IRC log of #schooltool for Tuesday, 2010-11-30

*** menesis has quit IRC00:26
*** th1a has quit IRC02:37
*** aks has joined #schooltool05:31
*** aks has joined #schooltool05:31
*** replaceafill has joined #schooltool06:27
*** replaceafill has quit IRC07:40
* yvl makes some coffee08:33
aelknerhey yvl08:57
aelknercould you please look at your demo_fields branch08:58
aelknerand see if you can figure out why the resource lookup is failing?08:59
yvlumm... how is it failing?08:59
aelknerLocationError: (<schooltool.resource.resource.Resource object at 0x89478c0>, 'jstree')08:59
yvlI meant - how should I reproduce it08:59
aelkneri noticed you changed some registrations to use IBaseResource08:59
aelknerrun the tests on your branch09:00
aelkner-vs schooltool.resource09:00
aelknerignore any form tests cause i already fixed them09:00
yvlI changed those adapters to base resource,09:00
yvlbecause ILocation and IEquipment inhertits from IBaseResource, not IResource09:01
aelkneri understand wy you did it, but could it be that something else needs doing?09:01
* yvl shrugs09:01
yvlprobably :)09:01
aelknerto get the resource lookup to work again09:01
aelkneri thought i f you ran the test and put a break-point there, you may be able to quickly tell what went wrong09:02
yvlyeah, I see it09:02
yvlah, here's the problem :)09:08
yvlyou copied the template from basic person, probably09:09
yvljstree is the thingie that displays person's groups, sections in a javascript expandable tree09:09
yvlbut it is only registered - and used - for the basic person09:09
yvlin src/schooltool/resource/browser/templates/resource_view.pt09:10
yvljust remove whole <metal:block metal:fill-slot="extrahead">09:10
yvlby the way, I think the simple person home page is broken now :)09:11
aelknerah, cool, thanks09:11
yvluses the same jstree09:11
aelkneryou mean that the new branch has broken the person home view?09:11
yvlbut it works only on basicperson layer09:11
aelknerwhat layer is it broken on?09:12
yvlnot your branch :)09:12
aelknerthe resource layer?09:12
yvlwhen basic person layer is not enabled09:12
yvlbut for some reason we do not use/test that case09:12
yvlwell, no worry there09:13
aelknerah, i see09:13
aelkneri don't need it, so it's not an issue for me09:13
aelknerbut you're pointing out the test case09:13
yvlthe thing is nobody needs it09:13
* yvl marks "scheduled for demolition" in his mind09:13
aelknerthe ui sprint?09:13
yvlno, it's a different topic09:14
yvlI marked schooltool.person for demolition :)09:14
yvlas well as schooltool.demographics09:14
aelknerooh, that a horse of a different color :)09:14
aelkneryvl: much thanks, all resource tests pass now09:16
yvlyour'e welcome :)09:16
aelkneri will adjust code accordning to your earlier suggestions09:16
aelknerbut i don't need it merged immediately09:16
aelknerbecause i'm going to be delivering the branch as part of a sandbox09:17
aelknerfor an upcoming demo dec 909:17
yvlI'd like to do a closer code review once it finished09:17
yvlsome QA ;))))09:17
aelknersure, and further revisions09:17
yvlyou know, second pair of eyes thing09:17
yvlof course :)09:18
aelknerbut for now, we can add demos to resources09:18
aelknerand i will be able to use that in the demo09:18
yvlthat's great :)09:18
aelknerschooltool.niepa will create the demo fields in app init09:18
aelkneractually, app startup09:18
aelknersince david already has a data.fs09:19
aelkneri could do it as a generation script, but again the urgency of the demo...09:19
yvljust don't forget to make a back-up - just in case09:19
yvlI understand09:20
aelknerthe app startup change is harmless, as it only creates demo fields09:20
aelknerwhich causes the views to change, but no data changes in app startup09:20
*** menesis has joined #schooltool10:56
*** yvl has quit IRC11:28
*** yvl has joined #schooltool11:38
aksyvl: ping11:39
yvlpong, aks11:39
aksyvl: i'm planning to remove the SOURCE folder from my "schooltool-rpm" repository as it has made the repo cloning too bulky, what do you say?11:39
yvlwell, it's your decision :)11:40
yvla script to build SOURCE (and patch were needed) would be nice though11:41
yvlbut it might be a lot of work, so...11:41
yvlbut isn't git an append-only repo?11:44
yvlas in - the existing size will not change if you remove SOURCE?11:44
aksyvl: hmm..never thought of that11:45
yvlby the way...11:52
yvlI was reading the specs11:52
yvldoesn't rpmbuild download most of the packages anyway?11:52
yvlsay, reportlab.spec has this line:11:53
yvlanyway, you could kill the git repo and make a new one12:05
yvlwith only content in SOURCE that has no download paths in SPECS12:05
yvlyou'll loose history of course...12:06
