IRC log of #schooltool for Tuesday, 2010-11-30

*** menesis has quit IRC		00:26
*** th1a has quit IRC		02:37
*** aks has joined #schooltool		05:31
*** aks has joined #schooltool		05:31
*** replaceafill has joined #schooltool		06:27
*** replaceafill has quit IRC		07:40
* yvl makes some coffee		08:33
aelkner	hey yvl	08:57
yvl	hi	08:58
aelkner	could you please look at your demo_fields branch	08:58
aelkner	and see if you can figure out why the resource lookup is failing?	08:59
yvl	umm... how is it failing?	08:59
aelkner	LocationError: (<schooltool.resource.resource.Resource object at 0x89478c0>, 'jstree')	08:59
yvl	I meant - how should I reproduce it	08:59
aelkner	i noticed you changed some registrations to use IBaseResource	08:59
aelkner	oh	09:00
aelkner	run the tests on your branch	09:00
aelkner	-vs schooltool.resource	09:00
aelkner	ignore any form tests cause i already fixed them	09:00
yvl	I changed those adapters to base resource,	09:00
yvl	because ILocation and IEquipment inhertits from IBaseResource, not IResource	09:01
aelkner	i understand wy you did it, but could it be that something else needs doing?	09:01
* yvl shrugs		09:01
yvl	probably :)	09:01
aelkner	to get the resource lookup to work again	09:01
aelkner	i thought i f you ran the test and put a break-point there, you may be able to quickly tell what went wrong	09:02
aelkner	context/++resource++jstree/style.css	09:02
yvl	yeah, I see it	09:02
yvl	ah, here's the problem :)	09:08
yvl	you copied the template from basic person, probably	09:09
yvl	jstree is the thingie that displays person's groups, sections in a javascript expandable tree	09:09
yvl	but it is only registered - and used - for the basic person	09:09
yvl	in src/schooltool/resource/browser/templates/resource_view.pt	09:10
yvl	just remove whole <metal:block metal:fill-slot="extrahead">	09:10
yvl	by the way, I think the simple person home page is broken now :)	09:11
aelkner	ah, cool, thanks	09:11
yvl	person/browser/home.pt	09:11
yvl	uses the same jstree	09:11
aelkner	you mean that the new branch has broken the person home view?	09:11
yvl	but it works only on basicperson layer	09:11
aelkner	what layer is it broken on?	09:12
yvl	not your branch :)	09:12
aelkner	the resource layer?	09:12
yvl	no	09:12
yvl	when basic person layer is not enabled	09:12
yvl	but for some reason we do not use/test that case	09:12
yvl	well, no worry there	09:13
aelkner	ah, i see	09:13
aelkner	i don't need it, so it's not an issue for me	09:13
yvl	yes	09:13
aelkner	but you're pointing out the test case	09:13
yvl	the thing is nobody needs it	09:13
* yvl marks "scheduled for demolition" in his mind		09:13
aelkner	the ui sprint?	09:13
yvl	no, it's a different topic	09:14
yvl	I marked schooltool.person for demolition :)	09:14
yvl	as well as schooltool.demographics	09:14
aelkner	ooh, that a horse of a different color :)	09:14
yvl	;)	09:14
aelkner	yvl: much thanks, all resource tests pass now	09:16
yvl	your'e welcome :)	09:16
aelkner	i will adjust code accordning to your earlier suggestions	09:16
yvl	thanks!	09:16
aelkner	but i don't need it merged immediately	09:16
aelkner	because i'm going to be delivering the branch as part of a sandbox	09:17
yvl	cool	09:17
aelkner	for an upcoming demo dec 9	09:17
yvl	I'd like to do a closer code review once it finished	09:17
yvl	some QA ;))))	09:17
aelkner	sure, and further revisions	09:17
yvl	you know, second pair of eyes thing	09:17
yvl	of course :)	09:18
aelkner	but for now, we can add demos to resources	09:18
aelkner	and i will be able to use that in the demo	09:18
yvl	that's great :)	09:18
aelkner	schooltool.niepa will create the demo fields in app init	09:18
aelkner	actually, app startup	09:18
aelkner	since david already has a data.fs	09:19
aelkner	i could do it as a generation script, but again the urgency of the demo...	09:19
yvl	just don't forget to make a back-up - just in case	09:19
