[kforge-dev] [Fwd: Re: [kforge-user] Modifications]

Wed Feb 7 14:51:25 UTC 2007

FWD FYI

-------- Original Message --------
Subject: 	Re: [kforge-user] Modifications
Date: 	Wed, 07 Feb 2007 14:35:27 +0000
From: 	John Bywater <john.bywater at appropriatesoftwarefoundation.org>
To: 	Christopher Hesse <csh at scourcritical.com>
CC: 	kforge-user at lists.okfn.org
References: 
<78288ee20702062126u42c780b7qde44b70f7cec874c at mail.gmail.com> 
<78288ee20702070132s487e9b51xd0656082832e375a at mail.gmail.com>

Christopher Hesse wrote:

> Hi guys,

Hi Chris,

>     I am attempting to make a few minor modifcations to the KForge
> software for use by the EECS Department of Case Western Reserve
> University (http://www.eecs.case.edu).

That's very interesting.

>   The two main things are:
> operate on a single hostname and have a 'read-only' mode for svn
> repositories.  The single hostname thing I did with a few config file
> and miscellaneous kludges, and that seems to be working (any interest
> in a patch?).

Yes please. :-)

Slightly related to the single host thing: I implemented something 
called 'uriPrefix' for another domainmodel application (called 
ScanBooker), which allows the application to be run from something other 
than /. This was needed because the user couldn't obtain any new FQDNs 
from their IT manager, who is a point haired boss and very obstructive. 
As this is a very common situation, I think the current default setup, 
where you need to setup several FQDNs isn't really adequate.

See: http://imaging.mrc-cbu.cam.ac.uk/scanbooker/

> The svn thing is giving me a bit more trouble.  Originally I was
> trying a Apache config-only fix, but it seems Python*Handler can't be
> put inside a LimitExcept section.  I messed with permissions, but it
> appears I can only add the 'Read' permission to 'Visitor' for all
> 'Plugin.svn' instances, not to a specific one.  Any ideas on how to do
> that?

One way might be to set the Visitor's system role to be Friend. 
Otherwise you can make Visitor a Member of a Project with an Svn 
service, and set that membership to be Friend. But that doesn't provide 
for different access control within a Project. So you might need a 
separate project?

A more sophisticated option would be for us to add a 'grants' attribute 
to [1] the Service domain object (just like [2] Role and [3] Person 
have), modify [4] the ProjectAccessController to look at an optional 
service object being passed into the isAccessAuthorised() method (just 
like the optional project is optional), and then we could grant the read 
permission to the service object directly (in the admin view, for now, 
presented better later).

[1] 
http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/dom/service.py#L4
[2] 
http://project.knowledgeforge.net/domainmodel/trac/browser/trunk/src/dm/dom/accesscontrol.py#L22
[3] 
http://project.knowledgeforge.net/domainmodel/trac/browser/trunk/src/dm/dom/person.py#L15
[4] 
http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/accesscontrol.py#L7

> Also, when I run
> "kforge-admin create plugin <plugin-name>"
> from the plugin docs, I get
> "*** Unknown syntax: create plugin <plugin-name>"

I hope Rufus will be able to tell you more about this. I always feel 
suffocated by useless error messages. I don't really know what the three 
stars are for either. :-)

> I am using kforge 0.12.
>
> Thanks for any help,

No probs. Thanks for the offer of a patch.

Let me know what you think about per-service permissions?

Bye for now,

John.

> +Chris

_______________________________________________
kforge-user mailing list
kforge-user at lists.okfn.org
http://lists.okfn.org/mailman/listinfo/kforge-user