hhucn / adhocracy.hhu_theme Goto Github PK

The navigation bar should include breadcrumbs like

Normsetzung » Test instane » Proposal 42

Every entry should be linkified, but the last one shouldn't be visible as such until the user hovers over it.

adhocracy.relative_urls should be documented in the default adhocracy.ini, like this:

# INSTALL: Encode instance name in path instead of domain.
# Instead of https://test.adhocracy.lan/foo , the URL becomes
# https://adhocracy.lan/i/test/foo , or just /i/test/foo
#adhocracy.relative_urls = True

This is only useful when the relative-url branch has been merged into default.

Copy of https://bitbucket.org/liqd/adhocracy/issue/57/write-a-test-script-for-bare-ampersands

We should test that the various corners of adhocracy work with the relative-urls branch, both when adhocracy.relative_urls is set and when it's not.

Selenium test cases would be great, but manual testing would work too.

Currently, RequireInternalRequest in adhocracy/lib/csrf.py (the CSRF protection method) includes the following lines:

if method in ['POST', 'PUT']:  # hack
    return True

This seems to be obviously broken.

Create a demonstration site to show that (for example, create a new instance when the logged-in administrator visits the site).

Then, fix the CSRF vulnerabilities.

Also make sure that the current functionality is not impeeded. Contact / assign @vigri for details on testing these.

We should set up basic selenium tests on the developer's machines (probably with HTMLUnit).

We should also prepare for real-browser tests.

Carsten + Christopher

Tag autocompletion needs instance information.

We should allow users to set their preferred sorting order for proposals in their user profile. (Default to no setting, i.e. using whatever is configured for the server/instance).

There should be an installation-wide configuration to assign additional rights to a user based on her IP address (block).

As html comment

Ausgehend von der Startseite (https://normsetzung.cs.uni-duesseldorf.de):

I.
Im footer führen folgende urls zu Internal Server Errors:

1.  "Wie funktioniert Adhocracy?"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/about

2.  "Verhaltenskodex"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/codex

3.  "Nutzungsbedingungen"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/terms

4.  "Datenschutz"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/privacy

5.  "Impressum"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/about/impressum

1.  "Über diese Seite"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/about

        Sowie alle weiteren Dropdown Links:
        a)  "Über adhocracy.de"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/uber-adhocracy

        b)  "Projekte"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/projekte

        c)  "Akteure"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/akteure

        d)  "Support"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/support

        e)  "Impressum"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/impressum

        f)  "Kontakt"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/about/kontakt

2.  "Engagieren"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/engagieren

        Sowie alle weiteren Dropdown Links:
        a)  "Spenden"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/engagieren/spenden

        b)  "Fördermitgliedschaft"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/engagieren/fordermitgliedschaft

        c)  "Helfen und Mitarbeiten"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/engagieren/mitarbeiten

        d)  "Offiziell Nutzen"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/engagieren/offiziell-nutzen

3.  "Hilfe"
    https://normsetzung.cs.uni-duesseldorf.de/_pages/help

        Sowie alle weiteren Dropdown Links:
        a)  "Anleitungen"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/help/anleitungen

        b)  "FAQs"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/help/faq

        c)  "Support"
            https://normsetzung.cs.uni-duesseldorf.de/_pages/help/support

1.  "Mit Google anmelden" Button führt zu Google Error Page

2.  "Mit Yahoo anmelden" Button führt zu Yahoo Error Page

HINWEIS: "Mit Open ID Anmelden" wurde noch nicht getestet

Gleiches Problem wenn man eingeloggt ist und über Edit Profile eine OpenID hinzufügen möchte:
https://normsetzung.cs.uni-duesseldorf.de/openid/connect
Google und Yahoo Buttons führen zu Error Pages

1.  "Nutzungsbedingungen" führt zu Internal Server Error
    https://normsetzung.cs.uni-duesseldorf.de/_pages/terms

1.  "Themen/Norms"          (im Gruppenmenü <ul id="subnav">)
    https://normsetzung.cs.uni-duesseldorf.de/page  -> Error 400

    (Richtiger Link für diese Gruppe: "https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/page")

