a long time.

Yes, I know. And I seem to remember that we came to the conclusion that
replacing the template system with something that is not compatible is
not an option.

If you can find something that is compatible with what we're using now,
then that would be worth considering. But switching to an incompatible
engine would just cause too much confusion and frustration. The changes
in CVS will cause enough problems already (as we know from experiences
with the theme changes in 1.3.6 - and our user base has grown
substantially since then, including lots of people who are not all that
tech-savvy).

bye, Dirk


-- 
http://www.haun-online.de/
http://www.macosx-faq.de/



From vmf at abtech.org  Tue Jun 17 10:27:39 2003
From: vmf at abtech.org (Vincent Furia)
Date: Tue, 17 Jun 2003 10:27:39 -0400
Subject: [geeklog-devel] Geeklog2 -- ACLs
Message-ID: <3EEF255B.9020204@abtech.org>

THE SYSTEM

For Geeklog2, I propose expanding the existing unix-like item permission 
system into a full fledged ACL system.  The sql below (created for 
MySQL) describes two tables and some data used to demonstrate some 
sample queries.  The data loaded below includes three 'items' (which, in 
the context of geeklog, could be articles, polls, links, etc).  It also 
contains two users: 1, 2 and two groups: 1, 2.  A couple of important 
things to note about these tables.  First, no permissions data is kept 
within the items table.  Second, 'item' is a foreign key within the acl 
table that links to 'item' in the items table.

I've choosen to use the following the access rights, each right 
represented by one bit in a bit field.
List - 1:  The user has permission to list this item.
Read - 2:  The user has permission to read or view this item.
Write - 4:  The user has permission to append or edit this item.
Delete - 8:  The user has permission to delete or remove this item.
Admin - 16:  The user has permission to controll access to this item.

These rights are just an initial idea of the rights usually associated 
with ACLs.  Of course these rights should be edited and/or added to.

To make the manipulation of the rights easier, we can assign a php 
constant to each access level.  These constants then can be bitwise 
And'd (&) or Or'd (|) to produce complex set of permissions.  Below I 
will refer to these constants as LIST, READ, WRITE, DELETE, ADMIN.  I 
will also define the composite acess levels:  LOOK as (LIST & READ); 
EDIT as (LOOK & WRITE & DELETE); OWNER as (EDIT & ADMIN).

HOW IT WILL WORK

In the code:
Implementing look-ups using this system is pretty straight forward.  For 
instance, to list all the items that a user has LOOK access to, I'd use 
the following query:
SELECT items.* FROM acl, items WHERE items.item = acl.item AND ((acl.uid 
= <userid> OR acl.gid IN (<user_group_membership>)) AND (acl.access & 
LOOK)) GROUP BY items.item;

To get all the access rights a user has for an item, use this:
SELECT BIT_OR(acl.access), items.item FROM acl, items WHERE items.item = 
acl.item AND items.item = <item> AND (acl.uid = <userid> OR acl.gid IN 
(<user_group_membership)) GROUP BY items.item.

This code may seem complex but consider that, like in 1.3.x (though not 
fully utilized there), much of the SQL involved in fetching permissions 
can be generated by functions.

In the GUI:
Initially the GUI for access/permission to items can stay exactly the 
same as it is currently in 1.3.x.  It should be clear that by having 
four (4) rows in the acl table for each item (one each for anonymous, 
members, group, and owner) we can perfectly simulate the current unix 
like access that 1.3.x provides.

In the long run, we can expand the capabilities of Geeklog through 
modifications to the GUI.  These additions can be as simple or as 
complex as needed for a given task, and is only really limited by our 
imagination and ingenuity.

WHY?

Finer control.  As Tony pointed out in IRC, the finer control would only 
be usefull to about 10% (or less) of the users of geeklog.  However, for 
those users, this finer level of control could be very usefull.   We can 
potentially leverage ACLs to give GL2 real potential in the corporate 
CMS market place.

<management BS>
Geeklog has, since its inception, been a leader in security among peer 
software.  Geeklog's access control system in particular is the most 
powerfull of any competing software [that I know of].  To maintain this 
dominance and the advantages of the reputation that goes with it, I 
think it is necessary to expand beyond the status quo and set a new bar 
for security.  I believe ACLs can get us there.
</management BS>

Finally, the 'coolness' factor.  ACLs will be fun to implement and 
provide a set of managable challenges that will keep us developers 
interested (well, certainly myself).  Also we'll really be taking 
advantage of the power that relational databases provide.

FUTURE EXPANSION

What I have described above (and below in the SQL) is a fairly basic 
implementation of ACLs.  To have a more complex implementation, and 
hence finer control over access to items, it would be possible to add a 
"negative rights table".  This table would be used, once access rights 
for a user (and the groups he is a member of) is determined to 
afterwards limit that users access based on his user id and group 
memberships.  One example of usefullness for this is if you have a group 
you want to grant access to item A, but there is a member of that group 
(user 1) that you don't want to have the same access.  You could reduce 
that users access by adding the user and the access you wish to restrict 
to the "negative rights table".

The complexity of implementing this, in addition to the basic ACL tasks 
described above makes me hesitant to make this part of the initial 
requirements/release of GL2.  However, adding it in the future would be 
possible without side effects to the permissions (ACLs) on items that 
would be established prior to the negative rights implementation and 
release.

CONCLUSION

I encourage feed-back.  Even simply 'yea, nay' type feedback would be 
helpfull.  But suggestions to improve or refine this schema for access 
control would be especially welcome.  I hope, within the next week, to 
take this post (appended with any responses) and post to geeklog.net 
under the Geeklog2 topic.  So please take a few minutes in the next 
couple days (the sooner the better) to grok and respond.

Thanks,
Vinny

P.S.  I looked around the web for a decent, generic description of what 
an ACL does.  My googling only came up with links to cisco, linux and 
afs implementations (and one php implementation) of ACLs.  If someone 
can find a generic link and post it, I'd be appreciative.

----BEGIN FILE ACL.SQL----

CREATE TABLE acl (
    id mediumint(8) AUTO_INCREMENT PRIMARY KEY,
    item varchar(20) NOT NULL,
    uid mediumint(8),
    gid mediumint(8),
    access smallint(8) NOT NULL DEFAULT 0,
    INDEX item_idx (item),
    INDEX uid_idx (uid),
    INDEX gui_idx (gid)
);

CREATE TABLE items (
    id mediumint(8) AUTO_INCREMENT PRIMARY KEY,
    item varchar(20) UNIQUE NOT NULL,
    data text
);

INSERT INTO items (item, data) VALUES ('one', 'this is just an exmple');
INSERT INTO items (item, data) VALUES ('two', 'this is just another 
exmple');
INSERT INTO items (item, data) VALUES ('three', 'this is just one more 
exmple');


INSERT INTO acl (item, uid, access) VALUES ('one', 1, 15);
INSERT INTO acl (item, uid, access) VALUES ('two', 1, 15);
INSERT INTO acl (item, uid, access) VALUES ('one', 2, 15);
INSERT INTO acl (item, uid, access) VALUES ('three', 3, 15);
INSERT INTO acl (item, gid, access) VALUES ('one', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('two', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('three', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('two', 2, 1);

----END FILE ACL.SQL----



From tony at tonybibbs.com  Tue Jun 17 16:13:43 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 17 Jun 2003 15:13:43 -0500
Subject: [geeklog-devel] gforge up
Message-ID: <3EEF7677.7020801@tonybibbs.com>

Hey, I have gforge installed at http://project2.geeklog.net.  Dirk, if I 
could have you create an acccount and email me your username/password, I 
will set you up as an admin and we'll see if they've fixed enough bugs 
to get off of SF.net altogether.  I havne't read much on their progress 
but I can say that they've been damn busy.

