IRC log of #schooltool for Tuesday, 2008-05-06

*** didymo has joined #schooltool09:39
*** alga has joined #SchoolTool12:01
*** lisppaste5 has quit IRC14:04
*** didymo has quit IRC14:16
*** lisppaste5 has joined #schooltool14:20
*** ignas has joined #schooltool14:30
*** th1a has joined #schooltool16:29
th1aHmmm... Took me a few minutes to realize my mouse wasn't working because my usb hub came unplugged...16:29
th1aGood morning folks.16:29
th1aOr ignas, at least.16:30
ignas:)16:30
ignashi16:30
th1aI didn't remind aelkner we were meeting today, and he's got plenty of stuff to do for SLA before they start using interventions tomorrow.16:31
ignasi guess he should concentrate on that then16:31
th1aSo what have you been up to, ignas?16:32
ignasnot too much16:33
ignasmostly bug fixes16:33
*** mgedmin has joined #schooltool16:33
ignasbut as i am going slowly at the moment16:33
ignasi am doing it "the right way"16:33
th1aWhat kind of bugs?16:33
ignasas I want to fix the today and time problems in our system16:33
ignasat least a lot of them16:34
ignasand properly test my term aware calendar overlay portlet16:34
ignasi am working on our pluggable traversers first16:34
ignasthen i will add views that allow full control over time in functional tests16:34
ignaslike setting one fixed date and time in the functional test16:34
ignasto make tests less brittle16:34
ignasand add ability to test "what will happen tomorrow" scenarios in functional tests16:35
ignasand then i will proceed to test the calendar portlet, and start changing datetime.today calls to IDateTimeManager.today calls16:35
th1aOK, I can see where that's necessary, especially for doing general passage of time stuff as well.16:35
ignasbut as most of the last week was a holiday in gere16:35
th1aTerms...16:35
ignasi didn't accomplish that much16:36
th1aI was thinking it must be a holiday.16:36
ignasit was thursday to monday16:36
ignasbut i'll be working this saturday16:36
ignasMay 1st was a holiday, and May 3rd was a holiday that got moved to monday (bank holiday stuff)16:37
th1aHave you looked at Sphinx for documentation?16:37
ignasnot much16:37
ignaslooked at your repository16:37
ignasbut it was mostly bootstrap stuff at that moment16:37
th1aYes.16:37
th1aI need someone else to try it to make sure I didn't forget something.16:38
th1aYou should be able to easy_install Sphinx16:38
th1aand then grab my branch and do 'make html'16:38
ignasemm, i'll look at it16:38
ignasi guess i'll create a small buildout16:39
ignasbecause i don't like easy_installing stuff16:39
th1aI knew you'd say that ;-)16:39
ignasmaybe i'll just package sphinx for ubuntu16:39
th1aBut anyhow, I was thinking that I should just have a cron job or something that pulls updates and makes the html on schooltool.org16:40
th1aThere does seem to be a debian package.16:40
th1aOr a buildbot?16:40
ignasif i'll make it compile i might set up a buildbot for that16:40
ignasso it would get updated every checkin instead of every night16:41
th1aI need to talk to jinty about where to put the html.16:41
th1aSo working on that is the priority for me for a while.16:43
th1aThat's about all I've got.16:43
th1aI'll cc: you on the summary of yesterday's meetings.16:43
ignascool, thanks16:44
th1aAnything else?16:44
ignasnot really16:44
th1aOK.  Have a good week!16:45
ignasthanks, you too16:45
* th1a drops the bag of gravel.16:45
th1aignas & aiste: invoice time again.16:53
Aisteth1a: working on it ;)16:54
*** aelkner has joined #schooltool17:11
aelknerth1a: is the meeting already over?17:13
ignasaelkner: i think so, yes17:13
aelkneri was up really late last night getting ready for SLA today17:14
ignasbut if you have some interesting news...17:14
ignasthough we should wait for Tom i guess17:14
aelknerdid you already meet?17:14
ignasyes, we talked a bit, the meeting was quite short17:15
aelkneri'll check the log17:15
aelknerignas: i saw what you did with the adapter traversals last week17:18
aelknereddectively, you made it do one doesn't have to write their own code17:19
aelknerjust register the traversal adapter17:19
aelknerand teh meta directive uses the same code17:19