2.  "Vorschläge/Proposals"  (im Gruppenmenü <ul id="subnav">)
    https://normsetzung.cs.uni-duesseldorf.de/proposal -> Error 400

    (Richtiger Link für diese Gruppe: "https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/proposal")

3.  "Mitglieder/Members"    (im Gruppenmenü <ul id="subnav">)
    https://normsetzung.cs.uni-duesseldorf.de/user  -> Error 400

    (Richtiger Link für diese Gruppe: "https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/user")

4.  Der "new norm" Button auf folgender Seite: "Norms/Themen"
    https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/page
    verursacht Error 400

    (Button führt fälschlicherweise nach: "https://normsetzung.cs.uni-duesseldorf.de/page/new")
    (Richtiger Link für den Button bei dieser Gruppe: "https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/page/new")

5.  Der "save" Button auf folgender Seite: "Create Norm/Thema" 
    https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/page/new
    verursacht Error 400

6.  Unter "Vorschläge/Proposals", wenn man sich einen bestehenden Vorschlag anzeigen lässt,
    funktioniert der "Vorschlag folgen" Button nicht

7.  "Settings"              (im Gruppenmenü <ul id="subnav">) (nur sichtbar für admin)
    https://normsetzung.cs.uni-duesseldorf.de/i/nureintest/instance/nureintest/settings -> Internal Server Error

8. Innerhalb einer Norm führt der blaue "New Proposal" Button verursacht Error 400   

Is this intended or should they replaced with & ouml; & auml; & uuml; ?

When adhocracy_buildout/src/adhocracy is a symlink to a directory checked out not from the official adhocracy, but somewhere else, the mr.developer update fails:

~$ ls -l adhocracy_buildout/src/adhocracy
lrwxrwxrwx 1 phihag phihag 27 Aug  9 16:28 adhocracy_buildout/src/adhocracy -> /home/phihag/host/adhocracy
~$ cat /home/phihag/host/adhocracy/.hg/hgrc 
[paths]
default = https://bitbucket.org/liqd/adhocracy
liqd = ssh://[email protected]/liqd/adhocracy
phihag = ssh://[email protected]/phihag/adhocracy
~$ ./build_debian.sh
(snipped)
mr.developer: Queued 'adhocracy' for checkout.
mr.developer: Queued 'adhocracy.adhocracy_theme' for checkout.
mr.developer: Queued 'adhocracy.wordpressbasic_theme' for checkout.
mr.developer: Queued 'js.jquery_joyride' for checkout.
mr.developer: Queued 'js.socialshareprivacy' for checkout.
mr.developer: Can't update package 'adhocracy' because its URL doesn't match.
mr.developer: Updated 'adhocracy.wordpressbasic_theme' with mercurial.
mr.developer: Updated 'js.jquery_joyride' with mercurial.
mr.developer: Updated 'js.socialshareprivacy' with mercurial.
mr.developer: Updated 'adhocracy.adhocracy_theme' with mercurial.
mr.developer: There have been errors, see messages above.
~$ echo $?
1

Currently, a number of views (including the list of instances) are rendered by retrieving the data from solr and therefore prone to errors. Add a no_solr configuration option to adhocracy.ini (set by default in the hhu branch of the buildout).

If that option is set, render all pagers from databases (i.e. via sqlalchemy) instead of solr. Finally, we may want to turn off solr.

Stefan?

There should be a configuration in adhocracy.ini to determine how a user can login. It should be a comma-separated list with the default openid,username+password,email+password.

• OpenID must be disabled if openid is not presented in the list
• The default username/password login must be disabled if username+password is missing
• Add a new username/email login that is only enabled if the list contains email+password.

Close liqd/adhocracy#42 .

Currently, administrators have to manually navigate to /instance to add instances or see the instance list. we should add a link to /instance in the administration panel on /admin/.

Modify build_debian.sh if necessary.

No registration email are send (normsetzung server).

Sometimes, users cd into adhocracy_buildout and execute build-debian from there. build_debian should abort if the current working directory contains adhocracy_buildout.

We should disable all tutorials, either by not including them in the HHU theme (if possible), or by adding a global option in adhocracy.ini to do so.