Oh, FYI, I already created a Geeklog 2 project and if our initial tests 
show it is stable enough we can have third party GL products hosted 
there as well.

--Tony



From dwight at trumbower.com  Tue Jun 17 16:26:06 2003
From: dwight at trumbower.com (Dwight Trumbower)
Date: Tue, 17 Jun 2003 15:26:06 -0500
Subject: [geeklog-devel] gforge up
In-Reply-To: <3EEF7677.7020801@tonybibbs.com>
Message-ID: <6.0.0.9.0.20030617152546.01b57358@localhost>

Are you going to let people see the project?


At 03:13 PM 6/17/2003, you wrote:
>Hey, I have gforge installed at http://project2.geeklog.net.  Dirk, if I 
>could have you create an acccount and email me your username/password, I 
>will set you up as an admin and we'll see if they've fixed enough bugs to 
>get off of SF.net altogether.  I havne't read much on their progress but I 
>can say that they've been damn busy.
>
>Oh, FYI, I already created a Geeklog 2 project and if our initial tests 
>show it is stable enough we can have third party GL products hosted there 
>as well.
>
>--Tony
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>



From tony at tonybibbs.com  Tue Jun 17 17:04:42 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 17 Jun 2003 16:04:42 -0500
Subject: [geeklog-devel] gforge up
In-Reply-To: <6.0.0.9.0.20030617152546.01b57358@localhost>
References: <6.0.0.9.0.20030617152546.01b57358@localhost>
Message-ID: <3EEF826A.8060304@tonybibbs.com>

http://project2.geeklog.net/projects/geeklog2/ until I get time to 
update the home page.

--Tony

Dwight Trumbower wrote:
> Are you going to let people see the project?
> 
> 
> At 03:13 PM 6/17/2003, you wrote:
> 
>> Hey, I have gforge installed at http://project2.geeklog.net.  Dirk, if 
>> I could have you create an acccount and email me your 
>> username/password, I will set you up as an admin and we'll see if 
>> they've fixed enough bugs to get off of SF.net altogether.  I havne't 
>> read much on their progress but I can say that they've been damn busy.
>>
>> Oh, FYI, I already created a Geeklog 2 project and if our initial 
>> tests show it is stable enough we can have third party GL products 
>> hosted there as well.
>>
>> --Tony
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>>
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From mark.limburg at baesystems.com  Tue Jun 17 19:38:26 2003
From: mark.limburg at baesystems.com (LIMBURG, Mark)
Date: Wed, 18 Jun 2003 09:08:26 +0930
Subject: [geeklog-devel] Comments to templates
Message-ID: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED4F@sbw2ex1.au.baesystems.com>

Howdy

 > So you are volunteering to help out hundreds of site owners who all want
 > to upgrade their sites to that new version at the same time?

90% of these changes are trivial.  I could macro most of them.  So, yes.

 > Also, it's not clear if replacing the template engine would actually help
 > here.  The comment code is recursive and making sure tags are properly
 > closed and nested is not trivial. I'd suggest you have a look at it ...

Dirk, I have had a look at it.  I looked into doing this when we moved from
1.2 remember.

The whole point of shifting to a block based templating system fixes this
issue as you alter the code to return single/multiple blocks within
wrappers, all of which can be nested.  This FIXES this issue.  Think about
how recursive calcualting and displaying a forum is, which is why phpBB2
went down this path.

 > Yes, I know. And I seem to remember that we came to the conclusion that
 > replacing the template system with something that is not compatible is
 > not an option.

I fully understand where you're coming from, but I must disagree.  It *IS*
an option; it is just not an easy one.  I believe I offered a solution to a
problem which currently has no other solution, a problem which has haunted
the project since we half-implemented our first template system.  And until
we bite the bullet and accept that something as serious as the way we
display a site is fixed, it will continue to hamper us - both as site owners
and as developers.

I'll shut up now, but I can't help wonder how not fixing this problem will
help - painful as it is.

Regards

Mark Limburg

Operations Support Team Leader
Information Services
BAE SYSTEMS Australia



From tony at tonybibbs.com  Wed Jun 18 10:02:24 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Jun 2003 09:02:24 -0500
Subject: [geeklog-devel] gforge up
In-Reply-To: <20030617225706.12845@smtp.haun-online.de>
References: <3EEF7677.7020801@tonybibbs.com> <20030617225706.12845@smtp.haun-online.de>
Message-ID: <3EF070F0.8080207@tonybibbs.com>

I absolutely agree.  Actually, if you looked at the Geeklog 2 project I 
was trying to enter in some real data in the task section (btw, the 
gantt chart stuff is sweet).

I have set up your account as an admin so you should be able to do 
testing with real data.

--Tony

Dirk Haun wrote:
> Tony,
> 
> 
>>Dirk, if I 
>>could have you create an acccount and email me your username/password, I 
>>will set you up as an admin and we'll see if they've fixed enough bugs 
>>to get off of SF.net altogether.
> 
> 
> My username is "dhaun", as usual :-)
> 
> 
> 
>>Oh, FYI, I already created a Geeklog 2 project and if our initial tests 
>>show it is stable enough we can have third party GL products hosted 
>>there as well.
> 
> 
> Wouldn't it make more sense to test it on some real data, i.e. set up a
> Geeklog 1 project and move some of the bug reports over from sf.net? Or
> should I just play around with it a bit and you're resetting the database
> should we decide to stay with it?
> 
> bye, Dirk
> 
> 



From tony at tonybibbs.com  Wed Jun 18 10:38:37 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Jun 2003 09:38:37 -0500
Subject: [geeklog-devel] gforge cont'd (Mark L. please read too)
Message-ID: <3EF0796D.1050909@tonybibbs.com>

Vinny and Dwight, I have set you both up on the Geeklog 2 project.  On 
"My Page" you should see it.  I hope to get more tasks entered in so 
that a to-do list is generated for you both (myself included)

Mark, get signed up and let me know when you are done and I can get you 
started as well.

--Tony



From dirk at haun-online.de  Wed Jun 18 11:21:10 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Jun 2003 17:21:10 +0200
Subject: [geeklog-devel] gforge up
In-Reply-To: <3EF070F0.8080207@tonybibbs.com>
References: <3EF070F0.8080207@tonybibbs.com>
Message-ID: <20030618152110.24091@smtp.haun-online.de>

Tony Bibbs <tony at tonybibbs.com> wrote:

>I have set up your account as an admin so you should be able to do 
>testing with real data.

Well, I'm not too impressed. The first bug report I tried to enter resulted in

ERROR

Artifact:

... and that was all :-(

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From dirk at haun-online.de  Wed Jun 18 11:35:36 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Jun 2003 17:35:36 +0200
Subject: [geeklog-devel] gforge up
In-Reply-To: <20030618152110.24091@smtp.haun-online.de>
References: <20030618152110.24091@smtp.haun-online.de>
Message-ID: <20030618153536.31863@smtp.haun-online.de>

I wrote:

>ERROR
>
>Artifact:
>
>... and that was all :-(

It doesn't seem to like single quotes ... Tony, any options for this?