yvl	I understand	09:20
aelkner	the app startup change is harmless, as it only creates demo fields	09:20
aelkner	which causes the views to change, but no data changes in app startup	09:20
*** menesis has joined #schooltool		10:56
*** yvl has quit IRC		11:28
*** yvl has joined #schooltool		11:38
aks	yvl: ping	11:39
yvl	pong, aks	11:39
aks	yvl: i'm planning to remove the SOURCE folder from my "schooltool-rpm" repository as it has made the repo cloning too bulky, what do you say?	11:39
yvl	well, it's your decision :)	11:40
yvl	a script to build SOURCE (and patch were needed) would be nice though	11:41
yvl	but it might be a lot of work, so...	11:41
yvl	but isn't git an append-only repo?	11:44
yvl	as in - the existing size will not change if you remove SOURCE?	11:44
aks	yvl: hmm..never thought of that	11:45
yvl	by the way...	11:52
yvl	I was reading the specs	11:52
yvl	doesn't rpmbuild download most of the packages anyway?	11:52
yvl	say, reportlab.spec has this line:	11:53
yvl	Source0: http://www.reportlab.org/ftp/reportlab-2.4.tar.gz	11:53
yvl	anyway, you could kill the git repo and make a new one	12:05
yvl	with only content in SOURCE that has no download paths in SPECS	12:05
yvl	you'll loose history of course...	12:06
aks	yvl: it would be good to kill the repo and recreate it	12:07
aks	yvl: there is no much history associated though	12:07
yvl	then by all means :)	12:07
yvl	you can also add download paths to schooltool packages	12:09
yvl	point them to http://ftp.schooltool.org/schooltool/1.5/	12:09
yvl	and keep only patches and other small files	12:09
aks	yvl: my (additional) build script parses the config.cfg file and downloads most of the dependencies automatically so there should not be a need to put the SOURCES, isn't it?	12:10
aks	yvl: what do you think?	12:11
yvl	well you do have some interesting files there	12:12
yvl	like filter-provides.sh	12:12
yvl	or schooltool-1.5.1dev.stimporterror.patch	12:12
yvl	so it would be nice to keep them in SOURCES	12:13
aks	yes, those are some of the patches that make schooltool work	12:13
aks	yvl: yes, I'll keep those ones	12:13
yvl	as for downloadable files, IMHO you can remove them	12:13
aks	yvl: ok	12:13
aks	yvl: i'll get the repo ready by tomorrow	12:13
yvl	by the way	12:13
aks	yvl: yes,	12:13
yvl	if there's a way to make a tool like rpmbuild or some other	12:14
yvl	to parse .spec files and get the sources	12:14
yvl	some documentation would be nice	12:14
aks	yvl: that can be done	12:14
yvl	thanks	12:14
aks	yvl: I'll think at that as well	12:14
yvl	nothing fancy, just some info for the newbies like me :)	12:14
aks	yvl: :)	12:14
yvl	one thing caught my eye	12:15
* aks is confused when yvl calls himself a newbie, then what is he?		12:15
aks	yvl: yes	12:15
yvl	as far as building and RPMs go... a newbie ;)	12:15
yvl	some of the .specs parse versions to make the download path	12:16
yvl	as in: Source0: http://pypi.python.org/packages/source/%(echo %{modname} \| sed -r 's\|^(.).*\|\1\|')/%{modname}/%{modname}-%{version}.tar.gz	12:16
aks	yvl: yes	12:16
aks	yvl: most of them use variables	12:16
yvl	others, however do not: Source0: http://pypi.python.org/packages/source/z/%{modname}/%{modname}-3.10.0.zip	12:16
yvl	just nitpicking :)	12:17
aks	yvl: yeah, my build script automatically downloads most of the sources, but fails for those for which it does not find at regular places like pypi.python.org	12:18
aks	yvl: for those you'll have to manually download them	12:18
yvl	I was doing "grep Source.: * \| less" in SPECS to check how many packages have download paths... :)	12:18
aks	yvl: most of them should have it	12:18
yvl	true	12:19
yvl	there are still a bunch of them with hard-coded version	12:19
yvl	s	12:19
yvl	grep Source.: * \| grep -v [{]version[}]	12:19
aks	yvl: there are a few matching that regex	12:20
