From Scott.Lemon at HumanXtensions.com Thu Jul 5 18:00:25 2007 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Thu, 5 Jul 2007 16:00:25 -0600 Subject: [Explainpmt-General] New (happy) user! Message-ID: <00ac01c7bf4f$f35b7f90$a18281a6@MobileDuoCell> Hello! Thank you! I was using Xplanner in the past, and have grown frustrated at the complexity and lack of motion in that solution. I found your project, and was able to come up to speed on Ruby, install Rails and Mongrel, configure Apache and get it working! I'm reading the docs now, and getting my first project going. I wanted to know if there is anywhere in particular that you want bugs reported? I was surprised, but right off the bat I ran into problems changing my e-mail address ... then realized it was because I was putting some capital letters in the name. Once I went all lower case it took care of things ... Anyhow ... great stuff, and I'm going to look at where I might be able to contribute! P.S. Your main website appears to be down today ... not sure why ... Scott C. Lemon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/explainpmt-general/attachments/20070705/3997616e/attachment.html From johnwilger at gmail.com Thu Jul 5 18:30:36 2007 From: johnwilger at gmail.com (John Wilger) Date: Thu, 5 Jul 2007 15:30:36 -0700 Subject: [Explainpmt-General] New (happy) user! In-Reply-To: <00ac01c7bf4f$f35b7f90$a18281a6@MobileDuoCell> References: <00ac01c7bf4f$f35b7f90$a18281a6@MobileDuoCell> Message-ID: On Jul 5, 2007, at 3:00 PM, Scott C. Lemon wrote: > I wanted to know if there is anywhere in particular that you want > bugs reported? I was surprised, but right off the bat I ran into > problems changing my e-mail address ... then realized it was because > I was putting some capital letters in the name. Once I went all > lower case it took care of things ... We don't have a public bug-tracker set up at this point, but you can send any issues to this list for now. > P.S. Your main website appears to be down today ... not sure why ... Yeah, the site's going to be flakey for a little bit here. I'm in the process of setting up new hosting for it and moving the domain to a new registrar (which has not gone as smoothly as I would have hoped and underscores the necessity of the change). -- Regards, John Wilger johnwilger at gmail.com http://johnwilger.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/explainpmt-general/attachments/20070705/0423bcf4/attachment.html From Scott.Lemon at HumanXtensions.com Fri Jul 6 15:33:55 2007 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Fri, 6 Jul 2007 13:33:55 -0600 Subject: [Explainpmt-General] New (happy) user! In-Reply-To: References: <00ac01c7bf4f$f35b7f90$a18281a6@MobileDuoCell> Message-ID: <006301c7c004$a7257300$195081a6@MobileDuoCell> Ok ... I'll report things here, and I'll also stay tuned for the site updates. One thing that I noticed last night, there are no real security controls on the system right now ... right? 1. Anyone who can get to the site can register for an account - no moderation, no way to block this 2. Anyone with an account can then create projects, and everything under them - no moderation, no way to block this 3. Anyone on a project can basically do anything with all aspects of that project - create, read, update, delete Is this correct? Or am I missing something on the user/access control side? P.S. Not a bad thing ... I just need to understand what I might have to deal with ... Scott C. Lemon _____ From: explainpmt-general-bounces at rubyforge.org [mailto:explainpmt-general-bounces at rubyforge.org] On Behalf Of John Wilger Sent: Thursday, July 05, 2007 4:31 PM To: List for users of eXPlainPMT (General Discussion) Subject: Re: [Explainpmt-General] New (happy) user! On Jul 5, 2007, at 3:00 PM, Scott C. Lemon wrote: I wanted to know if there is anywhere in particular that you want bugs reported? I was surprised, but right off the bat I ran into problems changing my e-mail address ... then realized it was because I was putting some capital letters in the name. Once I went all lower case it took care of things ... We don't have a public bug-tracker set up at this point, but you can send any issues to this list for now. P.S. Your main website appears to be down today ... not sure why ... Yeah, the site's going to be flakey for a little bit here. I'm in the process of setting up new hosting for it and moving the domain to a new registrar (which has not gone as smoothly as I would have hoped and underscores the necessity of the change). -- Regards, John Wilger johnwilger at gmail.com http://johnwilger.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/explainpmt-general/attachments/20070706/b7ca458b/attachment.html From johnwilger at gmail.com Fri Jul 6 15:51:33 2007 From: johnwilger at gmail.com (John Wilger) Date: Fri, 6 Jul 2007 12:51:33 -0700 Subject: [Explainpmt-General] New (happy) user! In-Reply-To: <006301c7c004$a7257300$195081a6@MobileDuoCell> References: <00ac01c7bf4f$f35b7f90$a18281a6@MobileDuoCell> <006301c7c004$a7257300$195081a6@MobileDuoCell> Message-ID: On Jul 6, 2007, at 12:33 PM, Scott C. Lemon wrote: > One thing that I noticed last night, there are no real security > controls on the system right now ... right? > > 1. Anyone who can get to the site can register for an account - no > moderation, no way to block this > > 2. Anyone with an account can then create projects, and everything > under them - no moderation, no way to block this > > 3. Anyone on a project can basically do anything with all aspects of > that project - create, read, update, delete When I first wrote eXPlainPMT, it was intended mostly to be used internally rather than open to the public. At the time there was no ability to "register" for an account -- you had to have an account created by an admin user. It made sense to keep the permissions as open as possible (there were only "admins" and "users" and the only things an admin could do that a user couldn't were create/edit/delete projects and other users. Jake Dempsey took over the bulk of the maintenance quite a while ago, and he's been busy integrating changes that he had already made for use at his employer. He added the ability to register for an account and is working on putting up a publicly available, free, hosted version of the app. Certainly, there will need to be some thought put into the the "permissions" that a user has with this change in direction. -- Regards, John Wilger johnwilger at gmail.com http://johnwilger.com