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From tony at tonybibbs.com  Wed Jun 18 11:35:52 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Jun 2003 10:35:52 -0500
Subject: [geeklog-devel] gforge up
In-Reply-To: <20030618152110.24091@smtp.haun-online.de>
References: <3EF070F0.8080207@tonybibbs.com> <20030618152110.24091@smtp.haun-online.de>
Message-ID: <3EF086D8.5010904@tonybibbs.com>

i noticed a bug sitewide, any ' will kill the save.  Thus "don't" will 
not work.  I'm not sure if it is a PHP setting they expect or what.

I just added one OK.

--Tony

Dirk Haun wrote:
> Tony Bibbs <tony at tonybibbs.com> wrote:
> 
> 
>>I have set up your account as an admin so you should be able to do 
>>testing with real data.
> 
> 
> Well, I'm not too impressed. The first bug report I tried to enter resulted in
> 
> ERROR
> 
> Artifact:
> 
> ... and that was all :-(
> 
> bye, Dirk
> 
> 



From tony at tonybibbs.com  Wed Jun 18 12:13:21 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Jun 2003 11:13:21 -0500
Subject: [geeklog-devel] GL2 and coder apathy
In-Reply-To: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com>
References: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED3D@sbw2ex1.au.baesystems.com>
Message-ID: <3EF08FA1.5090002@tonybibbs.com>

Mark, check your email, you should join http://project2.geeklog.net (if 
the DNS doesn't work please wait a day or so)

--Tony

LIMBURG, Mark wrote:
> Howdy
> 
> I won't bother to quote anyone, I'm sure we all read the list.
> 
> I got out of core GL coding because it was over my head - simple as that.
> GL1.3.x I can understand, and although I had a bunch of different opinions
> on what and how to implement parts of GL, we still worked together and
> pretty well I might add.  This was why I was interested in the 1.3.x
> codebase.  
> 
> I am HIGHLY interested in the 2.x codebase, but I just don't get it.  I've
> tried to read it a few times, and I get lost in the methodology and object
> level coding.  It's not something I've done before, at all .. so it's a
> little hard to feel that I can make a contribution.  I really wish I could,
> as although I've been playing with tikiwiki and phpbb2, I do think GL2 has
> the best aim on what is needed and how to get there.  As such, I've reverted
> into lurk mode, hoping GL2 gets to the point where I *can* help out ... with
> themes, modules, and the whole user interface issue.
> 
> I *really* want to help, I just don't know how ...
> 
> Mark Limburg
> 
> Operations Support Team Leader
> Information Services
> BAE SYSTEMS Australia
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From tony at tonybibbs.com  Wed Jun 18 13:42:26 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Jun 2003 12:42:26 -0500
Subject: [geeklog-devel] gforge and cvs support
Message-ID: <3EF0A482.3090706@tonybibbs.com>

FYI, I will probably not include the automated CVS support into Gforge. 
   They recommend running CVS seperate from the rest of the site because 
of the danger of the cron scripts.  You can get around that if you 
manage CVS manually.  Or, if you prefer, I do have dual Pentium Pro 
machine that could be RAID5'd that is doing nothing for CVS.  It 
wouldn't take much to get it up and running.

For clarity, gForge supports automatic repository creation and cvs 
viewer integration.  Right now they require cvsweb but I am looking into 
hacking support for Chora since I prefer PHP over perl

--Tony



From tony at tonybibbs.com  Fri Jun 20 15:20:05 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 20 Jun 2003 14:20:05 -0500
Subject: [geeklog-devel] ACL follow-up
Message-ID: <3EF35E65.7030707@tonybibbs.com>

Vinny, I think I'm right on with you on the ACL system.  However, one 
point of disagreement is that notion you support that EDIT + ADMIN = 
OWNER.  That isn't true, we should track the creator of the item as the 
owner. Ok, wait, now that I actually read the SQL you gave, you do have 
a uid field so I have to assume you are tracking it as I suggested. 
Never mind ;-)

Now, to adequately address the real possibility of having multiple ACL's 
let me give a high level objet model:

ACL_Factory: Class that creates ACL libraries on the fly.  The specific 
ACL system to use is determined by a config.php setting.  All this 
object does is instantiate the right ACL system and returns it.

BaseACL: Abstract class (not instantiated directly) that all ACL systems 
inherit from.  The methods here would be similar to the ones found in GL 
1.3.x's lib-security.php (i.e. getUserGroups, inGroup, hasAccess, 
getUserPermissions, etc).

Default_ACL: This extends BaseACL by implementing the system that Vinny 
is talking about.

For those who care, using the factory design pattern now lets you 
implement any ACL system  All it has to do is inherit from BaseACL.  The 
data model vinny is proposing seems to me to be generic enough to handle 
any ACL system.  Only thing I am fuzzy on is how you plan on tying 
people to groups and groups to groups?  The same way as 1.3.x does?

--Tony


Vinny's Original Post
-------------------------

Date: Tue, 17 Jun 2003 10:27:39 -0400
From: Vincent Furia <vmf at abtech.org>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] Geeklog2 -- ACLs
Reply-To: geeklog-devel at lists.geeklog.net

THE SYSTEM

For Geeklog2, I propose expanding the existing unix-like item permission
system into a full fledged ACL system.  The sql below (created for
MySQL) describes two tables and some data used to demonstrate some
sample queries.  The data loaded below includes three 'items' (which, in
the context of geeklog, could be articles, polls, links, etc).  It also
contains two users: 1, 2 and two groups: 1, 2.  A couple of important
things to note about these tables.  First, no permissions data is kept
within the items table.  Second, 'item' is a foreign key within the acl
table that links to 'item' in the items table.

I've choosen to use the following the access rights, each right
represented by one bit in a bit field.
List - 1:  The user has permission to list this item.
Read - 2:  The user has permission to read or view this item.
Write - 4:  The user has permission to append or edit this item.
Delete - 8:  The user has permission to delete or remove this item.
Admin - 16:  The user has permission to controll access to this item.

These rights are just an initial idea of the rights usually associated
with ACLs.  Of course these rights should be edited and/or added to.

To make the manipulation of the rights easier, we can assign a php
constant to each access level.  These constants then can be bitwise
And'd (&) or Or'd (|) to produce complex set of permissions.  Below I
will refer to these constants as LIST, READ, WRITE, DELETE, ADMIN.  I
will also define the composite acess levels:  LOOK as (LIST & READ);
EDIT as (LOOK & WRITE & DELETE); OWNER as (EDIT & ADMIN).

HOW IT WILL WORK

In the code:
Implementing look-ups using this system is pretty straight forward.  For
instance, to list all the items that a user has LOOK access to, I'd use
the following query:
SELECT items.* FROM acl, items WHERE items.item = acl.item AND ((acl.uid
= <userid> OR acl.gid IN (<user_group_membership>)) AND (acl.access &
LOOK)) GROUP BY items.item;

To get all the access rights a user has for an item, use this:
SELECT BIT_OR(acl.access), items.item FROM acl, items WHERE items.item =
acl.item AND items.item = <item> AND (acl.uid = <userid> OR acl.gid IN
(<user_group_membership)) GROUP BY items.item.

