You can subscribe to this list here.
2009 |
Jan
(6) |
Feb
|
Mar
(61) |
Apr
(107) |
May
(121) |
Jun
(66) |
Jul
(91) |
Aug
(50) |
Sep
(11) |
Oct
(17) |
Nov
(30) |
Dec
(27) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2010 |
Jan
(35) |
Feb
(26) |
Mar
(9) |
Apr
(14) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: David S. P. <dav...@ma...> - 2010-05-22 13:10:18
|
PHProjekt 6.0.2 is out. More information can be found at http://phprojekt.com/node/1909. Downloads can be found as usual on github and on http://phprojekt.com/download Greetings David -- David Soria Parra Mayflower GmbH Mannhardtstraße 6 Tel.: +49 89 24 20 54 1 D-80538 München Fax : +49 89 24 20 54 29 dav...@ma... http://www.mayflower.de Mayflower GmbH, Standort München Firmensitz: Mannhardtstraße 6, 80538 München Registergericht: Amtsgericht München, HRB 142039 Geschäftsführer: Gregor Streng, Björn Schotte, Albrecht Günther, Johann-Peter Hartmann |
From: Albrecht G. <alb...@ma...> - 2010-04-29 12:09:38
|
Hi Gustavo, can you install this somewhere, so we can test it? (not on the official demo, but IIRC we do have another vhost for testing) TIA Albrecht > We was agree that try to copy the PEAR webDav implementation and make > the code P6-Zend Framework-PHP5 compatible. > > As i know, the author of the library was agree. > > You can see the result here: > http://github.com/gsolt/PHProjekt/tree/WebDAV > > Greetings, > Gustavo > > On 27/04/2010 02:28 p.m., David Soria Parra wrote: >> Hi Gustavo >> >> Am 06.04.10 16:23, schrieb Gustavo Solt: >>> Hi all, >>> Since many people ask about the WebDAV implementation on P6, let see >>> what we need for it. >>> 1. Server >>> In P5 we use the PEAR server, that is just a php 4 class that translates >>> the request into a WebDAV function. >>> We can make a new server class, using the PEAR one as example, in this >>> case the steps are: >>> - Make a new Zend class using the PEAR as model. >>> - Transform all the PHP4 structure to PHP5. >>> - Use all as we can the Zend functions. >>> - Define an Auth method that should be easy to configure. >>> After that, we will have something like Zend_Webdav_Abstract that will >>> have all the necessaries function for catch the request and call the >>> correct function. >> Did you take a look at ezComponents Webdav (ez Componenets is now called >> Zeta Components). It is proper PHP 5 Code. I haven't used it so I don't >> know if there are many issues with. >> >> I would prefer if we do WebDAV not before 6.2 but try to focus on what >> we have at the moment and enhance that . >> >> David >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: Gustavo S. <gus...@gm...> - 2010-04-28 17:31:48
|
Alo David, We was agree that try to copy the PEAR webDav implementation and make the code P6-Zend Framework-PHP5 compatible. As i know, the author of the library was agree. You can see the result here: http://github.com/gsolt/PHProjekt/tree/WebDAV Greetings, Gustavo On 27/04/2010 02:28 p.m., David Soria Parra wrote: > Hi Gustavo > > Am 06.04.10 16:23, schrieb Gustavo Solt: >> Hi all, >> Since many people ask about the WebDAV implementation on P6, let see >> what we need for it. >> 1. Server >> In P5 we use the PEAR server, that is just a php 4 class that translates >> the request into a WebDAV function. >> We can make a new server class, using the PEAR one as example, in this >> case the steps are: >> - Make a new Zend class using the PEAR as model. >> - Transform all the PHP4 structure to PHP5. >> - Use all as we can the Zend functions. >> - Define an Auth method that should be easy to configure. >> After that, we will have something like Zend_Webdav_Abstract that will >> have all the necessaries function for catch the request and call the >> correct function. > > Did you take a look at ezComponents Webdav (ez Componenets is now called > Zeta Components). It is proper PHP 5 Code. I haven't used it so I don't > know if there are many issues with. > > I would prefer if we do WebDAV not before 6.2 but try to focus on what > we have at the moment and enhance that . > > David > |
From: Gustavo S. <gus...@gm...> - 2010-04-28 17:29:44
|
Hi all, David's suggestion implemented. http://github.com/gsolt/PHProjekt/commit/93ee227fd5bc8b29a396da120646504ece27b963 Greetings. On 27/04/2010 01:50 p.m., David Soria Parra wrote: > Hi Gustavo > > Am 27.04.10 03:48, schrieb Gustavo Solt: >> Hi all, >> since many people complain about the "DocumentRoot" limitation in the >> installation of PHProjekt 6, for a better solution about the security, >> there is an idea about to make 2 improves: > >> 1. Make the configuration.ini file, a php file, so nobody can read it, >> only the web server can execute it or read it. > >> 2. Make a private folder for save there the logs, the temporally and the >> uploaded files. (All the files written by the API/User). > >> --- About 1. --- >> The best solution that i found, is to keep the configuration.ini file as >> format, add a <?php in the first line, rename it to configuration.php >> and change the comments from ; to #. >> There is a new Config parser, that just drop the first line, and take >> the file as ini. > >> Pros: >> 1. The format is read friendly, like all the ini files. >> Contra: >> 1. Since is a php file, the common editor should provide a correct >> interface for edit files, but since the ini structure is not PHP, maybe >> the user have ugly messages in the editor. >> 2. If you want to access directly to the file >> http://p6/configuration.php => you will get a parser error. Maybe is not >> a contra, but is ugly. > > Yes the solution might work, but still other files might be accessable, > things like README, tests, VERSION and so on. > >> --- About 2. --- >> Here i want to discuss some scenarios. >> First, the zip or the tarball, provide a folder phprojekt with all the >> files and folders in it. >> Currently the structure is: >> phprojekt/ >> application/ >> htdocs/ >> library/ >> logs/ >> tmp/ >> upload/ >> configuration.ini >> And the limitation say that a vhost must be set to the htdocs folder. > >> With the private folder, the idea is something like: > >> phprojekt/ >> application/ >> htdocs/ >> library/ >> configuration.ini >> private/ >> logs/ >> tmp/ >> upload/ > > I like the approach, but I think it gets difficult, as PHProjekt looks > different on disk depending on the way you set it up. In fact using the > private folder method we can separate htdocs and the rest, as the rest > doesn't need to be access from the outside and that's what we care about. > >> Contra: Even if the private folder have a random name set by the user, >> is accessible by web http://my.domain/private. >> For solve that, we provide a .htaccess with Deny from all, but the >> folder is still writable and public. >> The user can set the write rights for this folder to "only owner"?, yes, >> but ONLY in Linux, in Windows system, the folder is public and writable >> (only the admin of the system can set the rights there). > No write access cannot be by owner only, most webhosts user a group for > the webserver and different owners, in that case the webserver will not > be able to write to the directory. > > >> 2. Outside the public_html: > > we cannot do this, as this is particularly what people that just have a > usual web host, complain about. They just have webspace that is > accessable from the outside. > >> Pros: Is not accessible by Web. >> Contra: >> - The web user in general don't have access to write folders there, >> or for rights or for groups limitation. If the setup routine can't >> create the folder, the user/admin must do it. >> If there are many problem for the common users to create a vhost, you >> think that create a folder outside public is easy for them? >> - If the folder is created, must have the correct right access, since >> the API don't have right for change them, and again, the access system >> works only for Linux, in windows is ALL 777. Do you think that the user >> can do it? > > My suggestions is the following: > > We add .htaccess files to the phprojekt/ folder and to > phprojekt/htdocs. The .htaccess in phprojekt/ forbids > access. This is done by putting the following into the > .htaccess file: > > deny from all > > and in htdocs/.htaccess: > > allow from all > > This way we keep our setup the way it is, we just have > to remove the check for the vhost. Well not remove, we > should state a message that says: > > Please note that your webserver needs to support .htaccess > files to deny access to the configuration files. Running > PHProjekt 6 without using the provided .htaccess files > to deny access to certain files and folders, might not > be secure and is not recommended. > > This is still not a perfect solution as we do rely on > .htaccess (apache only) and that the webserver is configured > to allow access overwriting. So Apache might be configured > to use .htaccess but not to allow forbidding access using .htaccess. > > But I personally think 90% of the users have a setup that will > work with what I suggested, while it keeps our changes low and > the code base stable. > > David |
From: David S. P. <dav...@ma...> - 2010-04-27 15:28:43
|
Hi Gustavo Am 06.04.10 16:23, schrieb Gustavo Solt: > Hi all, > Since many people ask about the WebDAV implementation on P6, let see > what we need for it. > 1. Server > In P5 we use the PEAR server, that is just a php 4 class that translates > the request into a WebDAV function. > We can make a new server class, using the PEAR one as example, in this > case the steps are: > - Make a new Zend class using the PEAR as model. > - Transform all the PHP4 structure to PHP5. > - Use all as we can the Zend functions. > - Define an Auth method that should be easy to configure. > After that, we will have something like Zend_Webdav_Abstract that will > have all the necessaries function for catch the request and call the > correct function. Did you take a look at ezComponents Webdav (ez Componenets is now called Zeta Components). It is proper PHP 5 Code. I haven't used it so I don't know if there are many issues with. I would prefer if we do WebDAV not before 6.2 but try to focus on what we have at the moment and enhance that . David -- David Soria Parra Mayflower GmbH Mannhardtstraße 6 Tel.: +49 89 24 20 54 1 D-80538 München Fax : +49 89 24 20 54 29 dav...@ma... http://www.mayflower.de Mayflower GmbH, Standort München Firmensitz: Mannhardtstraße 6, 80538 München Registergericht: Amtsgericht München, HRB 142039 Geschäftsführer: Gregor Streng, Björn Schotte, Albrecht Günther, Johann-Peter Hartmann |
From: David S. P. <ds...@gm...> - 2010-04-27 14:50:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Gustavo Am 27.04.10 03:48, schrieb Gustavo Solt: > Hi all, > since many people complain about the "DocumentRoot" limitation in the > installation of PHProjekt 6, for a better solution about the security, > there is an idea about to make 2 improves: > > 1. Make the configuration.ini file, a php file, so nobody can read it, > only the web server can execute it or read it. > > 2. Make a private folder for save there the logs, the temporally and the > uploaded files. (All the files written by the API/User). > > --- About 1. --- > The best solution that i found, is to keep the configuration.ini file as > format, add a <?php in the first line, rename it to configuration.php > and change the comments from ; to #. > There is a new Config parser, that just drop the first line, and take > the file as ini. > > Pros: > 1. The format is read friendly, like all the ini files. > Contra: > 1. Since is a php file, the common editor should provide a correct > interface for edit files, but since the ini structure is not PHP, maybe > the user have ugly messages in the editor. > 2. If you want to access directly to the file > http://p6/configuration.php => you will get a