*** grantbow has quit IRC		12:20
aks	yvl: the probl is that, some of the spec files have been written by another developer Robin "Cheese" Lee, and he doesn't confirm with my style	12:20
yvl	ah :)	12:21
*** grantbow has joined #schooltool		12:21
yvl	now I understand :)))	12:21
aks	yvl: another problem with getting the source url from the spec file is that we'll have to let rpmbuild system parse the URL and return to us, but it doesn't seem doable right now	12:21
yvl	well, nevermind that now then :)	12:25
*** aks has quit IRC		13:16
*** Aiste has joined #schooltool		13:50
*** menesis has quit IRC		16:00
*** menesis1 has joined #schooltool		16:00
*** menesis1 is now known as menesis		16:00
*** menesis1 has joined #schooltool		16:04
*** menesis has quit IRC		16:04
*** replaceafill has joined #schooltool		17:13
*** th1a has joined #schooltool		17:30
replaceafill	yvl, you gone?	17:34
*** Aiste has quit IRC		18:45
*** ignas has joined #schooltool		19:10
menesis1	now students don't see the list of teachers in a section	19:55
menesis1	and teachers cannot see other teachers or who are instructors of other sections	19:56
replaceafill	menesis1, because of the removal of the <PersonInfoViewersCrowd>, right?	19:58
*** menesis1 is now known as menesis		19:58
menesis	yes	19:58
menesis	or rather because the teacher part of it was not replaced by another crowd	19:59
replaceafill	yes	19:59
replaceafill	menesis, btw in cando, students can see the teachers name in gradebooks because evaluations dont return proxies	20:00
replaceafill	so there are no checks on access to person attributes	20:01
menesis	but I think this is a bad thing. it is no secret that a lecturer teaches history in class 11b	20:01
menesis	so in my eyes this is broken now.	20:03
menesis	and to my regret I have backported this to stable branch	20:03
replaceafill	i agree with you in that it was the part that allowed students see their teachers, and teachers see other teachers	20:03
replaceafill	and we should keep that part	20:03
replaceafill	the thing with that crowd was that also allowed anonymous users to see teachers	20:04
menesis	the bug https://bugs.launchpad.net/schooltool/+bug/561590	20:05
replaceafill	yes	20:05
menesis	I am not sure why that should not be allowed	20:06
replaceafill	privacy maybe?	20:06
replaceafill	not sure though	20:06
replaceafill	menesis, should i report it as a bug?	20:10
replaceafill	or at least send an email to the dev list	20:10
menesis	I would have liked to talk to yvl because he made this change	20:11
menesis	but I'm not at the office and his work day is over already	20:11
replaceafill	right	20:11
menesis	not sure what is a bug	20:12
menesis	I launched an older version and teachers cannot see teachers of other sections, and a student cannot view teacher's info anyway, only a name	20:13
menesis	and anonymous users cannot	20:13
menesis	hmm	20:14
th1a	There is no reason I can think of that anyone should not be able to see a teacher's name.	20:17
menesis	oh. there is a setting "Allow everyone view section information and calendars"	20:20
menesis	then a teacher can view everything	20:20
menesis	and teacher's info is publicly accessible	20:20
menesis	including his contacts, i.e. home address and phone	20:21
th1a	Because of the section information setting?	20:21
menesis	looks like so	20:23
menesis	and anonymous users can see a list of students in a section	20:23
menesis	:(	20:24
th1a	Well, that's probably not optimal either, but shouldn't be entirely unexpected.	20:25
th1a	But it shouldn't change the amount of access you have to a teacher's personal information.	20:25
menesis	so it's either "everyone can view everything", or "you can view only yourself"	20:26
menesis	ok so it's two different settings	20:26
menesis	"everyone can view section information" does what it says	20:26
menesis	and was not changed	20:26
menesis	even if it is broken, it's the same as before	20:27