This code may seem complex but consider that, like in 1.3.x (though not
fully utilized there), much of the SQL involved in fetching permissions
can be generated by functions.

In the GUI:
Initially the GUI for access/permission to items can stay exactly the
same as it is currently in 1.3.x.  It should be clear that by having
four (4) rows in the acl table for each item (one each for anonymous,
members, group, and owner) we can perfectly simulate the current unix
like access that 1.3.x provides.

In the long run, we can expand the capabilities of Geeklog through
modifications to the GUI.  These additions can be as simple or as
complex as needed for a given task, and is only really limited by our
imagination and ingenuity.

WHY?

Finer control.  As Tony pointed out in IRC, the finer control would only
be usefull to about 10% (or less) of the users of geeklog.  However, for
those users, this finer level of control could be very usefull.   We can
potentially leverage ACLs to give GL2 real potential in the corporate
CMS market place.

<management BS>
Geeklog has, since its inception, been a leader in security among peer
software.  Geeklog's access control system in particular is the most
powerfull of any competing software [that I know of].  To maintain this
dominance and the advantages of the reputation that goes with it, I
think it is necessary to expand beyond the status quo and set a new bar
for security.  I believe ACLs can get us there.
</management BS>

Finally, the 'coolness' factor.  ACLs will be fun to implement and
provide a set of managable challenges that will keep us developers
interested (well, certainly myself).  Also we'll really be taking
advantage of the power that relational databases provide.

FUTURE EXPANSION

What I have described above (and below in the SQL) is a fairly basic
implementation of ACLs.  To have a more complex implementation, and
hence finer control over access to items, it would be possible to add a
"negative rights table".  This table would be used, once access rights
for a user (and the groups he is a member of) is determined to
afterwards limit that users access based on his user id and group
memberships.  One example of usefullness for this is if you have a group
you want to grant access to item A, but there is a member of that group
(user 1) that you don't want to have the same access.  You could reduce
that users access by adding the user and the access you wish to restrict
to the "negative rights table".

The complexity of implementing this, in addition to the basic ACL tasks
described above makes me hesitant to make this part of the initial
requirements/release of GL2.  However, adding it in the future would be
possible without side effects to the permissions (ACLs) on items that
would be established prior to the negative rights implementation and
release.

CONCLUSION

I encourage feed-back.  Even simply 'yea, nay' type feedback would be
helpfull.  But suggestions to improve or refine this schema for access
control would be especially welcome.  I hope, within the next week, to
take this post (appended with any responses) and post to geeklog.net
under the Geeklog2 topic.  So please take a few minutes in the next
couple days (the sooner the better) to grok and respond.

Thanks,
Vinny

P.S.  I looked around the web for a decent, generic description of what
an ACL does.  My googling only came up with links to cisco, linux and
afs implementations (and one php implementation) of ACLs.  If someone
can find a generic link and post it, I'd be appreciative.

----BEGIN FILE ACL.SQL----

CREATE TABLE acl (
     id mediumint(8) AUTO_INCREMENT PRIMARY KEY,
     item varchar(20) NOT NULL,
     uid mediumint(8),
     gid mediumint(8),
     access smallint(8) NOT NULL DEFAULT 0,
     INDEX item_idx (item),
     INDEX uid_idx (uid),
     INDEX gui_idx (gid)
);

CREATE TABLE items (
     id mediumint(8) AUTO_INCREMENT PRIMARY KEY,
     item varchar(20) UNIQUE NOT NULL,
     data text
);

INSERT INTO items (item, data) VALUES ('one', 'this is just an exmple');
INSERT INTO items (item, data) VALUES ('two', 'this is just another
exmple');
INSERT INTO items (item, data) VALUES ('three', 'this is just one more
exmple');


INSERT INTO acl (item, uid, access) VALUES ('one', 1, 15);
INSERT INTO acl (item, uid, access) VALUES ('two', 1, 15);
INSERT INTO acl (item, uid, access) VALUES ('one', 2, 15);
INSERT INTO acl (item, uid, access) VALUES ('three', 3, 15);
INSERT INTO acl (item, gid, access) VALUES ('one', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('two', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('three', 1, 5);
INSERT INTO acl (item, gid, access) VALUES ('two', 2, 1);

----END FILE ACL.SQL----



From tony at tonybibbs.com  Mon Jun 23 09:00:22 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 23 Jun 2003 08:00:22 -0500
Subject: [geeklog-devel] [Fwd: MacWorld article]
Message-ID: <3EF6F9E6.9050504@tonybibbs.com>


-------- Original Message --------
Subject: MacWorld article
Date: Sun, 22 Jun 2003 10:36:50 -0700
From: Kurt von Finck <kvonfinck at techtracker.com>
To: tony at tonybibbs.com
CC: Marc von Ahn <mvonahn at techtracker.com>

Tony,

If Scot already e-mailed this to you, sorry for the dupe.

His MacWorld blogging article is on newsstands, and an abridged form
(no sidebars, graphics etc etc) can be found at

http://www.macworld.com/2003/07/features/putweblogstowork/

Two really nice quotes:

"To help you find the system that best matches your needs, we examined
some important factors involved in buying decisions, and then we
applied them to seven of the top Weblog systems: Pyra Labs' Blogger
Pro, the open-source GeekLog 1.3.7, Lifli Software's iBlog 1.2.5, the
open-source LiveJournal, Six Apart's Movable Type 2.63, pMachine's
pMachine Pro 2.2.1, and UserLand Software's Radio 8.0. With the
exception of GeekLog (which is completely free) and Radio (which costs
$40 per year), all of these tools are available in free and paid
versions."

Nice this is in the first couple of paragraphs. The price may make up
some people's minds in the first 2 minutes! :)

"If building a thriving online community is your main priority, GeekLog
and LiveJournal offer the fullest set of collaborative features. Of the
two, GeekLog is more powerful and offers more features, but it also
requires more technical skill to operate."

I dunno if you have an OSX dev environment but it might be wise to
think about one. Here they come...

:)

./k

-----

Kurt von Finck
Community Director

TechTracker Inc.
55 SW Yamhill - Third Floor
Portland, OR  97204

503 227 2571 x271

kvonfinck at techtracker.com



From me at jasonwhittenburg.com  Mon Jun 23 09:22:44 2003
From: me at jasonwhittenburg.com (Jason Whittenburg)
Date: Mon, 23 Jun 2003 09:22:44 -0400
Subject: [geeklog-devel] [Fwd: MacWorld article]
In-Reply-To: <3EF6F9E6.9050504@tonybibbs.com>
Message-ID: <WM83562E5184BE4bab9F83258D5E34AD33@jasonwhittenburg.com>

 
Here is my install wizard I wrote a while back.  It's 90% done.  If someone
wants to finish it, we could eliminate part of that "Hard to set up" quote!
:-)

-Jason

-- 
Jason Whittenburg, Sr
Web: http://jasonwhittenburg.com
AIM: jwhitten00
ICQ: 9012034
MSN: jason at whittenburgs.com 

-----Original Message-----
From: geeklog-devel-admin at lists.geeklog.net
[mailto:geeklog-devel-admin at lists.geeklog.net] On Behalf Of Tony Bibbs
Sent: Monday, June 23, 2003 9:00 AM
To: Geeklog



-------- Original Message --------
Subject: MacWorld article
Date: Sun, 22 Jun 2003 10:36:50 -0700
From: Kurt von Finck <kvonfinck at techtracker.com>
To: tony at tonybibbs.com
CC: Marc von Ahn <mvonahn at techtracker.com>

Tony,

If Scot already e-mailed this to you, sorry for the dupe.