aksyvl: it would be good to kill the repo and recreate it12:07
aksyvl: there is no much history associated though12:07
yvlthen by all means :)12:07
yvlyou can also add download paths to schooltool packages12:09
yvlpoint them to
yvland keep only patches and other small files12:09
aksyvl: my (additional) build script parses the config.cfg file and downloads most of the dependencies automatically so there should not be a need to put the SOURCES, isn't it?12:10
aksyvl: what do you think?12:11
yvlwell you do have some interesting files there12:12
yvllike filter-provides.sh12:12
yvlor schooltool-1.5.1dev.stimporterror.patch12:12
yvlso it would be nice to keep them in SOURCES12:13
aksyes, those are some of the patches that make schooltool work12:13
aksyvl: yes, I'll keep those ones12:13
yvlas for downloadable files, IMHO you can remove them12:13
aksyvl: ok12:13
aksyvl: i'll get the repo ready by tomorrow12:13
yvlby the way12:13
aksyvl: yes,12:13
yvlif there's a way to make a tool like rpmbuild or some other12:14
yvlto parse .spec files and get the sources12:14
yvlsome documentation would be nice12:14
aksyvl: that can be done12:14
aksyvl: I'll think at that as well12:14
yvlnothing fancy, just some info for the newbies like me :)12:14
aksyvl: :)12:14
yvlone thing caught my eye12:15
* aks is confused when yvl calls himself a newbie, then what is he?12:15
aksyvl: yes12:15
yvlas far as building and RPMs go... a newbie ;)12:15
yvlsome of the .specs parse versions to make the download path12:16
yvlas in: Source0: %{modname} | sed -r 's|^(.).*|\1|')/%{modname}/%{modname}-%{version}.tar.gz12:16
aksyvl: yes12:16
aksyvl: most of them use variables12:16
yvlothers, however do not: Source0:{modname}/%{modname}-3.10.0.zip12:16
yvljust nitpicking :)12:17
aksyvl: yeah, my build script automatically downloads most of the sources, but fails for those for which it does not find at regular places like pypi.python.org12:18
aksyvl: for those you'll have to manually download them12:18
yvlI was doing "grep Source.: * | less" in SPECS to check how many packages have download paths... :)12:18
aksyvl: most of them should have it12:18
yvlthere are still a bunch of them with hard-coded version12:19
yvlgrep Source.: * | grep -v [{]version[}]12:19
aksyvl: there are a few matching that regex12:20
*** grantbow has quit IRC12:20
aksyvl: the probl is that, some of the spec files have been written by another developer Robin "Cheese" Lee, and he doesn't confirm with my style12:20
yvlah :)12:21
*** grantbow has joined #schooltool12:21
yvlnow I understand :)))12:21
aksyvl: another problem with getting the source url from the spec file is that we'll have to let rpmbuild system parse the URL and return to us, but it doesn't seem doable right now12:21
yvlwell, nevermind that now then :)12:25
*** aks has quit IRC13:16
*** Aiste has joined #schooltool13:50
*** menesis has quit IRC16:00
*** menesis1 has joined #schooltool16:00
*** menesis1 is now known as menesis16:00
*** menesis1 has joined #schooltool16:04
*** menesis has quit IRC16:04
*** replaceafill has joined #schooltool17:13
*** th1a has joined #schooltool17:30
replaceafillyvl, you gone?17:34
*** Aiste has quit IRC18:45
*** ignas has joined #schooltool19:10
menesis1now students don't see the list of teachers in a section19:55
menesis1and teachers cannot see other teachers or who are instructors of other sections19:56
replaceafillmenesis1, because of the removal of the  <PersonInfoViewersCrowd>, right?19:58
*** menesis1 is now known as menesis19:58
menesisor rather because the teacher part of it was not replaced by another crowd19:59
replaceafillmenesis, btw in cando, students can see the teachers name in gradebooks because evaluations dont return proxies20:00
replaceafillso there are no checks on access to person attributes20:01
menesisbut I think this is a bad thing. it is no secret that a lecturer teaches history in class 11b20:01
menesisso in my eyes this is broken now.20:03
menesisand to my regret I have backported this to stable branch20:03
replaceafilli agree with you in that it was the part that allowed students see their teachers, and teachers see other teachers20:03
replaceafilland we should keep that part20:03
replaceafillthe thing with that crowd was that also allowed anonymous users to see teachers20:04
menesisthe bug
menesisI am not sure why that should not be allowed20:06
replaceafillprivacy maybe?20:06
replaceafillnot sure though20:06
replaceafillmenesis, should i report it as a bug?20:10
replaceafillor at least send an email to the dev list20:10
menesisI would have liked to talk to yvl because he made this change20:11
menesisbut I'm not at the office and his work day is over already20:11
menesisnot sure what is a bug20:12