parser error. Maybe is not > a contra, but is ugly. Yes the solution might work, but still other files might be accessable, things like README, tests, VERSION and so on. > --- About 2. --- > Here i want to discuss some scenarios. > First, the zip or the tarball, provide a folder phprojekt with all the > files and folders in it. > Currently the structure is: > phprojekt/ > application/ > htdocs/ > library/ > logs/ > tmp/ > upload/ > configuration.ini > And the limitation say that a vhost must be set to the htdocs folder. > > With the private folder, the idea is something like: > > phprojekt/ > application/ > htdocs/ > library/ > configuration.ini > private/ > logs/ > tmp/ > upload/ I like the approach, but I think it gets difficult, as PHProjekt looks different on disk depending on the way you set it up. In fact using the private folder method we can separate htdocs and the rest, as the rest doesn't need to be access from the outside and that's what we care about. > Contra: Even if the private folder have a random name set by the user, > is accessible by web http://my.domain/private. > For solve that, we provide a .htaccess with Deny from all, but the > folder is still writable and public. > The user can set the write rights for this folder to "only owner"?, yes, > but ONLY in Linux, in Windows system, the folder is public and writable > (only the admin of the system can set the rights there). No write access cannot be by owner only, most webhosts user a group for the webserver and different owners, in that case the webserver will not be able to write to the directory. > > 2. Outside the public_html: we cannot do this, as this is particularly what people that just have a usual web host, complain about. They just have webspace that is accessable from the outside. > Pros: Is not accessible by Web. > Contra: > - The web user in general don't have access to write folders there, > or for rights or for groups limitation. If the setup routine can't > create the folder, the user/admin must do it. > If there are many problem for the common users to create a vhost, you > think that create a folder outside public is easy for them? > - If the folder is created, must have the correct right access, since > the API don't have right for change them, and again, the access system > works only for Linux, in windows is ALL 777. Do you think that the user > can do it? My suggestions is the following: We add .htaccess files to the phprojekt/ folder and to phprojekt/htdocs. The .htaccess in phprojekt/ forbids access. This is done by putting the following into the .htaccess file: deny from all and in htdocs/.htaccess: allow from all This way we keep our setup the way it is, we just have to remove the check for the vhost. Well not remove, we should state a message that says: Please note that your webserver needs to support .htaccess files to deny access to the configuration files. Running PHProjekt 6 without using the provided .htaccess files to deny access to certain files and folders, might not be secure and is not recommended. This is still not a perfect solution as we do rely on .htaccess (apache only) and that the webserver is configured to allow access overwriting. So Apache might be configured to use .htaccess but not to allow forbidding access using .htaccess. But I personally think 90% of the users have a setup that will work with what I suggested, while it keeps our changes low and the code base stable. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJL1vmlAAoJEAT0aMuPE7Z1dr8P/ibs3PsgD49+j8WlEgtruAMr FLM0hf8J+tSvUOwhkxrfcLUtMQRNpL066R1fTgI9XuLQoycIN3Qoed27/wkvsTOM 21RZRUBejVEz0TsxoUr6DP2glpCkC59hApQ2GkMl8TvTUMit8a1e8d+3CysKsjUB 1kxuQL0qoKLEp2FczaqkbBRGi5WclMGUbmINYAo+23NQz3eZyFPi7wLhxbVj8T7d W0ikjh/eV7NMNSVEuThlBObnBrvhhTnIcp3KuEaCm448UOy070dOgFOGpFpoKbDS s81IGwm/P+eT3WbrRLwwfcaA4K+lhQS6SHkBxhx93tnS4z7xVm1MsY8jdqBH06jj WEsScyHfqnJNW4yJiXlRqvCg8v5Ll1lWRAOLPLMXxPo54or/iXH2165RuPzXp3li dduxZDF7JNuc/L/TLLhKXwW7zNR7u1kXP/R9cAD9fnGKpmx0eK7UmvVycPTUzRLh oVzv347JbukP6ZUguOOnfcf3AkBHRfvH26Sit6fcwB5JL7yB043FuFvcqUP6zPNs K0N/EwpBuDZx310v6l/WgGpfzJ7yBk5Q37eoOhbsB0gtaN6/5ixUb2eEP4sGfU0K nqU8MSsveFVZ1SiNKa3DBRvGr/gw+BVLFoFSG6Rvpo+/dNUER/iu6XWyb5HRiS6e UbH26YuWVxo1Q1zKS9dc =q8wZ -----END PGP SIGNATURE----- |
From: Albrecht G. <alb...@ma...> - 2010-04-27 09:19:48
|
Hi Gustavo, hi David, Gustavo, thank you for the scetch of the possible solution on the ".htaccess" issue. David: can you please check this and give feedback to Gustavo? It is pretty urgent, since this is the last point we have to integrate beofre the release of 6.0.2 thank you and all the best Albrecht > since many people complain about the "DocumentRoot" limitation in the > installation of PHProjekt 6, for a better solution about the security, > there is an idea about to make 2 improves: > > 1. Make the configuration.ini file, a php file, so nobody can read it, > only the web server can execute it or read it. > > 2. Make a private folder for save there the logs, the temporally and the > uploaded files. (All the files written by the API/User). > > --- About 1. --- > The best solution that i found, is to keep the configuration.ini file as > format, add a <?php in the first line, rename it to configuration.php > and change the comments from ; to #. > There is a new Config parser, that just drop the first line, and take > the file as ini. > > Pros: > 1. The format is read friendly, like all the ini files. > Contra: > 1. Since is a php file, the common editor should provide a correct > interface for edit files, but since the ini structure is not PHP, maybe > the user have ugly messages in the editor. > 2. If you want to access directly to the file > http://p6/configuration.php => you will get a parser error. Maybe is not > a contra, but is ugly. > > --- About 2. --- > Here i want to discuss some scenarios. > First, the zip or the tarball, provide a folder phprojekt with all the > files and