aelknereach time17:19
aelkneri love things like that that eliminate code17:19
aelkneryou know, that should be a part of zope's core17:20
th1aI'm here.17:22
aelknerhi, sorry i missed the meeting17:22
aelkneri was exsauted from scramling last night17:22
aelkneri had a really nasty security problem17:23
aelknerwhen i opened up the interventions to all teachers17:23
aelkneri was still getting an unauthorized exception when a teacher visited an exception17:23
aelknerintervention17:23
aelknerthat was for a student that he didn't teach17:23
aelknerdebugging it was really hard, but eventually17:24
aelkneri traced the crowds that returned False17:24
aelknerand noted that tere was a PresonViewInfo (or something like that)17:24
aelknercrowd that was failing17:24
aelkneri finally figured out that i could work around the problem17:25
aelknerby seeting the access control setting 'everyone can view person info'17:25
ignasi'll look at the diff some time soon i guess17:25
ignasoh, i see17:25
aelknerthat will be bad when students start to use the system17:25
aelkneri was going to ask ignas17:26
ignasusually only teachers that are teaching sections to the students17:26
ignasor are leaders of groups students are in17:26
ignasget that permission i think17:26
th1aAh... "everyone" is really everyone, I think.17:26
aelkneryes17:26
th1aMeaning, the public.17:26
aelkneri understood the logic17:26
ignasand I don't think we have advisor crowd17:26
th1aYou'd better check that.17:26
aelknerwe don't17:26
ignaswhich should be used in this case i'd guess17:26
aelknerno17:27
ignasif you could define the teachers that can access the views17:27
aelknerChris wants ANY teacher to see all interventions17:27
ignasi could see how it should be implemented17:27
ignasoh, any teacher17:27
th1aAnyone in the teacher group.17:27
ignashmm, in that case you should just set the crowd "teachers" for views17:27
th1aOr the Administrator group.17:27
ignasand do some remove security proxies17:27
ignason students17:27
ignasbecause you know that anyone who can see the view17:27
ignascan see the information17:28
aelkneri yes, i thought of that17:28
ignasand add a functional test that checks that teachers can see the view17:28
aelknerit just seemed to be a pain to change the views all over the place to remove the security17:28
aelknerbut i could do that17:28
aelknerlaster17:28
aelknerlater17:28
aelkneri already have the test for security for different types of users17:29
aelknerso removing the proxy would work17:29
aelknerit's just a pain17:29
aelknerbecuase i access the student's info in SO many paces17:29
ignasI understand it's a pain, the alternative is a global switch that allows all the teachers see all the students17:29
aelknerplaces17:29
aelkneryes17:29
aelknerthat's what i was getting to17:29
ignasif you think it's a better solution you can do that as well17:30
aelkneri noticed you have an override in basicperson17:30
aelknerfor that crowd17:30
aelknercould i override your override?17:30
ignashmm17:30
ignasnot sure you have to17:30
ignasif you have a functional test17:30
ignasthat works with the "everyone can see students"17:30
ignasi can try and look at it17:31
th1aLegally, in the US, I don't think you can let all teachers see all students' interventions.17:31
ignasand see how to make everything work without checking it17:31
th1aSo I'd be in favor of keeping the current design, even if it is more work for this implementation.17:31
th1aEssentially, if you want to do what Chris wants, you should have to consciously do it.17:32
aelknerif we change nothing17:32
th1aI mean, I'm not saying change nothing.17:32
aelknerwait17:32
aelkneri'm saying17:32
aelknerwe can add a 'teachers can see all studen's info'17:32
aelknerand make it the school's decision17:33
ignasaelkner: by the way17:33
ignasthe override in basicperson17:33
ignasis actually allowing all the teachers see student info17:33
ignasso either you are not including it or something is not working17:34
aelknerthen why did it failing until i set the access control setting?17:34
aelknerthat's the only change i make and it works17:34