His MacWorld blogging article is on newsstands, and an abridged form (no
sidebars, graphics etc etc) can be found at

http://www.macworld.com/2003/07/features/putweblogstowork/

Two really nice quotes:

"To help you find the system that best matches your needs, we examined some
important factors involved in buying decisions, and then we applied them to
seven of the top Weblog systems: Pyra Labs' Blogger Pro, the open-source
GeekLog 1.3.7, Lifli Software's iBlog 1.2.5, the open-source LiveJournal,
Six Apart's Movable Type 2.63, pMachine's pMachine Pro 2.2.1, and UserLand
Software's Radio 8.0. With the exception of GeekLog (which is completely
free) and Radio (which costs $40 per year), all of these tools are available
in free and paid versions."

Nice this is in the first couple of paragraphs. The price may make up some
people's minds in the first 2 minutes! :)

"If building a thriving online community is your main priority, GeekLog and
LiveJournal offer the fullest set of collaborative features. Of the two,
GeekLog is more powerful and offers more features, but it also requires more
technical skill to operate."

I dunno if you have an OSX dev environment but it might be wise to think
about one. Here they come...

:)

./k

-----

Kurt von Finck
Community Director

TechTracker Inc.
55 SW Yamhill - Third Floor
Portland, OR  97204

503 227 2571 x271

kvonfinck at techtracker.com

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: install-geeklog.php
Type: a/octet-stream
Size: 19577 bytes
Desc: not available
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20030623/712adcc2/attachment.bin>

From tony at tonybibbs.com  Mon Jun 23 09:29:12 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 23 Jun 2003 08:29:12 -0500
Subject: [geeklog-devel] [Fwd: MacWorld article]
In-Reply-To: <WM83562E5184BE4bab9F83258D5E34AD33@jasonwhittenburg.com>
References: <WM83562E5184BE4bab9F83258D5E34AD33@jasonwhittenburg.com>
Message-ID: <3EF700A8.6070001@tonybibbs.com>

Hey Dirk, any reason we shouldn't include this in one of the upcoming 
releases?  Not 1.3.8 but maybe 1.3.9?

--Tony

Jason Whittenburg wrote:
>  
> Here is my install wizard I wrote a while back.  It's 90% done.  If someone
> wants to finish it, we could eliminate part of that "Hard to set up" quote!
> :-)
> 
> -Jason
> 



From dirk at haun-online.de  Mon Jun 23 16:18:34 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 23 Jun 2003 22:18:34 +0200
Subject: [geeklog-devel] Getting there ...
Message-ID: <20030623201834.23250@smtp.haun-online.de>

Okay, I think we're finally getting there ... some more testing, updating
the documentation - and 1.3.8rc1 would finally be ready to go.

Tony, am I right in assuming that we're just leaving search as it is in
CVS right now? Deferring any further changes to 1.3.9 - and maybe picking
up whatever Rob comes up with until then ...

Since GForge is looking good, I think this would be a good time to switch
over from Sourceforge. So any bug reports and feature request for
1.3.8rc1 could already go into our GForge installation. Okay?

Anything else that I'm missing?

bye, Dirk

P.S. Notice that I did not give any timeframe ;-)


-- 
http://www.haun-online.de/
http://www.tinyweb.de/



From tony at tonybibbs.com  Mon Jun 23 16:25:42 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 23 Jun 2003 15:25:42 -0500
Subject: [geeklog-devel] Getting there ...
In-Reply-To: <20030623201834.23250@smtp.haun-online.de>
References: <20030623201834.23250@smtp.haun-online.de>
Message-ID: <3EF76246.5010807@tonybibbs.com>

Yeah, search is feature complete with 1.3.7x.  Was highlighting in .7? 
If not, I think it is good enought to be included in .8, I just need to 
chase down two bugs that Rob found and mvohnan subsequently fixed.

I will cut over the gforge site ASAP.  I need to get a different image 
for the home page, add a new GL logo (does Simon have one?) and update 
some of the wording.

I will let you know when my updates are done.

--Tony

Dirk Haun wrote:
> Okay, I think we're finally getting there ... some more testing, updating
> the documentation - and 1.3.8rc1 would finally be ready to go.
> 
> Tony, am I right in assuming that we're just leaving search as it is in
> CVS right now? Deferring any further changes to 1.3.9 - and maybe picking
> up whatever Rob comes up with until then ...
> 
> Since GForge is looking good, I think this would be a good time to switch
> over from Sourceforge. So any bug reports and feature request for
> 1.3.8rc1 could already go into our GForge installation. Okay?
> 
> Anything else that I'm missing?
> 
> bye, Dirk
> 
> P.S. Notice that I did not give any timeframe ;-)
> 
> 



From vmf at abtech.org  Mon Jun 23 16:39:47 2003
From: vmf at abtech.org (Vincent Furia)
Date: Mon, 23 Jun 2003 16:39:47 -0400
Subject: [geeklog-devel] ACL follow-up
In-Reply-To: <3EF35E65.7030707@tonybibbs.com>
References: <3EF35E65.7030707@tonybibbs.com>
Message-ID: <3EF76593.1070805@abtech.org>

Before I posted to all this to the web site.  I just wanted to respond 
to Tony's input and questions and make sure no one else has anything 
else to say.  If not I'll try to get this up on geeklog.net tomorrow. 
I'll embed furhter comments in Tony's email below:

Tony Bibbs wrote:
> Vinny, I think I'm right on with you on the ACL system.  However, one 
> point of disagreement is that notion you support that EDIT + ADMIN = 
> OWNER.  That isn't true, we should track the creator of the item as the 
> owner. Ok, wait, now that I actually read the SQL you gave, you do have 
> a uid field so I have to assume you are tracking it as I suggested. 
> Never mind ;-)
> 
I think that "author" (the original creator of the item) should be 
stored by the item along with any other information.  My reference to 
OWNER above is more like being the owner of a file under unix.  The 
owner has a large amount of control over the file.  The big difference 
is that this ACL scheme could support multiple owners for a single item.

> Now, to adequately address the real possibility of having multiple ACL's 
> let me give a high level objet model:
> 
> ACL_Factory: Class that creates ACL libraries on the fly.  The specific 
> ACL system to use is determined by a config.php setting.  All this 
> object does is instantiate the right ACL system and returns it.
This might be over kill, a simple configuration variable pointing to the 
version of BaseACL you wish to use would probably be sufficient.  But if 
you'd prefer to go this I don't see any obsticles.

> 
> BaseACL: Abstract class (not instantiated directly) that all ACL systems 
> inherit from.  The methods here would be similar to the ones found in GL 
> 1.3.x's lib-security.php (i.e. getUserGroups, inGroup, hasAccess, 
> getUserPermissions, etc).
Always a good idea in OOP programming.

> 
> Default_ACL: This extends BaseACL by implementing the system that Vinny 
> is talking about.
Cool.