folders in it. > Currently the structure is: > phprojekt/ > application/ > htdocs/ > library/ > logs/ > tmp/ > upload/ > configuration.ini > And the limitation say that a vhost must be set to the htdocs folder. > > With the private folder, the idea is something like: > > phprojekt/ > application/ > htdocs/ > library/ > configuration.ini > private/ > logs/ > tmp/ > upload/ > > Scenario 1 - Common German structure: > If i drop the phprojekt folder in my public_html, then i have: > public_html/ > phprojekt/ > application/ > htdocs/ > library/ > configuration.ini > And the link to the API is http://my.domain/phprojekt/htdocs/index.php > In this scenario, the setup routine can try to create a private folder > in 2 places: > 1. in the same level as phprojekt. > Pros: The setup should can, since is a public folder with full access > to the web server. > Contra: Even if the private folder have a random name set by the user, > is accessible by web http://my.domain/private. > For solve that, we provide a .htaccess with Deny from all, but the > folder is still writable and public. > The user can set the write rights for this folder to "only owner"?, yes, > but ONLY in Linux, in Windows system, the folder is public and writable > (only the admin of the system can set the rights there). > > 2. Outside the public_html: > Pros: Is not accessible by Web. > Contra: > - The web user in general don't have access to write folders there, > or for rights or for groups limitation. If the setup routine can't > create the folder, the user/admin must do it. > If there are many problem for the common users to create a vhost, you > think that create a folder outside public is easy for them? > - If the folder is created, must have the correct right access, since > the API don't have right for change them, and again, the access system > works only for Linux, in windows is ALL 777. Do you think that the user > can do it? > > Scenario 2 - Personal systems: > In general, for the Scenario 1, we can use the DOCUMENT_ROOT var for > get the public folder, but for example, i have a windows system with > apache and the document root set on for example D:www, then i have many > sub folders for many pages. > My DOCUMENT_ROOT, is www, and the API will try to create a folder in: > - D:/www/phprojekt (in the same level as phprojekt) > - or in D: (Outside the public folder) > > Add to all this, if the server use safe_mode = ON, the API have problems > to access this private folder, depend on where is it. > > Also, if the rule is "no writable folders in the public one", what we > can do whit the application folder?. > Yes, we can make it read only, and add a private/application/ where the > user can add new modules. > But then the user can't delete the current modules like "Calendar" if he > don't want it in the system. > Also, we must change the routines that scan the application folder for > new modules, or custom ones, and we will have TWO applications folders, > one for the system and one for the users...if this don't generate > misunderstandings... > > For finish, i am agree with a private folder where we can write stuff in > a safe way, but reading the post, and the comments, there are many > "normal users" playing with P6, and are not "administrators", so maybe > this folder will provide more problems than solutions to these users. > > What do you think? > > If you want to test a bit, one of these implementations is in: > - http://github.com/gsolt/PHProjekt/tree/privateFolder > Works fine in windows, since don't try to set access, in Linux i tried > to install it in the MF server, and neither the API or myself, can > create a private folder with 0600 access in the before public_html. > > Greetings, > Gustavo > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: Gustavo S. <gus...@gm...> - 2010-04-27 03:46:01
|
Hi all, since many people complain about the "DocumentRoot" limitation in the installation of PHProjekt 6, for a better solution about the security, there is an idea about to make 2 improves: 1. Make the configuration.ini file, a php file, so nobody can read it, only the web server can execute it or read it. 2. Make a private folder for save there the logs, the temporally and the uploaded files. (All the files written by the API/User). --- About 1. --- The best solution that i found, is to keep the configuration.ini file as format, add a <?php in the first line, rename it to configuration.php and change the comments from ; to #. There is a new Config parser, that just drop the first line, and take the file as ini. Pros: 1. The format is read friendly, like all the ini files. Contra: 1. Since is a php file, the common editor should provide a correct interface for edit files, but since the ini structure is not PHP, maybe the user have ugly messages in the editor. 2. If you want to access directly to the file http://p6/configuration.php => you will get a parser error. Maybe is not a contra, but is ugly. --- About 2. --- Here i want to discuss some scenarios. First, the zip or the tarball, provide a folder phprojekt with all the files and folders in it. Currently the structure is: phprojekt/ application/ htdocs/ library/ logs/ tmp/ upload/ configuration.ini And the limitation say that a vhost must be set to the htdocs folder. With the private folder, the idea is something like: phprojekt/ application/ htdocs/ library/ configuration.ini private/ logs/ tmp/ upload/ Scenario 1 - Common German structure: If i drop the phprojekt folder in my public_html, then i have: public_html/ phprojekt/ application/ htdocs/ library/ configuration.ini And the link to the API is http://my.domain/phprojekt/htdocs/index.php In this scenario, the setup routine can try to create a private folder in 2 places: 1. in the same level as phprojekt. Pros: The setup should can, since is a public folder with full access to the web server. Contra: Even if the private folder have a random name set by the user, is accessible by web http://my.domain/private. For solve that, we provide a .htaccess with Deny from all, but the folder is still writable and public. The user can set the write rights for this folder to "only owner"?, yes, but ONLY in Linux, in Windows system, the folder is public and writable (only the admin of the system can set the rights there). 