ignasbecause either you are not including it in your zcml17:34
ignasor something is broken17:34
aelknerof course i include basicperson17:34
ignasdon't know which one without looking at the issue more closely17:34
aelknerit's part of schooltool2007u17:35
ignasoverrides not just basicperson17:35
ignashmm17:35
ignasi'll have to look at it17:35
aelknerteh override IS in basicperson17:35
th1aafk...17:35
aelknerafk maens?17:35
ignasaway from keyboard17:35
ignasi can see that17:35
ignaswhich is why it seems strange17:36
aelkneranither thing17:36
ignasbut as you have a functional test that reproduces the problem i'll just try playing with it17:36
aelknerthatnks17:36
aelknerlisten17:36
aelkneris there a way to get schooltool to tell us what it failed on17:36
aelknerwhen i put the print statement before the return False17:37
aelknerat the end of the crowds routine17:37
ignasvery difficult17:37
aelknerit traced lke zic different failures17:37
aelknerbecuase i assuume17:37
ignasi really wanted to do that, but i would have to go up the stack17:37
aelknerlots of falures are ok17:37
ignasor do some crazy hack17:37
ignas:/17:37
aelkneri don't think going up the stack is so crazy17:38
ignasit IS crazy17:38
ignasyou are relying not on what you are calling17:38
aelkneri've been wanting to write a routine that goes up the stack17:38
ignasbut on "what is calling you"17:38
aelknerto trace more info of a backtrace17:38
ignasand you should never do that, unless you have a very very good reason17:38
aelknerwhenever a page template calls something that fails17:38
aelknerthe stupod backtrace is NO help17:39
ignasreally?17:39
aelknerjust twenty calls within the template routines17:39
aelknerbut no id of what template17:39
ignasoh17:39
ignasthat part17:39
aelkneror what part of the templare17:39
ignasyou just do a hack17:39
ignasin your functional test17:39
ignas2 lines of code17:39
ignaslet me link to them17:39
ignashttp://alga42.blogspot.com/2007/04/debugging-page-templates-in-doctests.html17:40
ignasand you get the traceback you would get in the browser17:40
ignasin the functional test17:40
ignasvery useful17:40
ignasas for the crowd17:40
ignasmy mistake, sorry17:40
ignasthe crowd is "inverse"17:40
ignasit allows everyone to see teacher information17:41
ignas(lyceum needed that)17:41
ignasnot sure if anyone needs that actually17:41
aelkneryou could move gthat to kyceum17:41
aelknerbut17:41
ignasi will, and i will look at what is the best way17:41
ignasto add a checkbox17:41
aelknerand i could have mine in intervention17:41
ignasthat allows all the teachers17:41
ignassee all the student information17:42
aelknerok17:42
aelknerbecuase tom said there are legal issues17:42
aelkneradding the checkbox would probably be the best solution17:42
aelknerthen when i use the checkbox, i won't have students seeing other students17:42
aelknerso it's a legal decision on the part of the school17:43
ignaseither a checkbox, or sla specific code in "schooltool.sla" or sla specific checkbox in "schooltool.sla"17:43
aelknerright17:43
aelknerthose are options as well17:43
aelknerlet's see what tom wants there17:43
aelkneranother thing17:43
aelknerwe have a greater problem17:44
ignasoooh17:44
aelknerthe fact that i found a hack is all well and good17:44
aelknersetting the checkbox and all17:44
aelknerbut let me tell you how embarrasing it is17:44
aelknerwhen a user hits a button and gets that dumb login page17:44
aelknerno explanation17:45
aelknerit not only makes it hard to debug17:45
aelknerbut it just is a stupid response to the user17:45
aelknerwe should have a page come up that explains17:45
aelknerwhat resourse the user is not allowed to see17:45
aelknerand an option to log in as another user17:45
aelknerwhich would help teahers that are also site admins17:46
ignashmm, if you would create such a page17:46
ignasor at least add a bug in schooltool bug tracker17:46
ignasthen we'd just have to redirect to it17:46
ignasinstead of redirecting to the login page17:46
aelknerbut how would we get the info of what resourse was not allowed17:47
ignaswhat is doable i think17:47
ignasthe "why" is giving me trouble17:47