menesis	but with the removal of "everyone can view person info" setting	20:27
menesis	a side effect is that students cannot view teacher names	20:28
menesis	this is a new problem	20:28
*** ignas has quit IRC		20:30
menesis	ok	20:32
replaceafill	menesis, i have a cando 2010.05 running in a hardy VM, and if you have someone in the teachers group with no section data, you can see his birthdate, name, demographcis, etc	20:33
replaceafill	as anonymous	20:33
replaceafill	with all the access control settings turned off	20:33
replaceafill	if you put section info for the teacher (as instructor or learner) then you get the login form as anonymous user	20:34
th1a	So is this because we don't have explicit enough separation between names and info?	20:34
th1a	And in particular between teacher names and student names, which have different levels of sensitivity?	20:34
replaceafill	i remember in the old zope 3 days when one defined an interface for read access and another for write acces on containers	20:37
replaceafill	dont know if something similar would work on persons :(	20:37
menesis	th1a: well, the fact that we are talking about such issues means that yes, security separation and settings are not good enough	20:41
menesis	zope security is complicated, and schooltool's is even more so	20:42
th1a	We have a very complicated use case.	20:42
menesis	but of course it is doable	20:42
menesis	replaceafill: yes that's how you allow to read or write something	20:42
menesis	ok	20:43
replaceafill	menesis, http://imagebin.ca/view/scKqu7zo.html	20:43
th1a	Basically, the name of an instructor of a section should be visible as part of section information.	20:43
th1a	What groups they're a part of doesn't matter.	20:43
menesis	but the immediate problem for me is that one change introduces a regression, and breaks part of cando functionality.	20:43
th1a	It shouldn't have anything to do with CanDo per se.	20:44
menesis	so I am inclined to revert that change and better leave a bug unfixed rather than introduce a new bug.	20:44
replaceafill	cando brought it up :)	20:44
menesis	in stable release, that is already available	20:45
replaceafill	menesis, what if we apply a hack to cando?	20:45
th1a	Well, one thing we need is a good description of the bug that was exposed by the change.	20:45
th1a	Because it needs to be fixed anyhow.	20:45
menesis	that has to be fixed anyway	20:46
menesis	"students cannot see teachers' names"	20:47
menesis	is the bug	20:47
th1a	https://bugs.launchpad.net/schooltool/+bug/683286	20:48
replaceafill	th1a, just sent you an interesting email	20:52
th1a	Notes!	20:54
menesis	another possible problem is "everyone can see a list of students as part of section info"	20:54
th1a	Oh... they really did hack it!	20:55
replaceafill	:D	20:55
replaceafill	th1a, history.php	20:55
th1a	wtf?!?	20:56
th1a	I would say we need a script to dump out the objects connected to a person and then write another export script.	20:57
th1a	Or just not worry about it.	20:57
replaceafill	yes	20:57
th1a	I'm curious though, so I'd like to keep going.	20:57
replaceafill	+1	20:57
th1a	Can you respond to that?	21:04
replaceafill	yes	21:04
replaceafill	was thinking of asking for the code, like yvl did in the comments of the bug	21:04
th1a	Or yeah, just that.	21:09
menesis	replaceafill: I have reverted the problematic change and made schooltool-1.4.3.1 release. this will solve the CanDo problem.	21:56
menesis	of course on trunk/maverick security regarding teachers has to be fixed properly.	21:57
menesis	th1a: sent an announcement	21:58
* menesis good night		21:58
replaceafill	th1a, Trevor says he will send his python site-packages tomorrow so we can check the code	22:14
*** menesis has quit IRC		22:21
replaceafill	th1a, did you read Welsh email?	22:49
* replaceafill wonders if the ACC could use some cache...		23:03

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!