2. Outside the public_html: Pros: Is not accessible by Web. Contra: - The web user in general don't have access to write folders there, or for rights or for groups limitation. If the setup routine can't create the folder, the user/admin must do it. If there are many problem for the common users to create a vhost, you think that create a folder outside public is easy for them? - If the folder is created, must have the correct right access, since the API don't have right for change them, and again, the access system works only for Linux, in windows is ALL 777. Do you think that the user can do it? Scenario 2 - Personal systems: In general, for the Scenario 1, we can use the DOCUMENT_ROOT var for get the public folder, but for example, i have a windows system with apache and the document root set on for example D:www, then i have many sub folders for many pages. My DOCUMENT_ROOT, is www, and the API will try to create a folder in: - D:/www/phprojekt (in the same level as phprojekt) - or in D: (Outside the public folder) Add to all this, if the server use safe_mode = ON, the API have problems to access this private folder, depend on where is it. Also, if the rule is "no writable folders in the public one", what we can do whit the application folder?. Yes, we can make it read only, and add a private/application/ where the user can add new modules. But then the user can't delete the current modules like "Calendar" if he don't want it in the system. Also, we must change the routines that scan the application folder for new modules, or custom ones, and we will have TWO applications folders, one for the system and one for the users...if this don't generate misunderstandings... For finish, i am agree with a private folder where we can write stuff in a safe way, but reading the post, and the comments, there are many "normal users" playing with P6, and are not "administrators", so maybe this folder will provide more problems than solutions to these users. What do you think? If you want to test a bit, one of these implementations is in: - http://github.com/gsolt/PHProjekt/tree/privateFolder Works fine in windows, since don't try to set access, in Linux i tried to install it in the MF server, and neither the API or myself, can create a private folder with 0600 access in the before public_html. Greetings, Gustavo |
From: Mariano La P. <mar...@gm...> - 2010-04-07 16:02:21
|
Done I put 'PHProjekt 6 - The users view'. I hope you like it or else tell me. Mariano El 06/04/2010 07:43 a.m., Albrecht Günther escribió: > Hi Mariano, > > say, could you rename the title of the youtube entry to > 'Why to choose PHProjekt - the users view' or > 'PHProjekt - the users view' of something similar - the question mark > implies some critics :-) > > But this week we should release it, yes :-) > > all the best > Albrecht > > >> http://www.youtube.com/watch?v=KZbBK-N1UAU&fmt=6 >> >> I think it is highly recommended to publish it in 480p resolution. >> This link has the suffix '&fmt=6' that makes the video to get opened in >> this resolution, instead of 360p. When seen in 360p the URL in the >> browser and the text of P6 itself is not clearly seen (from 0:49 until >> the end of the video). >> >> >> Let's choose Phprojekt, the one with the bee logo! :-) >> >> Mariano >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Phprojekt-devel mailing list >> Php...@li... >> https://lists.sourceforge.net/lists/listinfo/phprojekt-devel >> > > |
From: Albrecht G. <alb...@ma...> - 2010-04-07 13:01:24
|
Hi Thorsten, >> I suggest to implement the Zend_Webdav_Abstract and to create the webdav >> part for the files module for PHProjekt 6.1 >> After this, in a next version we can enhance it with the caldav api. > we should wait with the development of PHProjekt 6.1 until we decided > how we will work with branches and when we PHProjekt 6.0 is in a good > and stable state. Gustavo works only in his branch, so no fear that the main branch will be compromised. Since David is on holidays, we need a plan what to do until he can return to P6, which will take until end of April. all the best Albrecht |
From: Thorsten R. <tho...@ma...> - 2010-04-07 12:43:55
|
Hi, > I suggest to implement the Zend_Webdav_Abstract and to create the webdav > part for the files module for PHProjekt 6.1 > > After this, in a next version we can enhance it with the caldav api. we should wait with the development of PHProjekt 6.1 until we decided how we will work with branches and when we PHProjekt 6.0 is in a good and stable state. Cheers Thorsten -- Thorsten Rinne, Dipl.-Inf. (FH) Mayflower GmbH Mannhardtstr. 6 Tel.: +49 89 24 20 54 31 D-80538 München Fax : +49 89 24 20 54 29 tho...@ma... http://www.mayflower.de Mayflower GmbH, Standort München Firmensitz: Mannhardtstraße 6, 80538 München Registergericht: Amtsgericht München, HRB 142039 Geschäftsführer: Gregor Streng, Björn Schotte, Albrecht Günther, Johann-Peter Hartmann |
From: Albrecht G. <alb...@ma...> - 2010-04-07 12:39:58
|