ignasif you would just add a dumb page or a template17:47
ignasfor login page17:47
ignasthat checks for17:47
ignas"is it a redirect or is it a plain "log in""17:48
ignasand shows at least an explanation17:48
ignaswhy are you being asked to log in17:48
ignasi could make the explanation show more info after that17:48
aelknercould you show the resourse that was not allowed?17:48
ignasmaybe, i would have to look at it, i can't recall what information is available17:49
ignasand where17:49
ignasproblem is17:49
ignaslogin page has no information about the resource17:49
ignasthat you could not see17:49
aelknerbecuase ti's too late17:49
ignasyeah17:49
aelknerit's already redirected17:49
aelknerwe need the exception to extract the info17:49
ignasif we can17:50
aelknerand pass it to the redirect17:50
aelknerif we can17:50
ignasand passing it through the URL is quite dangerous too17:50
ignasbecause that allows fishing17:50
ignaslike crafting a url17:50
ignasthat misleads the user17:50
aelknerexposing the URL would be bad17:50
aelknerbut hiddens fields could work17:50
ignaswe don't have them at that poing17:50
ignaspoint17:50
ignaswe can't "redirect" with hidden fields17:51
ignasat the moment17:51
ignasshowing an error message17:51
ignaswill be an improvement17:51
ignasover what we have now17:51
ignasand then we can work on improving it17:51
ignassomething like if next_url in self.request: show the box in the log in page17:51
ignasor even better17:51
ignasif next_url in self.requrest and "there is a user logged in": show the box in the log in page17:52
aelkneryes17:52
aelknersounds good17:52
ignasbecause if no one is logged in - asking to log in before showing the page makes sense17:52
aelknersimple and clean for now17:52
aelkneri cold volunteer for that task17:52
ignasso either fix that, or file a bug, and i'll fix it this week or so17:52
aelknerbut it will have to wait a coiuple of days17:53
th1aI guess if our first two users want to allow all teachers to see student info, we have to regard it as a fairly common case.17:53
ignasth1a: sorry, my bad17:53
ignasth1a: lyceum does not want that17:53
ignasth1a: lyceum wants it the other way17:53
ignasth1a: they want all users being able to see teacher information17:53
th1aAh.17:53
aelknerwhy do you keep pingin him?17:53
ignasbecause it is another thread in our discussion17:54
aelkneranyway, th1a: do we want a 'teachers can see all students' checkbox17:54
aelkneris that legan17:55
aelknerlegal17:55
th1aWell, it depends, I think.17:55
ignaswell - we have "make everything public" checkbox17:56
th1aI mean, there is a difference between seeing the student exists, seeing his or her contact info, and seeing thinks like intervention info.17:56
aelknertrue17:56
th1aWe certainly can't design SchoolTool to disallow anything illegal anywhere in the world.17:56
aelknerproblem is17:57
th1aAt this point I'm not really clear on the full technical question -- I'd say  aelkner should do what he needs and we'll discuss what checkboxes there should be later.17:57
aelknerthat's fine17:57
aelknerbecause it's a really large discussion17:58
aelknerand not one we have the time for now17:58
aelknerth1a: did you see our discussion about changeing the lgin redirect view17:58
aelknerto at least have a message in addition to the login17:58
th1aI just want you to understand that a distributed version of intervention will not work the way Chris wants by default.17:58
aelknersaying17:58
aelkner'You were redirected to this login page'17:59
th1aaelkner: Yes, that could be improved.17:59
aelkner'becuase you attempted to access a resourse for which you are not authorized'17:59
aelknerignas said he'll try to see if there is a way to get more info for the user than that17:59
aelknerbut i volunteered to make the change to the view17:59
aelknerafter Wednesday18:00
th1aOK.18:00
aelknerI have to have get ready for SLA now18:01
th1aOK.  Good luck.18:03
*** aelkner has quit IRC18:40
*** wgrant has quit IRC20:56
*** ignas has quit IRC21:00
*** alga has quit IRC21:01
*** mgedmin has quit IRC21:03
*** povbot has joined #schooltool22:05

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!