menesisI launched an older version and teachers cannot see teachers of other sections, and a student cannot view teacher's info anyway, only a name20:13
menesisand anonymous users cannot20:13
th1aThere is no reason I can think of that anyone should not be able to see a teacher's name.20:17
menesisoh. there is a setting "Allow everyone view section information and calendars"20:20
menesisthen a teacher can view everything20:20
menesisand teacher's info is publicly accessible20:20
menesisincluding his contacts, i.e. home address and phone20:21
th1aBecause of the section information setting?20:21
menesislooks like so20:23
menesisand anonymous users can see a list of students in a section20:23
th1aWell, that's probably not optimal either, but shouldn't be entirely unexpected.20:25
th1aBut it shouldn't change the amount of access you have to a teacher's personal information.20:25
menesisso it's either "everyone can view everything", or "you can view only yourself"20:26
menesisok so it's two different settings20:26
menesis"everyone can view section information" does what it says20:26
menesisand was not changed20:26
menesiseven if it is broken, it's the same as before20:27
menesisbut with the removal of "everyone can view person info" setting20:27
menesisa side effect is that students cannot view teacher names20:28
menesisthis is a new problem20:28
*** ignas has quit IRC20:30
replaceafillmenesis, i have a cando 2010.05 running in a hardy VM, and if you have someone in the teachers group with no section data, you can see his birthdate, name, demographcis, etc20:33
replaceafillas anonymous20:33
replaceafillwith all the access control settings turned off20:33
replaceafillif you put section info for the teacher (as instructor or learner) then you get the login form as anonymous user20:34
th1aSo is this because we don't have explicit enough separation between names and info?20:34
th1aAnd in particular between teacher names and student names, which have different levels of sensitivity?20:34
replaceafilli remember in the old zope 3 days when one defined an interface for read access and another for write acces on containers20:37
replaceafilldont know if something similar would work on persons :(20:37
menesisth1a: well, the fact that we are talking about such issues means that yes, security separation and settings are not good enough20:41
menesiszope security is complicated, and schooltool's is even more so20:42
th1aWe have a very complicated use case.20:42
menesisbut of course it is doable20:42
menesisreplaceafill: yes that's how you allow to read or write something20:42
th1aBasically, the name of an instructor of a section should be visible as part of section information.20:43
th1aWhat groups they're a part of doesn't matter.20:43
menesisbut the immediate problem for me is that one change introduces a regression, and breaks part of cando functionality.20:43
th1aIt shouldn't have anything to do with CanDo per se.20:44
menesisso I am inclined to revert that change and better leave a bug unfixed rather than introduce a new bug.20:44
replaceafillcando brought it up :)20:44
menesisin stable release, that is already available20:45
replaceafillmenesis, what if we apply a hack to cando?20:45
th1aWell, one thing we need is a good description of the bug that was exposed by the change.20:45
th1aBecause it needs to be fixed anyhow.20:45
menesisthat has to be fixed anyway20:46
menesis"students cannot see teachers' names"20:47
menesisis the bug20:47
replaceafillth1a, just sent you an interesting email20:52
menesisanother possible problem is "everyone can see a list of students as part of section info"20:54
th1aOh... they really did hack it!20:55
replaceafillth1a, history.php20:55
th1aI would say we need a script to dump out the objects connected to a person and then write another export script.20:57
th1aOr just not worry about it.20:57
th1aI'm curious though, so I'd like to keep going.20:57
th1aCan you respond to that?21:04
replaceafillwas thinking of asking for the code, like yvl did in the comments of the bug21:04
th1aOr yeah, just that.21:09
menesisreplaceafill: I have reverted the problematic change and made schooltool- release. this will solve the CanDo problem.21:56
menesisof course on trunk/maverick security regarding teachers has to be fixed properly.21:57
menesisth1a: sent an announcement21:58
* menesis good night21:58
replaceafillth1a, Trevor says he will send his python site-packages tomorrow so we can check the code22:14
*** menesis has quit IRC22:21
replaceafillth1a, did you read Welsh email?22:49
* replaceafill wonders if the ACC could use some cache...23:03

Generated by 2.15.1 by Marius Gedminas - find it at!