Hi Gustavo, this sound pretty reasonable. I suggest to implement the Zend_Webdav_Abstract and to create the webdav part for the files module for PHProjekt 6.1 After this, in a next version we can enhance it with the caldav api. all the best Albrecht > Since many people ask about the WebDAV implementation on P6, let see > what we need for it. > > 1. Server > In P5 we use the PEAR server, that is just a php 4 class that translates > the request into a WebDAV function. > We can make a new server class, using the PEAR one as example, in this > case the steps are: > - Make a new Zend class using the PEAR as model. > - Transform all the PHP4 structure to PHP5. > - Use all as we can the Zend functions. > - Define an Auth method that should be easy to configure. > After that, we will have something like Zend_Webdav_Abstract that will > have all the necessaries function for catch the request and call the > correct function. > > 1.2. Extension > Using the Zend_Webdav_Abstract, we can extend it for make custom servers > like: > 1.2.1. For files -Zend_Webdav_Files- (almost all done in the > Zend_Webdav_Abstract). > > 1.2.2. For events -Zend_Webdav_Caldav- (using the CalDAV RFC). > For the CalDAV class, we need also some extra functions, > first for customized the WebDAV using the CalDAV RFC, and second for > translate the P6 events or "any event data" into a ICAL format, and > vice-versa. > > 1.2.3. Others. > > Other structure can be: > Zend/ > Webdav/ > Abstract.php (Zend_Webdav_Abstract) > Webdav.php (Zend_Webdav extend Zend_Webdav_Abstract) > Caldav.php (Zend_Caldav extend Zend_Webdav_Abstract) > > > About the times, > For 1. can be something like 24 hs. > For 1.2.1 (for files) can be something like 1 hs. > For 1.2.2 (for events) can be something like 12 hs. > > 2. Client > After that we can use the "server", but we need some page that call it, > so the next step is to write a controller that get the request, call the > auth, call the server , and return the response. > This implementation should be done only for P6. > The url can be something like: > index.php/Default/webdav/index > and the controller: Default/WebdavController.php. > We can define other one for the caldav or not. > > About the times, > Can be something like 4 hs. > > About the times, as always, are "code" time, but we must add the test > and some problems that always appear in the process. > > I think that working on it 1 week(40 hs), we can have a good aprouch. > > What do you think? > > Greetings, > Gustavo Solt. > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: Gustavo S. <gus...@gm...> - 2010-04-06 16:21:00
|
Hi all, Since many people ask about the WebDAV implementation on P6, let see what we need for it. 1. Server In P5 we use the PEAR server, that is just a php 4 class that translates the request into a WebDAV function. We can make a new server class, using the PEAR one as example, in this case the steps are: - Make a new Zend class using the PEAR as model. - Transform all the PHP4 structure to PHP5. - Use all as we can the Zend functions. - Define an Auth method that should be easy to configure. After that, we will have something like Zend_Webdav_Abstract that will have all the necessaries function for catch the request and call the correct function. 1.2. Extension Using the Zend_Webdav_Abstract, we can extend it for make custom servers like: 1.2.1. For files -Zend_Webdav_Files- (almost all done in the Zend_Webdav_Abstract). 1.2.2. For events -Zend_Webdav_Caldav- (using the CalDAV RFC). For the CalDAV class, we need also some extra functions, first for customized the WebDAV using the CalDAV RFC, and second for translate the P6 events or "any event data" into a ICAL format, and vice-versa. 1.2.3. Others. Other structure can be: Zend/ Webdav/ Abstract.php (Zend_Webdav_Abstract) Webdav.php (Zend_Webdav extend Zend_Webdav_Abstract) Caldav.php (Zend_Caldav extend Zend_Webdav_Abstract) About the times, For 1. can be something like 24 hs. For 1.2.1 (for files) can be something like 1 hs. For 1.2.2 (for events) can be something like 12 hs. 2. Client After that we can use the "server", but we need some page that call it, so the next step is to write a controller that get the request, call the auth, call the server , and return the response. This implementation should be done only for P6. The url can be something like: index.php/Default/webdav/index and the controller: Default/WebdavController.php. We can define other one for the caldav or not. About the times, Can be something like 4 hs. About the times, as always, are "code" time, but we must add the test and some problems that always appear in the process. I think that working on it 1 week(40 hs), we can have a good aprouch. What do you think? Greetings, Gustavo Solt. |
From: Albrecht G. <alb...@ma...> - 2010-04-06 10:44:03
|
Hi Mariano, say, could you rename the title of the youtube entry to 'Why to choose PHProjekt - the users view' or 'PHProjekt - the users view' of something similar - the question mark implies some critics :-) But this week we should release it, yes :-) all the best Albrecht > http://www.youtube.com/watch?v=KZbBK-N1UAU&fmt=6 > > I think it is highly recommended to publish it in 480p resolution. > This link has the suffix '&fmt=6' that makes the video to get opened in > this resolution, instead of 360p. When seen in 360p the URL in the > browser and the text of P6 itself is not clearly seen (from 0:49 until > the end of the video). > > > Let's choose Phprojekt, the one with the bee logo! :-) > > Mariano > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: Albrecht G. <alb...@ma...> - 2010-04-01 08:40:07
|
Hi, after the run on the release (with more than ten thousand visitors only on friday afternoon), we close our small cloud and return to our usual sites. the old/new url's are: try.phprojekt.com for our P6 demo demo.old.phprojekt.com for our P5 demo Gustavo, one special request: all demo users have the first and last name 'john doe', which is a bit boring in user select boxes. Can you give them different names and update the sql file? all the best Albrecht |
From: Gustavo S. <gus...@gm...> - 2010-03-24 13:00:49
|
