sw360 / sw360portal Goto Github PK

When creating a release: clicking "add license" returns "No users found within your search"

From Mail Frederik Berck (Juli 23, 2015)

Make component type visible.
Use it for component filter.
Make component type (OSS, COTS...) adjustable for each release.
(This is also necessary in order to deal with dual licenses. Then the software can be created separately for each license model. )

improve performance and show more releases

From Mail Frederik Berck (Juli 23, 2015)

Make component type visible.
Use it for component filter.
Make component type (OSS, COTS...) adjustable for each release.
(This is also necessary in order to deal with dual licenses. Then the software can be created separately for each license model. )

PortalProperties literally usses 110SNAPSHOT at the moment. This has to be modified to be independent of the release name.

Otherwise we get problems in the next release...

(from Frederick) Show versions of linked projects.
Nice to have: hyperlink to the linked project.

In Projects table, column Clearing Status is filled with five zeroes, no matter what statuses linked releases have.

Similar to MyComponents and MyProjects, the moderation requests in the MyTaskAssigments Portlet should be linked with the corresponding moderation request (or at least the list).

Right now sharing links is difficult as direct / clean URLs for components or projects do not work.

Solution could be http://www.liferay.com/de/community/wiki/-/wiki/Main/FriendlyURLMapper

Goal is that Users can share (friendly) URLs betwen each other to projects, releases, etc.

As an alternative:

• provide the database ID of that item
• provide a means to enter this database id
• maybe provide that fields to call a specific document in the search pane?

travis should be pulled in so we have regular builds and also test runs on the commits. technicaly, this ticket is about providing the according travis file.

Let's start simple: just the usual build and test.

I am not sure about usual, because our testing involves couchdb. Maybe we skip couchdb tests for the first (and fork this to another ticket). Or download and start could be feasible?

When exporting excel (projects and components), it is necessary to have the filtered view also in the excel export.

Excel Export is the red button in the upper right of the list views

For projects Excel export, this involves also respecting the access restrictions who can see which projects.

When uploading attachments, an approver should be able to say "approve" to an upload item.

As approvers, the moderators would be suitable. The approve function is especially targeted for reports that are uploaded to the sw360portal, as an attachment to a release.

The implementation of the approve function involves a button, as the clicking user is presumed to be the approver. (no need to allow for text entry of an approver e-mail to enter other approvers) .

At every attachment item, the approver (e-mail) and the date of approval is shown. Please not use the time, as this bears problems with emloyment laws.

NOTE - this has an implication on the claring status counted for the projects: then the last number should not cound "report available", but "approved".

user should be able to delete own moderation requests in Home portlet

Improvements for the vendor handling are necessary:

1. if there is a creation of a release and a vendor is to be set, the user usually searches for a vendor. However, if the desired is not among the list, but needs to be created, there is not means for doing so. Instead the user needs to make a more special search to get to the button that allows him to create one.

2. Vendor short name, vendor ID and vendor name seem to be mixed in the Vendor portlet and the search mask when adding a vendor to a release. (See screenshot)

3. It should be possible to delete a vendor in the vendor detail view.

Currently, the only COTS (see https://de.wikipedia.org/wiki/Commercial_off-the-shelf) support is the component attribute saying whether it is open source or COTS. In fact some more attributes are required. Since there is not current COTS handling system existing, the exact requirements are completely new and require user feedback before.

This feature requires user feedback.

It is about having an overview and some UI controls to manage components / releases by their life cycle status. Currently, this status is displayed, however, as flat attribute

Life cycle status (long "u") could be "specific", "mainline", "end-of-life".
It is proposed that before starting the feature, a user feedback is really important here.

One major aspect is how to get such status value: voting for example? Special role assignment? Scores / metrics? that is where user feedback is required.

It is about the clearing status of a release.

When a clearing report has been uploaded, the user must set the clearing status to report available of the release manually. It would be good to have this automatically set once an attachment exists with type of clearing report.

For example, when (AND semantics)

a) a release is updated with a new attachment of type clearing report,
-> status is "available"
b) an approver has approved this item
-> status is "approved" [1]
then, the clearing status field of the release could be set automatically accordingly.

[1] requires new status in thrift, components.thrift, for example:
enum ClearingState {
NEW_CLEARING = 0,
SENT_TO_FOSSOLOGY = 1,
UNDER_CLEARING = 2,
REPORT_AVAILABLE = 3,
APPROVED= 4,
}

(original ticket from Johannes)

Components and Releases have two fields:

• optional set mainLicenseIds,
• optional set mainLicenseNames,

The Component fields are filled from Releases on Release change.

The names are never read, and set apart from the ComponentImporter.

The display of licenses is done via the DisplayLicense Tag, which looks up the whole license with the license client via the Id.

This is inconsistent and redundant and a solution would be to refactor licenses such that their Ids are the short names (so that the short names have to be unique, which they should anyway be). Then the two fields can be aggregated into one field.

The price would be that one can not easily change the shortname of a license after referencing it, but this rarely happens. Also it is easy to keep synchronous with fossology because there the license Id is the shortname.

The current license database is based on the import / export functionality. While this works, it could be beneficial, if there is a UI for adding licenses in SW360. This involves also the Todo and obligation handling.

While there is the Ui to create new ones, the view should be used to edit existing licenses as well

all admin portlets with lists should get a paging like the component list portlet

Make component type (OSS, COTS...) adjustable for each release.
(This is also necessary in order to deal with dual licenses. Then the software can be created separately for each license model. )
Make component type visible.
Use it for component filter.

Apparently the argument that chrome has this build in does not count so much: Firefox users (and IE and Safari) have a hard time entering the date via keyboard.

A date picker for those fields would be super helpful. Please mind a compatible license for choosing the code, in the ideal case, it is part of liferay alloy!

