Administrative backend

[ArnaudD]

• Display list of uploaded filez
  • possibility to delete some files
• Display basic stats : users quota, total size of the uploaded files
• Create users (if the users are stored in the filez db)

[almaghi]

This is implemented in the backend branch:

• Display list of uploaded filez, and possibility to delete every files
• Create, edit and delete users (if the users are stored in the filez db)

This is not implemented yet:

• Display basic stats : users quota, total size of the uploaded files, number of active files, number of users. I think stats should be directly displayed on /admin/.

Do we want a config administrative backend? What should be the uses for the Config admin tab?

[ArnaudD]

Great ! Thank you !

For the dashboard (/admin) I was thinking about somthing like this http://imgur.com/RDACS Have you an idea of interesting numbers to put here ?

I think we should remove the config tab for now. But in the future it would be interesting if we could configure filez without opening the ".ini" file for things like Look'n'Feel, Limitations, Localisation, etc.

[ArnaudD]

To summarize the info we should display on the dashboard (I will regularly update this ticket with your comments) :

• number of active files + total size
• number of files + total size | since the beginning (expired + active)
• number of users
• top five active files wich use the most bandwidth (DL * size)
• top five users with the greatest number of files
• top five users with a quota full ?

[ArnaudD]

It could be interesting to be able to manually extend the file lifetime of a file.

[ArnaudD]

TODO : By default, filez should use a random salt string to hash the password. A solution could be to set the salt user attribute everytime a user is created (even if the user comes from LDAP, it will not have any incidence). Then in the password setter function, alter the password with the hash before hashing it.

[almaghi]

Most of the backend is written. Summary of the yet ToDo:

• Must do:
  ** update the install script
  ** Cross-site security (with the h() function and other tricks)
• Should do:
  -- use a random salt string to hash the password by default
  -- admin able to manually extend the file lifetime of a file.
• Do later:
  -- more stats, graph.
  -- config backend (release 2.2)

[ArnaudD]

I think that "using a random salt string to hash the password by default" is a "must do". I will take care of this

[ArnaudD]

Password are now salted by default UAPV@a0cc542

[almaghi]

By being able to manually extend the file lifetime, do you thought of adding a "add a day" link on the admin backend?
(such as this commit: almaghi@efc14f1 )
Or would you prefer a simple form to extend the lifetime of N days?

The best would be to use the date picker jquery widget http://docs.jquery.com/UI/Datepicker http://jqueryui.com/demos/datepicker/
(something such as this commit: almaghi@4d48865 )

[almaghi]

Design pass: http://imgur.com/nndfo&Ltw4v&zhAFA

[almaghi]

Depends on #55.

[steamraven]

using a custom algorithm with internal user authentication does not work with the user admin module. There needs to be two different versions of the algorithm. If the algorithm is blank the current system uses:

to set password: 'SHA1(CONCAT(:salt,:password))'
to check password: 'SHA1(CONCAT(salt, :password))'

Checking the password uses the column, setting password uses a bind variable. here is a fix to include a second option "db_password_set_algorithm". If not set, defaults to db_password_algorithm.

patch:
https://gist.github.com/981124

[almaghi]

Hey steamraven, thank you very much for your test, your patch and your
report; this is great. I'll update the 2.1 branch accordingly.
Cheers

2011/5/19 steamraven <
reply@reply.github.com>

using a custom algorithm with internal user authentication does not work
with the user admin module. There needs to be two different versions of the
algorithm. If the algorithm is blank the current system uses:

to set password: 'SHA1(CONCAT(:salt,:password))'
to check password: 'SHA1(CONCAT(salt, :password))'

Checking the password uses the column, setting password uses a bind
variable. here is a fix to include a second option
"db_password_set_algorithm". If not set, defaults to db_password_algorithm.

patch:
https://gist.github.com/981124

Reply to this email directly or view it on GitHub:
https://github.com/UAPV/FileZ/issues/43#comment_1204604

[almaghi]

Mickael Martin proposed in the ML to add thses stats:

• top 5 des utilisateurs les plus gourmands
• top 5 des groupes les plus gourmands
• bande passante dl + upload utilisée depuis une date.
• taille totale de fichiers sur le disque
• espace restant sur le disque (pourquoi pas une alerte par mail à l'admin en cas de place insuffisante)