Hi Johann, thanks for the answer. About Zend_Cache, yes you are right, seams to be the right solution for these cases, but as i said, the point is which cache type we want to use. Since now we use SESSION, in the client side, and is really fast (since is memory), but have these problems. Here is a list of possibles cache type: http://framework.zend.com/manual/en/zend.cache.backends.html The file, is which we use now for common data (project tree and language strings). Do you think is better to switch from "save the data in session" to "save the data in a file on the server" ? Other option is Memcached, but we must put it as a requirement. (all the others also have extra requirements) Maybe we can make a new one for use the database, using the Zend_Cache_Backend_Sqlite as template. (If we want to support many database types in the future, we should make an abstract one that can be used with all of these types) Resume: SESSION => fast, don't works for multi-users. File => slow, works for multi-users. Database => fast (less than SESSION), works for multi-users, must be implemented. Suggestions? Greetings, Gustavo Solt On 24/03/2010 05:42 a.m., Johann-Peter Hartmann wrote: > Hi, > > Gustavo Solt schrieb: >> Point b) >> - If the User A was IN the TODO #1, and try to change something, he >> will get a message "The item don't exist" (for him, don't exists anymore) > > That's a misleading error message, it should be "You are not allowed to > do this!" ;-) (better: "Missing access rights for this item") > >> >> Point c) >> - The User B, since is still in the item, get a front message that the >> TODO was changed by the admin, but when he want to see the changes, >> the access still say "User A and User B", since the access is cached in >> the server. >> >> That is more or less not so important, since is an strange case, >> but what about the same on a project? >> >> If the User A is removed from a project, then he will have some errors >> when try to access to it (an Exception since the "node" don't exists). > > This should be the same error message as above. Any access control error > should result in a clear error message documenting the user does not > have access rights to the current item (anymore). > >> If the User A is ADDED to one project, the user will receive a front >> message, but he DON'T will see the new project, since the access for all >> the projects is already cached from the server for him. >> The solution is "logout, and login again". >> >> These cases, are not so commons, but can happen and we should offer some >> solutions for that. > > For me it looks like a wrong caching strategy. The caching should work > with active invalidation, i.e. if an item changes on the server, every > cache for it should be cleared - even client-side caches. > > The Zend_Cache provides tagging and the clean method for this purpose. > > > Greetings, > Johann > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel > |
From: Johann-Peter H. <har...@ma...> - 2010-03-24 07:38:37
|
Hi, Gustavo Solt schrieb: > Point b) > - If the User A was IN the TODO #1, and try to change something, he > will get a message "The item don't exist" (for him, don't exists anymore) That's a misleading error message, it should be "You are not allowed to do this!" ;-) (better: "Missing access rights for this item") > > Point c) > - The User B, since is still in the item, get a front message that the > TODO was changed by the admin, but when he want to see the changes, > the access still say "User A and User B", since the access is cached in > the server. > > That is more or less not so important, since is an strange case, > but what about the same on a project? > > If the User A is removed from a project, then he will have some errors > when try to access to it (an Exception since the "node" don't exists). This should be the same error message as above. Any access control error should result in a clear error message documenting the user does not have access rights to the current item (anymore). > If the User A is ADDED to one project, the user will receive a front > message, but he DON'T will see the new project, since the access for all > the projects is already cached from the server for him. > The solution is "logout, and login again". > > These cases, are not so commons, but can happen and we should offer some > solutions for that. For me it looks like a wrong caching strategy. The caching should work with active invalidation, i.e. if an item changes on the server, every cache for it should be cleared - even client-side caches. The Zend_Cache provides tagging and the clean method for this purpose. Greetings, Johann |
From: Gustavo S. <gus...@gm...> - 2010-03-23 15:21:45
|
Hi all, I have a question, about how we can resolve that: Imagine this case: User A have access to a TODO #1 User B have access to a TODO #1 1- User A is online, see the TODO #1 (the access is cached) 2- User B is online, see the TODO #1 (the access is cached) 3- Now the admin for example, remove the User A from the TODO #1, and keep only the access to the User B. Point a) - The User A that is online, since he is not anymore in the item TODO #1, he don't receive any message about the change. Point b) - If the User A was IN the TODO #1, and try to change something, he will get a message "The item don't exist" (for him, don't exists anymore) Point c) - The User B, since is still in the item, get a front message that the TODO was changed by the admin, but when he want to see the changes, the access still say "User A and User B", since the access is cached in the server. That is more or less not so important, since is an strange case, but what about the same on a project? If the User A is removed from a project, then he will have some errors when try to access to it (an Exception since the "node" don't exists). If the User A is ADDED to one project, the user will receive a front message, but he DON'T will see the new project, since the access for all the projects is already cached from the server for him. The solution is "logout, and login again". These cases, are not so commons, but can happen and we should offer some solutions for that. In resume, the problem is, if you keep the data PER USER in the SESSION, for improve the speed, then when other user change something, the current user have the old data cached in the server side. Solutions: 1- An extra request to the server that say "remove all the cache". - That can be called when a front message appear, but will work only if the front page is activated. 2- Don't cache the access of several users. - The speedy will decrees. 3- Keep the cache in the server as a file instead of the SESSION (like the project tree or the language), so any user can access to it, and delete it for be re-calculated. - Access to a file have always less performance that access to the memory. Suggestions are welcome :D Greetings, Gustavo Solt |