Attached an image as example for dates in the project edit view.

When using the notification interface, the e-mails could be sent out using the Liferay infrastructure.
Initial user experience has shown that for moderation requests, e-mail sending is really necessary.

There is a sw360.properties file for setting the Host URL of the thrift backend for clients. Actually we, by default have used localhost, it should be tested for other URLs.

orginial title "Add backendUrl to constructor of thriftClients to enable separation of backend and frontend" with comment

"resolved with the property key 'backend.url' inside sw360.properties
if the property file cannot be found in the classpath or it does not have the key, the old default of 'localhost:8085' is used"

In order to be able to track which source code package was under inspection, a check sum should be maintained by sw360 for attachments, in this case for source code uploads in particular.

Maybe couchdb offers this function already.

In order to provide the user with input opportunities for the entries, such as components and projects (exactly these two), a wiki space should be provided where, moderators, owners, admins and clearing admins are able to add information for a component. This component specific information shall enable organisation-internal sharing of notes and further information (also links) for a component.

The technical challenge is to have a wiki page (single page is desired here) for every component or project. Contrary to that the wiki element of liferay appears not easily connectable with such entity. As such, a wiki widget is desired that allows for saving the wiki data just as additional entity metadata. From a provisioning point of view, it would be bad, to add another database (postgresql...) where data is stored to.

Calling the Vendor Portlet from the admin section yields "Portlet no available". Tomcat log out out following.

When importing the user.csv, all users with group clearing admin are imported as users.
They should be imported as clearing admin.

The idea is that Fossology does not only export a Readme OSS file, but also provides some export data using the SPDX XML or Tag Value format notation. Then, this license information could be also displayed in a "one-web-page" summary in the browser and also listings could be made. This one larger summary allows for an overview about the license situation when browsing releases.

In particular:

• display license statistics
• get the main license
• manage license reporting

The Database Sanitation UI find Attachments that finds duplicate attachments.

It seems to work, however, the UI could be improved w.r.t. large results sets. The reuslt set could show more line breaks.

When clicking on a license in the license portlet the details view of this specific license should be shown. At the moment this is broken.

(repoen from Frederick)

Make component type (OSS, COTS...) adjustable for each release.
(This is also necessary in order to deal with dual licenses. Then the software can be created separately for each license model. )
Make component type visible.
Use it for component filter.

There is the "license information about a component"-file format:

http://spdx.org/SPDX-specifications/spdx-version-2.0

This is generated by Fossology and other tools possibly.

The SPDX import should work for sw360. sw360 should process this for a couple of use cases:

• display license statistics
• get the main license
• manage license reporting

This ticket is huge and required further details.

In some earlier version there was a pull down menue, like as with programming languages for the component types.

So the user did not have free form, but a list to select from.

That should be back again. And is should based on an already established standard:

https://projects-old.apache.org/categories.html

(adding "other" mght be useful as well)

If could be implemented the same way it is done with platforms or programming languages.

(from Frederick)

Show versions of linked projects.
Nice to have: hyperlink to the linked project.

• a new frontend portlet should be implemented which allows user to register by their self
• the portlet have to be accessible anonymously
• all required user properties (see user csv) including group and role (dropdown) should be entered
• the portlet should register the user in liferay AND create the user for the backend
• reusing the code of the user csv import is self-evident (maybe refactoring is required)
• the user should be deactivated in liferay so that a login is not possible
• a moderation request should be created (for whom?)
• after the moderation request is accepted, the user will be activated
• if the moderation request is declined the user will be deleted in the backend AND in liferay

Upload of Release could trigger Reuse agent in Fossology of already scanned Releases of the same component of the uploading clearing team.

(or check if that has been done - as this was ticket from the old ticket system)

There are modification rights w.r.t. moderators and creators (a.k.a. owner) of a components or release or project.

See this wiki page for documentation: https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model

the add TODO feature in licenses portlet is probably broken

When a user receives a moderation request, this request must be visible in the liferay-notifications/requests.
Furthermore, the user should get sent an email with the notification.

It could involve other long running tasks in general.

About the main licenses of the release entry.

When the user wants to search for main licenses in he release pane, no license is found, even licenses exists. Moreover, the search dialog seems to be copied from search dialogues for searching users.

It should be that instead of users on the dialogue, the search should be for licenses, and also the licenses should be found.

From Mail Frederik Berck (Juli 23, 2015)

A filter tool for the projects portlet comparable with the filter for components is asked for (Project Type, Project Responsible...).
Furthermore, list more details in Home-My Projects (which details?).

Based on issue #19, a main use case asked for is to list components in the component main view by their main license (e.g. show only components with Apache-2.0 as main license)

At the same time, please limit the description to one line and truncate with three dots after a couple of chars (maybe 32?) and display full text with Mouse over.

At the same time, please change the default row view number from 10 to 25.

From Mail Frederik Berck (Juli 23, 2015)

Home-My Components: Show not only where releases exist, but also which ones.
(Proposal: name release if there's only one,"multiple releases" if there are more.

From Mail Frederik Berck (Juli 23, 2015):

Show versions of linked projects.
Nice to have: hyperlink to the linked project.

If one shows a banner using com.siemens.sw360.portal.portlets.Sw360Portlet.setSessionMessage,
one will see a green banner. I think that the color should depend on requestStatus, i.e.

• green only for SUCCESS
• red for FAILURE
• yellow for everything else

screenshot

Banner is green but the message says "Vendor short could not be....".

If a user uploads an attachment to a project which he is not permitted to modify, a moderation request is sent to the moderators of the project.
Nevertheless, the moderators cannot see the attachment and when the moderation request is accepted, the attachment is not linked to the project.