GUI elements we’d love to see in ]po[ 4.x

Posted by admin on July 17, 2010 0 comments

Search Box with Filter and Large Drop Down Menu

http://tympanus.net/codrops/2010/07/14/ui-elements-search-box/

http://www.web-delicious.com/jquery-plugins/

Autocomplete anywhere – includes emacs

Posted by admin on April 14, 2010 0 comments

http://www.autohotkey.com/

http://www.vasanth.in/content/binary/Intellitype.ahk

http://www.autohotkey.com/docs/scripts/

http://www.donationcoder.com/Software/Skrommel/index.html#AutoClip

Common constructs writing ]po[ update scripts

Posted by admin on March 17, 2010 0 comments

Sample Script

create or replace function inline_0 ()
returns integer as '
declare
        v_count         integer;
begin
        select count(*) into v_count from user_tab_columns
        where lower(table_name) = ''acs_object_types'' and lower(column_name) = ''icon_path'';
        IF v_count > 0 THEN return 1; END IF;

        alter table acs_object_types add column icon_path character varying(100);
        RETURN 0;

end;' language 'plpgsql';
select inline_0 ();
drop function inline_0 ();

Check existence of column:

select count(*) into v_count from user_tab_columns where table_name = ''IM_HOURS'' and column_name = ''INVOICE_ID'';

Check existence of table:

select count(*) into v_count from pg_tables where tablename = ''im_capacity_planning'';

Check for existing constraints

        select count(*) into v_count from pg_constraint
        where lower(conname) = ''im_hours_project_fk'';

Create categories

SELECT im_category_new (16006, 'Rejected', 'Intranet Absence Status');

Create menu item

SELECT im_new_menu(
        'intranet-timesheet2',
        'timesheet2_absences_bankholiday',
        'New Bank Holiday',
        '/intranet-timesheet2/absences/new?absence_type_id=5004',
        50,
        'timesheet2_absences',
        null
);

Create menu permissions

SELECT im_new_menu_perms('timesheet2_absences_bankholiday', 'Employees');

pg_dump failed – invalid byte sequence for encoding “UTF8″

Posted by admin on February 20, 2010 0 comments

Using

pg_dump -U projop -E UTF8 -d projop > projop.dump

instead of the usual

pg_dump --no-owner --clean --disable-dollar-quoting --format=p --file projop.dump

I was able to to restore the db.

BCN tips

Posted by admin on November 18, 2009 0 comments

Restaurants

Classics

http://www.loscaracoles.es/
Barcelona classic, nice ‘ambiente’, very touristic, prices maybe a bit to high for what they offer, but you get the whole spanish experience, crossing the kitchen when entering the restaurant, always packed with people, hams hanging from the ceiling.

Cervecería Catalana
My favorite tapa place

Senyor Parellada

http://www.senyorparellada.com/

Classic in the born area

“Elegancia”

http://www.rte-olive.com/
Take your beloved one to this on her birthday

http://www.hotelcasafuster.com/restaurante.asp

Take your beloved one to this in case you want to propose – Woddy Allen played the saxophon during his stays in the bar

http://www.ladama-restaurant.com/

Back to the good old days, upper price segment.
(… you have one of the best TROBADORS right across the street)

Modern

http://www.w-barcelona.com/

impressive !!!

Hesperia_Tower-Barcelona_Catalonia

http://www.tripadvisor.es/Hotel_Review-g187497-d630596-Reviews-Hesperia_Tower-Barcelona_Catalonia.html

Michelin * (or ** ??)

Pretty Cool

http://www.laparadeta.com/

make your order at the entrance – all “fish” – big portions – student restaurant

Great value – nice ambiente

www.restaurantetrobador.com
Always a great value for the money and a nice and modern atmosphere, many locations city wide

www.flamantrestaurant.com

www.restaurantbalthazar.com

Feelin’ fishy?

http://www.bcnrestaurantes.com/eng/barcelona.asp?restaurante=carballeria

close to port

http://www.botafumeiro.es/

probably one of the best fish restaurants in BCN – try the percebes !

Sea Views

http://www.canmajo.es/ (views only from terrace)

http://www.aguadeltragaluz.com/

Takin’ a coffee in downtown

www.4gats.com

http://www.bcnrestaurantes.com/barcelona.asp?restaurante=el-gran-cafe

Rustic – outside BCN

www.can-borell.com

Day Trips

Torres
Wine tasting outside of BCN

Freixenet
Cava – nice tour

http://www.barcelona-tourist-guide.com/en/tour/montserrat-spain.html – ca. 50km ausserhalb

Estimating Project Costs

Posted by admin on November 1, 2009 0 comments

This entry moved to http://www.project-open.org/documentation/rfe_Advanced_Financial_Project_Planning

How to prevent SQL Injections

Posted by admin on October 17, 2009 0 comments

http://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks

Golden Rules:

3: Custom-Written Value Sanitation. Avoid writing your own sanitation routines as much as possible except when it’s absolutely the only option remaining (which is very unlikely in any modern language). Input sanitation is a hard problem, and the costs of getting it wrong are huge. It’s best to leave that job to someone else. When you are forced to rely on this method use white-listing rather than black-listing to sanitize input.

2: Framework / Library Based Value Sanitation. Leave the sanitation routines to the domain experts. Sanitation routines in 1st party frameworks and libraries are typically created by the same folks that wrote the DB or the SQL API. They have a much higher chance of knowing, and properly handling, all of the edge cases than you do. An example of this technique would be using php’s mysql_escape_string() function to sanitize values that will be inserted into strings that serve as dynamic SQL statements.