From: Albrecht G. <alb...@ma...> - 2010-03-22 14:46:47
|
Unfortunately not, since it is an open source project :-/ > Do you have a number, of how many people/companies use Phprojekt > currently? I mean, 5th version and previous ones? (from now on, also the > 6th!) > > Just a total number for all versions, or something that gives me an > idea of the world scope of it. > > Thanks > Mariano > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: Mariano La P. <mar...@gm...> - 2010-03-22 14:07:18
|
Hello people Do you have a number, of how many people/companies use Phprojekt currently? I mean, 5th version and previous ones? (from now on, also the 6th!) Just a total number for all versions, or something that gives me an idea of the world scope of it. Thanks Mariano |
From: Albrecht G. <alb...@ma...> - 2010-03-22 10:00:50
|
Hi Mariano, > http://www.youtube.com/watch?v=KZbBK-N1UAU&fmt=6 this one looks pretty good, and I thzink we should publish it on thursday, since we have today we have 6.0.1 to release. all the best Albrecht > I think it is highly recommended to publish it in 480p resolution. > This link has the suffix '&fmt=6' that makes the video to get opened in > this resolution, instead of 360p. When seen in 360p the URL in the > browser and the text of P6 itself is not clearly seen (from 0:49 until > the end of the video). > > > Let's choose Phprojekt, the one with the bee logo! :-) > > Mariano > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel |
From: David S. P. <ds...@gm...> - 2010-03-20 16:41:15
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 19.03.10 01:36, schrieb Mariano La Penna: > New screencast ready. > > http://www.youtube.com/watch?v=KZbBK-N1UAU&fmt=6 > > I think it is highly recommended to publish it in 480p resolution. > This link has the suffix '&fmt=6' that makes the video to get opened in > this resolution, instead of 360p. When seen in 360p the URL in the > browser and the text of P6 itself is not clearly seen (from 0:49 until > the end of the video). really great. Good story and good implementation. It's very convincing. Keep on the good work. David > > Let's choose Phprojekt, the one with the bee logo! :-) > > Mariano > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Phprojekt-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phprojekt-devel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuk+p4ACgkQ/snRGA1Vb0sdawCgroSYtxO4YioVH9h5Kt9XaAgg tsIAoJykExK3pCBWcnJgMstSSMmPwzPp =6gUC -----END PGP SIGNATURE----- |
From: Mariano La P. <mar...@gm...> - 2010-03-19 00:36:41
|
New screencast ready. http://www.youtube.com/watch?v=KZbBK-N1UAU&fmt=6 I think it is highly recommended to publish it in 480p resolution. This link has the suffix '&fmt=6' that makes the video to get opened in this resolution, instead of 360p. When seen in 360p the URL in the browser and the text of P6 itself is not clearly seen (from 0:49 until the end of the video). Let's choose Phprojekt, the one with the bee logo! :-) Mariano |
From: Albrecht G. <alb...@ma...> - 2010-03-18 20:46:10
|
Hi Guys, well, this first bug came pretty fast :-) Here the plan for the next days: 1. ticket in bugtracker is created, this is always the first action 2. then fix it and validate the fix 3. commit it into the trunk 4. make a remark on the ticket, that it is solved in the trunk on github 5. post a news (for this bug, we will do this NOT NOW - in order not to spoil our nice release posting!) I propose to do this on tuesday 6. release the bug with the next update maybe friday to collect more bugs. any other opinion? all the best Albrecht |
From: Albrecht G. <alb...@ma...> - 2010-02-22 15:34:19
|
Hi Gustavo, thank you for the improved layout of the timecard! Here are my remarks: - I think it is very good, that the day view looks like the day view in the calendar - this is usability! Question: how difficult would it be to have the same funcktionality here as in the calendar? (aka: drag and expand also here possible?) So the only difference would be the form ... (of curse it would mean to have the same classses in the code, yes) - For calendar AND timecard a small feature request: booked items should have a different backgorund colour than the both colours of the day view (at the moment it is rather transparent, which is puzzling). - Month view (=list of days in month), right pane: - since fpor me it seems, that we still have space to the button, can we: - move the month name above the list? Please list month name and year - move the day selector there, too? - give a bit more space between the days? - entries in day view: - separation is done, thnx. Maybe the remark is more important than the project - but leave it like it is, we can change it after the release very easily. - Borders should have the same layout as in the calendar. - Day view: Please give a short feedback, whether it is possible just to display a part of the whole day (e.g. 8-18) and to make it scrollable. If yes, we can have 30 minutes instead of one hour as the unit. - Form: - we need a 'cancel' button here. - Popup favourite projects: Please add the text: "Favorite projects appear first in the select box of the form" so the user knows for what the selection is good for. What do you think? all the best Albrecht |