> 
> For those who care, using the factory design pattern now lets you 
> implement any ACL system  All it has to do is inherit from BaseACL.  The 
> data model vinny is proposing seems to me to be generic enough to handle 
> any ACL system.  Only thing I am fuzzy on is how you plan on tying 
> people to groups and groups to groups?  The same way as 1.3.x does?

I was under the impression that the A&A module would handle getting the 
user and group info, however and where ever they may be stored.  For 
whichever parts I'm wrong on this, current 1.3.x handling of group 
membership would be sufficient.  I might add that a well though out set 
of access rights would mean we could get rid of about 75% of the 1.3.x 
"rights".  The remaining rights (such as story.submit, comment.delete, 
etc) could be considered items under ACL control.

> 
> --Tony
> 
> 

--Vinny



From tony at tonybibbs.com  Mon Jun 23 16:46:00 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 23 Jun 2003 15:46:00 -0500
Subject: [geeklog-devel] ACL follow-up
In-Reply-To: <3EF76593.1070805@abtech.org>
References: <3EF35E65.7030707@tonybibbs.com> <3EF76593.1070805@abtech.org>
Message-ID: <3EF76708.20308@tonybibbs.com>

Right, when you log in, all the groups and permissions you have would go 
back to the calling application and stored in a user object that is 
persisted in the session.  That said, the SEC_inGroup, SEC_hasAccess 
type functions are actually part of the A&A client only.  The server is 
only concerned with returning the values for a given user on a given 
application.

I think we are on the same page here.  I will start making the changes. 
  Dwight, you may want to update the datamodels accordingly (or do you 
want me to do it?).

--Tony

Vincent Furia wrote:
> Before I posted to all this to the web site.  I just wanted to respond 
> to Tony's input and questions and make sure no one else has anything 
> else to say.  If not I'll try to get this up on geeklog.net tomorrow. 
> I'll embed furhter comments in Tony's email below:
> 
> Tony Bibbs wrote:
> 
>> Vinny, I think I'm right on with you on the ACL system.  However, one 
>> point of disagreement is that notion you support that EDIT + ADMIN = 
>> OWNER.  That isn't true, we should track the creator of the item as 
>> the owner. Ok, wait, now that I actually read the SQL you gave, you do 
>> have a uid field so I have to assume you are tracking it as I 
>> suggested. Never mind ;-)
>>
> I think that "author" (the original creator of the item) should be 
> stored by the item along with any other information.  My reference to 
> OWNER above is more like being the owner of a file under unix.  The 
> owner has a large amount of control over the file.  The big difference 
> is that this ACL scheme could support multiple owners for a single item.
> 
>> Now, to adequately address the real possibility of having multiple 
>> ACL's let me give a high level objet model:
>>
>> ACL_Factory: Class that creates ACL libraries on the fly.  The 
>> specific ACL system to use is determined by a config.php setting.  All 
>> this object does is instantiate the right ACL system and returns it.
> 
> This might be over kill, a simple configuration variable pointing to the 
> version of BaseACL you wish to use would probably be sufficient.  But if 
> you'd prefer to go this I don't see any obsticles.
> 
>>
>> BaseACL: Abstract class (not instantiated directly) that all ACL 
>> systems inherit from.  The methods here would be similar to the ones 
>> found in GL 1.3.x's lib-security.php (i.e. getUserGroups, inGroup, 
>> hasAccess, getUserPermissions, etc).
> 
> Always a good idea in OOP programming.
> 
>>
>> Default_ACL: This extends BaseACL by implementing the system that 
>> Vinny is talking about.
> 
> Cool.
> 
>>
>> For those who care, using the factory design pattern now lets you 
>> implement any ACL system  All it has to do is inherit from BaseACL.  
>> The data model vinny is proposing seems to me to be generic enough to 
>> handle any ACL system.  Only thing I am fuzzy on is how you plan on 
>> tying people to groups and groups to groups?  The same way as 1.3.x does?
> 
> 
> I was under the impression that the A&A module would handle getting the 
> user and group info, however and where ever they may be stored.  For 
> whichever parts I'm wrong on this, current 1.3.x handling of group 
> membership would be sufficient.  I might add that a well though out set 
> of access rights would mean we could get rid of about 75% of the 1.3.x 
> "rights".  The remaining rights (such as story.submit, comment.delete, 
> etc) could be considered items under ACL control.
> 
>>
>> --Tony
>>
>>
> 
> --Vinny
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From dirk at haun-online.de  Mon Jun 23 16:48:24 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 23 Jun 2003 22:48:24 +0200
Subject: [geeklog-devel] Getting there ...
In-Reply-To: <3EF76246.5010807@tonybibbs.com>
References: <3EF76246.5010807@tonybibbs.com>
Message-ID: <20030623204824.3728@smtp.haun-online.de>

Tony Bibbs <tony at tonybibbs.com> wrote:

>Was highlighting in .7?

No.

I think the Clean and Gameserver themes are missing the CSS for the
highlighting, but I can add that.

 
>If not, I think it is good enought to be included in .8, I just need to 
>chase down two bugs that Rob found and mvohnan subsequently fixed.

Yeah, I remember ... Okay, we need that, too.

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From slord at marelina.com  Mon Jun 23 17:06:31 2003
From: slord at marelina.com (Simon lord)
Date: Mon, 23 Jun 2003 17:06:31 -0400
Subject: [geeklog-devel] Getting there ...
In-Reply-To: <20030623204824.3728@smtp.haun-online.de>
Message-ID: <90872DAF-A5BE-11D7-B1BF-003065C030F2@marelina.com>

But that was just a hack wasn't it?  That version did not have boolean 
searches etc.  This is not the version Tony was working on and is 
partially implemented in CVS?

On Monday, June 23, 2003, at 04:48 PM, Dirk Haun wrote:

> Tony Bibbs <tony at tonybibbs.com> wrote:
>
>> Was highlighting in .7?
>
> No.
>
> I think the Clean and Gameserver themes are missing the CSS for the
> highlighting, but I can add that.
>
>
>> If not, I think it is good enought to be included in .8, I just need 
>> to
>> chase down two bugs that Rob found and mvohnan subsequently fixed.
>
> Yeah, I remember ... Okay, we need that, too.
>
> bye, Dirk
>
>
> -- 
> http://www.haun-online.de/
> http://geeklog.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
>
Sincerely,
Simon



From dwight at trumbower.com  Mon Jun 23 17:07:31 2003
From: dwight at trumbower.com (Dwight Trumbower)
Date: Mon, 23 Jun 2003 16:07:31 -0500
Subject: [geeklog-devel] ACL follow-up
In-Reply-To: <3EF76708.20308@tonybibbs.com>
References: <3EF76593.1070805@abtech.org>
 <3EF35E65.7030707@tonybibbs.com>
 <3EF76593.1070805@abtech.org>
Message-ID: <6.0.0.9.0.20030623160646.01c63910@localhost>

I should be able to do it. Wednesday night I hope to be geeklog night.