1: Parameter Binding. Instead of constructing a SQL statement as a raw string which includes user data as in-place literal values, create a SQL statement with tokens where the user data would be. Then bind the user supplied data to the appropriate parameters. The key here is that this binds the provided data to a specific type and a specific use and eliminates any opportunity to change the logic of the SQL statement. This can be used in conjunction with library based input sanitation as well.

http://www.tcl.tk/community/tcl2004/Tcl2003papers/cleverly.htm

Luckily for the Tcl programmer who craves laziness, OpenACS provides a higher-level database API on top of ns_db that hides all the mundane house-keeping chores. Additionaly, bind-variable emulation is available which frees the programmer from worrying about always escaping apostrophes in SQL statements. Bind variables are prefaced with a colon.

 set name "Jim O'Connor"
            set salary 40000

            db_dml new_hire {
                insert into employees (name, salary, dept)
                values (:name, :salary, 'Accounting')
            }

http://openacs.com/forums/message-view?message_id=250625

Posted by Dave Bauer on 01/19/05 04:57 PM

In Postgresql the db_* commands extract the “bind” variables and SQL quote them automatically. In the PG driver itself the [] charactaers are escaped as well for safety.

This means that the effective security of PostgreSQL is the same as Oracle.

This is done at the database api layer.

In addition ad_page_contract has filters and validation features to check input. ad_form and the form builder also have validation features for input.

XOWIKI – db structure

Posted by admin on October 12, 2009 0 comments

xowiki pages are managed with the OpenACS Content repository.

XOWIKI pages:

For each page there’s an entry in cr_items

projop=# \d cr_items
                                   Table "public.cr_items"
      Column       |          Type          |                   Modifiers
-------------------+------------------------+------------------------------------------------
 item_id           | integer                | not null
 parent_id         | integer                | not null
 name              | character varying(400) | not null
 locale            | character varying(4)   |
 live_revision     | integer                |
 latest_revision   | integer                |
 publish_status    | character varying(40)  |
 content_type      | character varying(100) |
 storage_type      | character varying(10)  | not null default 'text'::character varying
 storage_area_key  | character varying(100) | not null default 'CR_FILES'::character varying
 tree_sortkey      | bit varying            | not null
 max_child_sortkey | bit varying            |

Page content

Page content is stored in table cr_revisions

projop=# \d cr_revisions
                             Table "public.cr_revisions"
     Column     |           Type           |                Modifiers
----------------+--------------------------+-----------------------------------------
 revision_id    | integer                  | not null
 item_id        | integer                  | not null
 title          | character varying(1000)  |
 description    | text                     |
 publish_date   | timestamp with time zone |
 mime_type      | character varying(200)   | default 'text/plain'::character varying
 nls_language   | character varying(50)    |
 lob            | integer                  |
 content        | text                     |
 content_length | integer                  |

Finding content that can’t be found using ‘search’ such as links etc.

select
		r.item_id,
		r.title,
		i.name
from
		cr_revisions r,
		cr_items i
where
		r.content like '%en:install_main%' and
		r.revision_id = i.live_revision;

Object Model

Pls. see: http://openacs.org/xotcl/show-object?show_source=0&object=%3A%3Axowiki%3A%3APage&show_methods=1

]project-open[ – Getting Things Done Package

Posted by admin on September 26, 2009 0 comments

The package provides the following features:

  • Provide a single access point for all tasks assigned to an user
  • Gives users the possibility to create a sortable list of tasks
  • Tasks can added from a list of existing project tasks, forum tasks and workflow tasks
  • Let users add arbitrary tasks not managed with ]po[
  • Provide users with quick access to often used features such as time sheet tracking and relevant task data.
  • Speeds up adminstrative tasks and provides convenience to users working in multitasking environments, such as Help-Desk, Call-Center, Support, etc.

Principal architectural objectives:

  • Implementing a RESTful Web Service
  • Evaluate Open Source JS libraries for use in ]po[
  • Security aspects and error handling when using xmlhttp requests (XHR)

Protoytype

To-Do’s

  • Fix Bug: time – logging
  • Show err mess when no tasks have been found for project
  • Allow to delete tasks from To-Do list by drag&drop them to wastebasket
  • Add WF tab (shows all tasks resulting from WF instances)
  • Add Forum tab (shows all FORUM tasks)

Developer Documentation

                Table "public.im_gtd_tasks"
       Column       |           Type           | Modifiers
--------------------+--------------------------+-----------
 gtd_task_id        | integer                  | not null
 ref_id             | integer                  | not null
 owner_id           | integer                  |
 created_date       | timestamp with time zone |
 description        | text                     |
 last_modified      | date                     |
 gtd_type_id        | integer                  | not null
 gtd_task_status_id | integer                  | not null
Indexes:
    "im_gtd_tasks_pkey" PRIMARY KEY, btree (gtd_task_id)
Foreign-key constraints:
    "im_gtd_task_type_fk" FOREIGN KEY (gtd_type_id) REFERENCES im_categories(category_id)
    "im_gtd_task_type_status_fk" FOREIGN KEY (gtd_task_status_id) REFERENCES im_categories(category_id)
    "im_gtd_tasks_owner_id_fkey" FOREIGN KEY (owner_id) REFERENCES users(user_id)

What drives you?

Posted by admin on September 14, 2009 0 comments