-
1. Re: console security
dmlloyd Jun 13, 2007 11:14 AM (in response to tom.baeyens)"tom.baeyens@jboss.com" wrote:
david, what is the status on the user names ?
It's not quite a simple search/replace. I'm working out a way to make the replacement without breaking unit tests. Should be done today."tom.baeyens@jboss.com" wrote:
can you also activate the security in the web.xml again ?
I could, but why? I think for the initial deployment/evaluation, it's easiest for the end user to just go straight into the console. Remember that it is an administration console, not an end-user application. So there's no real benefit to requiring a login - not from an evaluation perspective, or a prototyping perspective.
In fact it would make it harder since the users wouldn't know what to log in as unless we put the user list on the front page - something I am unwilling to do, because the user will then have to remove the list to deploy it into production. -
2. Re: console security
kukeltje Jun 13, 2007 11:21 AM (in response to tom.baeyens)me curious to... was just trying the latest console out and have some findings... not sure whether I should report them or not since I do not know if work is still on the todo list and do not want to polute the jira.
So (O/T) things I notice are:
- tasks can be 'ended' via a normal transition without ever being started, hence no start date in the task (related to the examine thing below)
- the moment the comment appears is confusing.... should maybe be preceded by a popup like 'you just finished this task, do you want to add a comment to it (yes/no)
- the 'examine' is kind of strange.. examine to me is not being able to work on it... (read only)
- Can I start a dutch translation? -
3. Re: console security
kukeltje Jun 13, 2007 11:29 AM (in response to tom.baeyens)"david.lloyd@jboss.com" wrote:
I could, but why? I think for the initial deployment/evaluation, it's easiest for the end user to just go straight into the console. Remember that it is an administration console, not an end-user application. So there's no real benefit to requiring a login - not from an evaluation perspective, or a prototyping perspective.
I tend to disagree.... part of it is an administration console, part is simulating the process.. changing roles/users should be possible with seeing limited taskslists. Maybe the following thing sounds stupid, but if this (imo) basic functionality is not in the console, I will never get it soled to the managers here. It is then not usable for rapid prototyping and we need to develop a full webapp just to simulate the basics of a process. hmm...."david.lloyd@jboss.com" wrote:
In fact it would make it harder since the users wouldn't know what to log in as unless we put the user list on the front page
- something I am unwilling to do, because the user will then have to remove the list to deploy it into production.
I tend to disagree to. Often we create dummy users with the role in their name and a number added to it. Easily remembered and very usable. So the issue of the list on the homepage is not a real issue. -
4. Re: console security
dmlloyd Jun 13, 2007 11:52 AM (in response to tom.baeyens)"kukeltje" wrote:
me curious to... was just trying the latest console out and have some findings... not sure whether I should report them or not since I do not know if work is still on the todo list and do not want to polute the jira.
So (O/T) things I notice are:
- tasks can be 'ended' via a normal transition without ever being started, hence no start date in the task (related to the examine thing below)
- the moment the comment appears is confusing.... should maybe be preceded by a popup like 'you just finished this task, do you want to add a comment to it (yes/no)
- the 'examine' is kind of strange.. examine to me is not being able to work on it... (read only)
- Can I start a dutch translation?
Yes, this is an admin console so you can do pretty much anything allowed by the API, including things that are probably not a good idea. Use the security configuration in access.properties to limit access to different functions.
The comments screen has a kind of ugly layout, but functionally I think it makes sense. Patches welcome to make it look nicer. :-) The task screens are not intended so much for people to be able to run their day-to-day tasks, but rather so that administrators can see what the status of things are, and "take things over" if needed.
As for a dutch translation - please do! You can point out all the faults in my L10n efforts. :-) -
5. Re: console security
tom.baeyens Jun 14, 2007 3:25 AM (in response to tom.baeyens)for the evaluation/learning purposes, for the process participants, it is necessary that the security is turned on. how else are we able to demonstrate the task list feature ?
if you make sure that one user is an admin, you can always log in as that user to get all the admin features.