At 03:46 PM 6/23/2003, you wrote:
>Right, when you log in, all the groups and permissions you have would go 
>back to the calling application and stored in a user object that is 
>persisted in the session.  That said, the SEC_inGroup, SEC_hasAccess type 
>functions are actually part of the A&A client only.  The server is only 
>concerned with returning the values for a given user on a given application.
>
>I think we are on the same page here.  I will start making the 
>changes.  Dwight, you may want to update the datamodels accordingly (or do 
>you want me to do it?).
>
>--Tony
>
>Vincent Furia wrote:
>>Before I posted to all this to the web site.  I just wanted to respond to 
>>Tony's input and questions and make sure no one else has anything else to 
>>say.  If not I'll try to get this up on geeklog.net tomorrow. I'll embed 
>>furhter comments in Tony's email below:
>>Tony Bibbs wrote:
>>
>>>Vinny, I think I'm right on with you on the ACL system.  However, one 
>>>point of disagreement is that notion you support that EDIT + ADMIN = 
>>>OWNER.  That isn't true, we should track the creator of the item as the 
>>>owner. Ok, wait, now that I actually read the SQL you gave, you do have 
>>>a uid field so I have to assume you are tracking it as I suggested. 
>>>Never mind ;-)
>>I think that "author" (the original creator of the item) should be stored 
>>by the item along with any other information.  My reference to OWNER 
>>above is more like being the owner of a file under unix.  The owner has a 
>>large amount of control over the file.  The big difference is that this 
>>ACL scheme could support multiple owners for a single item.
>>
>>>Now, to adequately address the real possibility of having multiple ACL's 
>>>let me give a high level objet model:
>>>
>>>ACL_Factory: Class that creates ACL libraries on the fly.  The specific 
>>>ACL system to use is determined by a config.php setting.  All this 
>>>object does is instantiate the right ACL system and returns it.
>>This might be over kill, a simple configuration variable pointing to the 
>>version of BaseACL you wish to use would probably be sufficient.  But if 
>>you'd prefer to go this I don't see any obsticles.
>>
>>>
>>>BaseACL: Abstract class (not instantiated directly) that all ACL systems 
>>>inherit from.  The methods here would be similar to the ones found in GL 
>>>1.3.x's lib-security.php (i.e. getUserGroups, inGroup, hasAccess, 
>>>getUserPermissions, etc).
>>Always a good idea in OOP programming.
>>
>>>
>>>Default_ACL: This extends BaseACL by implementing the system that Vinny 
>>>is talking about.
>>Cool.
>>
>>>
>>>For those who care, using the factory design pattern now lets you 
>>>implement any ACL system  All it has to do is inherit from BaseACL.
>>>The data model vinny is proposing seems to me to be generic enough to 
>>>handle any ACL system.  Only thing I am fuzzy on is how you plan on 
>>>tying people to groups and groups to groups?  The same way as 1.3.x does?
>>
>>I was under the impression that the A&A module would handle getting the 
>>user and group info, however and where ever they may be stored.  For 
>>whichever parts I'm wrong on this, current 1.3.x handling of group 
>>membership would be sufficient.  I might add that a well though out set 
>>of access rights would mean we could get rid of about 75% of the 1.3.x 
>>"rights".  The remaining rights (such as story.submit, comment.delete, 
>>etc) could be considered items under ACL control.
>>
>>>
>>>--Tony
>>>
>>--Vinny
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>



From dirk at haun-online.de  Tue Jun 24 08:32:15 2003
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 24 Jun 2003 14:32:15 +0200
Subject: [geeklog-devel] Getting there ...
In-Reply-To: <3EF76246.5010807@tonybibbs.com>
References: <3EF76246.5010807@tonybibbs.com>
Message-ID: <20030624123215.25440@smtp.haun-online.de>

Tony Bibbs <tony at tonybibbs.com> wrote:

>I will cut over the gforge site ASAP.  I need to get a different image 
>for the home page, add a new GL logo (does Simon have one?) and update 
>some of the wording.

Yeah, remove the GForge references from the sidebar as well as the
"prodigy" from the page title.

Also, new user registration emails refer to "prodigy" all over the place ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.macosx-faq.de/



From geeklog at langfamily.ca  Thu Jun 26 22:16:17 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Thu, 26 Jun 2003 22:16:17 -0400
Subject: [geeklog-devel] Javascript Functions
Message-ID: <000901c33c52$178a24a0$9a0a10ac@xpbl1>

What would be the recommended way to include Javascript functions in
plugins?

1) Have users add the function to the template header.thtml file ?
2) Output it before calling COM_siteHeader - messes up the Tags and HTML
3) Echo out a <head> then the JS script and </head> - Messes up the HTML as
well

Whats the easiest and best way to support this ?
- I suggest we come up with a way to extend COM_siteHeader so that it can be
passed the name of a JS script to include as it's building the header page

BTW:
While looking at COM_siteHeader, I saw that there is the feature to replace
the complete header with your own function. Neat - has anyone seen this
implemented - maybe not because I believe it's broken.

There is a problem is with this code - it's checking for a non-existing
$_CONF variable
    $function = $_CONF['layout'] . '_siteHeader';




From mvonahn at techtracker.com  Fri Jun 27 00:53:32 2003
From: mvonahn at techtracker.com (Marc)
Date: Thu, 26 Jun 2003 21:53:32 -0700
Subject: [geeklog-devel] Javascript Functions
In-Reply-To: <000901c33c52$178a24a0$9a0a10ac@xpbl1>
Message-ID: <4D958801-A85B-11D7-A20D-003065C8311C@techtracker.com>

I use the custom layout site header for VersionTracker 
(http://www.versiontracker.com).  I did need to fix the variable call, 
but other than that it works like a charm.  Go to the versiontracker 
site, select a product, all the feedback is served by GL.


On Thursday, June 26, 2003, at 07:16 PM, Blaine Lang wrote:

> What would be the recommended way to include Javascript functions in
> plugins?
>
> 1) Have users add the function to the template header.thtml file ?
> 2) Output it before calling COM_siteHeader - messes up the Tags and 
> HTML
> 3) Echo out a <head> then the JS script and </head> - Messes up the 
> HTML as
> well
>
> Whats the easiest and best way to support this ?
> - I suggest we come up with a way to extend COM_siteHeader so that it 
> can be
> passed the name of a JS script to include as it's building the header 
> page
>
> BTW:
> While looking at COM_siteHeader, I saw that there is the feature to 
> replace
> the complete header with your own function. Neat - has anyone seen this
> implemented - maybe not because I believe it's broken.
>
> There is a problem is with this code - it's checking for a non-existing
> $_CONF variable
>     $function = $_CONF['layout'] . '_siteHeader';
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From tony at tonybibbs.com  Fri Jun 27 17:54:33 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 27 Jun 2003 16:54:33 -0500
Subject: [geeklog-devel] A&A
Message-ID: <3EFCBD19.5090805@tonybibbs.com>

Vinny,

I was thinking, while I'm poking around with the A&A service, you could 
probably start looking at just the client and figuring out what you will 
need to change to implement your ACL stuff on that end.   I will make 
sure the service gets the groups and permissions to you.  I think all 
the group, permission stuff on the client is probably fine as is, you 
just need to hack up the code pertaining security checks on the items.

Sound good?  Send any questions my way...

--Tony



From geeklog at langfamily.ca  Sat Jun 28 09:46:44 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 28 Jun 2003 09:46:44 -0400
Subject: [geeklog-devel] New Plugin API for extending Header information
Message-ID: <007201c33d7b$b654fa40$9a0a10ac@xpbl1>

We now have PLG_getHeaderCode as a function that is called in
COM_siteHeader. Any plugins can now return information that will be added to
the header.thtml in the <HEAD>{plg_headercode}</HEAD> section.