Steps to reproduce:

• Login as administrator
• Click "Administrate Site"
• Click "Permissions"

Observe

Error 403
I'm sorry, it looks like we made a mistake (CSRF alert). Please try again. 

Given you are on user/all page (or similar user listing)

When you either logged in as user or not

Then you should not see the admin account.

But you are logged in as privileged user on level admin

Then you should see the admin account

Add a new right for this purpose. For details, refer to the loose spec at http://rulesetting.pbworks.com/w/page/58847668/Antrag%20f%C3%BCr%20geheime%20Abstimmung

This feature must be activated on an instance-wide basis.

We should import users from the old normsetzung.cs. as well as unicoop. Make sure to keep Professor and other badges.

Our eggproxy server has been disabled in buildout_common.cfg since the update mechanism has hung regularily. The update procedure should be fixed and the eggproxy should be re-added.

• Get access to adhocracy-buildout.cs.uni-duesseldorf.de (from @phihag)
• Update eggproxy and update
• Clean current eggproxy data
• Verify that updating works
• Uncomment index = in buildout_commmon.cfg

At http://adhocracy.lan:5001/user/ the user cannot choose the language by clicking on the labels adjacent to the radio buttons.

Add at critical points in Paste, Pylons and Adhocracy probes to measure measures. This should help to test and improve the performance of the application.

.. on normsetzung-adhocracy1. Curiously, start & stop failed.

Currently, the registration links in the registration confirmation mail look like

/user/Cschroeder/activate?c=9b773b4aae14

We want an absolute URL instead.

The default theme of adhocracy is located at adhocracy/template and adhocracy/static.
The problem for attempts to customize these, is that one has to complete mess up the default files in the directories mentioned above.

So it should be able to add support to adhocracy for themes. This could be done to

1. Implement a diazo based rewriting of the complete deliverd site at every request for every theme.
2. Implement in the underlying pylon framework the support for multiple rendering sources.

Which method is the best one, must be evaluated.

In adhocracy.js, about line 400, we construct an absolute URL without regard to the instance base URL.

Check all delegation targets.

If users encounter technical problems, they should be able to get support via our shared email account (see config_mail.sh in our server configuration repository for the account details). Add a note to that effect to the footer, and clean up existing stuff down there.

Badges should be displayed along with the user name.

Currently, users and other items can be tagged with colored badges. Allow invisible badges. This change should be merged into the main adhocracy repository.

We should preconfigure all our options for easy development.

Don't forget to include a -b option to build_debian.

In some instances, it may be interesting or even necessary to see how different groups of users vote.

1. Add an instance-wide configuration for the list of voting across badges that are always shown.
2. Also add an instance-wide configuration option that allows users to see the results of different badges.
3. Design and implement safeguards to prevent voter identification.

normsetzung.cs.uni-duesseldorf should proxy either to normsetzung-adhocracy1.cn or 2, and this should be configurable without superuser rights.

The repository branch "relative-urls" contains a .hgignore file which should be replaced/renamed by merging with master.

Currently, our CI server tests the old bitbucket version of adhocracy. This issue entails:

• Delete old cruft / chroots etc.
• Test with HHU theming + configuration as well as plain adhocracy (mail to [email protected] if the HHU configuration fails)
• Actually test once
• Set up automatic testing upon commits from adhocracy (↪ @NiDi), adhocracy.buildout (↪ @NiDi), and adhocracy.hhu_theme (↪ @phihag)
• Check that email notification on errors still works
• Check that integration tests are running

The Administrationsite for Users
Login ( admin ) > Administrate Site > Users

does not show deterministic the list of Users.

.. or different paths.

On the left side, a large logo. On the right side, all groups.

To get MySQL running, we needed to

apt-get install libmysqlclient-dev
(in buildout) pip install MySQL-python

That should not be necessary. Test why sh build_debian.sh -m worked before.

Currently, the build_debian.sh scripts does everything in one pass - installation of MySQL and debian packages as well as installation of the local directories. We should try to separate those to, so that we can run the root parts as a superuser, and let a restricted user install adhocracy itself.