Adding a check in your plugin function for the source of the script, can
ensure we are only adding the extra information when needed. This is great
to now easily and cleanly add JS functions but could be used to add other
Meta Tags.

Example of a plugin function
--- CODE BEGINS ---

/**
* Returns the items for this plugin that should appear on the main menu
*/
function plugin_getHeaderCode_fmpro()
{
    global $_CONF, $HTTP_SERVER_VARS;

    // Compare actual path to the plugin script that needs this extra
Javascript and header code
    // Sort out any differences in directory slashes
    $ENV_PATH = strtolower(str_replace('\\', '/',
$HTTP_SERVER_VARS['PATH_TRANSLATED']));
    $pluginscript = strtolower(str_replace('\\', '/',$_CONF['path_html'] .
'fmpro/index.php'));

    if ( $ENV_PATH == $pluginscript)   {
        return '<script src="include/TreeMenu.js" language="JavaScript"
type="text/javascript"></script>';
    }

}



From tony at tonybibbs.com  Mon Jun 30 09:43:48 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 30 Jun 2003 08:43:48 -0500
Subject: [geeklog-devel] GL2 and PHP5
Message-ID: <3F003E94.1050308@tonybibbs.com>

Since PHP5 beta 1 is finally out, I think it is now safe to start 
coverting existing GL2 code over.  I'm sure you have all seen the press 
but just in case go here:

http://www.php.net/zend-engine-2.php

Many missing OO features were added (abstract classes, private/protected 
properties and methods, exception handling, interfaces, etc).

I believe it is pretty easy to to modify Apache's configuration file to 
use two versions of PHP (i.e. 4 for 1.3.x stuff and 5 for GL2 stuff).

If any of you already have PHP5 installed I'd be interested to hear 
initial comments.

--Tony



From dwight at trumbower.com  Mon Jun 30 09:51:14 2003
From: dwight at trumbower.com (Dwight Trumbower)
Date: Mon, 30 Jun 2003 08:51:14 -0500
Subject: [geeklog-devel] GL2 and PHP5
In-Reply-To: <3F003E94.1050308@tonybibbs.com>
Message-ID: <6.0.0.9.0.20030630085005.01beeb48@localhost>

When will PHP5 be ready for primetime?
How fast will hosts, go to it?

Seems a little risky to have GL2 based on a version of PHP that the  masses 
won't be using.

Dwight



At 08:43 AM 6/30/2003, you wrote:
>Since PHP5 beta 1 is finally out, I think it is now safe to start 
>coverting existing GL2 code over.  I'm sure you have all seen the press 
>but just in case go here:
>
>http://www.php.net/zend-engine-2.php
>
>Many missing OO features were added (abstract classes, private/protected 
>properties and methods, exception handling, interfaces, etc).
>
>I believe it is pretty easy to to modify Apache's configuration file to 
>use two versions of PHP (i.e. 4 for 1.3.x stuff and 5 for GL2 stuff).
>
>If any of you already have PHP5 installed I'd be interested to hear 
>initial comments.
>
>--Tony
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>



From tony at tonybibbs.com  Mon Jun 30 10:24:06 2003
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 30 Jun 2003 09:24:06 -0500
Subject: [geeklog-devel] GL2 and PHP5
In-Reply-To: <6.0.0.9.0.20030630085005.01beeb48@localhost>
References: <6.0.0.9.0.20030630085005.01beeb48@localhost>
Message-ID: <3F004806.6050005@tonybibbs.com>

Depends on how you look at it.  IMHO, the programming advances in that 
engine and slow development rate of GL2 makes it a prime candidate.  I 
think it's safe to say GL will be lucky to be in beta by the time PHP5 
is out stably.  Also, when you factor in the fact that 1.3.x is around 
still I think we are OK. 

Any other opinions?

--Tony

Dwight Trumbower wrote:

> When will PHP5 be ready for primetime?
> How fast will hosts, go to it?
>
> Seems a little risky to have GL2 based on a version of PHP that the  
> masses won't be using.
>
> Dwight
>
>
>
> At 08:43 AM 6/30/2003, you wrote:
>
>> Since PHP5 beta 1 is finally out, I think it is now safe to start 
>> coverting existing GL2 code over.  I'm sure you have all seen the 
>> press but just in case go here:
>>
>> http://www.php.net/zend-engine-2.php
>>
>> Many missing OO features were added (abstract classes, 
>> private/protected properties and methods, exception handling, 
>> interfaces, etc).
>>
>> I believe it is pretty easy to to modify Apache's configuration file 
>> to use two versions of PHP (i.e. 4 for 1.3.x stuff and 5 for GL2 stuff).
>>
>> If any of you already have PHP5 installed I'd be interested to hear 
>> initial comments.
>>
>> --Tony
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel




From mark.limburg at baesystems.com  Mon Jun 30 21:43:13 2003
From: mark.limburg at baesystems.com (LIMBURG, Mark)
Date: Tue, 1 Jul 2003 11:13:13 +0930 
Subject: [geeklog-devel] 1.3.8 and onwards
Message-ID: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED84@sbw2ex1.au.baesystems.com>

Howdy

Is 1.3.8 (and any other possible bug/security fix releases) the final
release for the 1.3.x codebase?

Regards

Mark Limburg

Operations Support Team Leader
Information Services
BAE SYSTEMS Australia



From geeklog at langfamily.ca  Mon Jun 30 22:15:00 2003
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 30 Jun 2003 22:15:00 -0400
Subject: [geeklog-devel] 1.3.8 and onwards
References: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED84@sbw2ex1.au.baesystems.com>
Message-ID: <001b01c33f76$936ed170$9a0a10ac@xpbl1>

Well,  I have some more enhancements that I'd like to see in 1.3.8 and still
am holding out that they can make it into the final release ;)

So far, this RC is looking good.

Blaine
----- Original Message -----
From: "LIMBURG, Mark" <mark.limburg at baesystems.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Monday, June 30, 2003 9:43 PM
Subject: [geeklog-devel] 1.3.8 and onwards


> Howdy
>
> Is 1.3.8 (and any other possible bug/security fix releases) the final
> release for the 1.3.x codebase?
>
> Regards
>
> Mark Limburg
>
> Operations Support Team Leader
> Information Services
> BAE SYSTEMS Australia
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



From mark.limburg at baesystems.com  Mon Jun 30 22:19:12 2003
From: mark.limburg at baesystems.com (LIMBURG, Mark)
Date: Tue, 1 Jul 2003 11:49:12 +0930 
Subject: [geeklog-devel] 1.3.8 and onwards
Message-ID: <DB7A11EAA82C984BA0CFBA1469E0A45502C8ED86@sbw2ex1.au.baesystems.com>

Howdy

 > From: Blaine Lang [mailto:geeklog at langfamily.ca]
 > 
 > Well,  I have some more enhancements that I'd like to see in 1.3.8 and
 > still am holding out that they can make it into the final release ;)

Dare I ask :)

> So far, this RC is looking good.

Excellent .. I'm going to grab it and give it a kick when I get home
tonight.  Gives me a good excuse to upgrade a few sites I'm still pushing GL
onto ;)

Regards

Mark Limburg

Operations Support Team Leader
Information Services
BAE SYSTEMS Australia