View Issue Details

IDProjectCategoryView StatusLast Update
0000957Main CAcert Websiteorganisational sectionpublic2013-01-15 17:33
ReporterINOPIAE Assigned ToNEOatNHNG  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version2011 Q4 
Summary0000957: Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
Descriptionsee http://wiki.cacert.org/OrganisationAssurance/Team/Meetings/2011-06-30#preview
TagsNo tags attached.
Reviewed byTed, NEOatNHNG
Test Instructions

Relationships

related to 0000967 closedegal Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer 
related to 0001083 closedBenBE Resize comment field for adding new organisation administrators 

Activities

Uli60

2011-07-14 15:14

updater   ~0002133

COMMENTS TEXT (unlimited length)

Uli60

2011-07-14 15:25

updater  

27.php (2,377 bytes)

Uli60

2011-07-14 15:27

updater   ~0002134

/pages/account/27.php
comments field textedit field adjusted
database field COMMENTS does not needs an upgrade
as it is of type unlimited length

Uli60

2011-07-14 15:30

updater  

24.php (2,613 bytes)

Uli60

2011-07-14 15:32

updater   ~0002135

effects NEW org too
https://cacert1.of.avintec.de/account.php?id=24
/pages/account/24.php
comments field textedit field adjusted in form
database field COMMENTS does not needs an upgrade
as it is of type unlimited length

INOPIAE

2011-07-17 07:50

updater   ~0002145

It also should be done for the comment field in the Organisation Adminitrator section when adding a new Organisation Adminstrator https://secure1.it-sls.de/account.php?id=33

Uli60

2011-07-17 15:45

updater   ~0002146

/pages/account/24.php + 27.php effects orginfo.comments
that has a complete handling design within the webdb code, starting from add a comment, edit a comment, delete a comment.

/pages/account/33.php relates to a short comment for OrgAdmins added to an Organisation and effects the db field org.comments. In difference to the Organisations comment field, that has a complete add/edit/delete design, there exists no design to edit comment fields on OrgAdmin records. You can eiter add or delete a complete OrgAdmin record, but you cannot edit the comment field.
In entering a big field (eg textarea) with several rows and columns, this implies, that a historical record to the OrgAdmin can be built up with the comment field. This leads to a false assumption. So therefor the OrgAdmin comment field should be either limited or completely removed.
If there are historical remarks to add, add these to the orginfo.comments field instead of add a comment to the OrgAdmin, Organisation Assurers nor OrgAdmins can edit/update.

The OrgAdmin comments field is just designed to store a short comment like phone number or a date or a nickname
otherwise the webdb design needs an upgrade to also to implement an update page for the OrgAdmin's comment field.

/pages/account/33.php has some sanitizeHTML() added

SanitizeHTML() also added on the view OrgAdmin page /pages/account/32.php

Uli60

2011-07-17 15:46

updater  

32.php (2,403 bytes)

Uli60

2011-07-17 15:58

updater  

33.php (2,632 bytes)

Uli60

2011-07-17 16:03

updater   ~0002147

/pages/account/33.php
input text field size and maxlength
size defines width of the input field, but relates on text font, font size
eg size=27 allows "12345678901234567890" all chars visible in text field, but using all "W"'s only 13 "W"'s are visible in the text input field and input field starts scrolling by entering more "W"'s
so here form design and field design clashes

Ted

2011-08-02 19:25

administrator   ~0002245

Also increased the size of the other edit fields, it looks considerably nicer and the fields are tiny!

Created git branch bug-957, merged into master branch and installed on the testserver

Ted

2011-08-02 19:44

administrator   ~0002246

Reviewed commit 94c1897f129f269cde9c8cb3c4a95011f328ead3 versus 1262ff0b1c8cf748c0dc6ed502d80c579ae672ca.

Changes are acceptable

Ted

2011-08-02 20:00

administrator   ~0002247

Did some testing:

- Log in with an account that has the Org Assurer Flag set
- Org Assurer -> View Organisation -> Edit any org:
Fields are bigger ==> OK

- Org Assurer -> New Organisation
Fields are bigger ==> OK

- Org Assurer -> View Organisation -> Show Admins of an org -> Add new admin using html tags in department and/or mail address
HTML-tags get stripped ==> OK
comment is limited to 20 chars ==> OK (?)

- Org Assurer -> View Organisation -> Edit any org -> Enter a big comment (> 20 chars) and save
- Org Assurer -> View Organisation -> Show Admins of an org -> Add new admin
Big comment from organisation is shown in comment field. If not modified it is saved into the database and shown in the admin list of the org
==> Is this OK???
I'd propose not to give any default comment for a new admin.

alex

2011-08-02 21:28

reporter   ~0002253

- Org Assurer -> View Organisation -> Edit any org
and
- Org Assurer -> New Organisation

Edit Org fields, especially comment, seem of proper size for me

- Org Assurer -> View Organisation -> Show Admins of an org -> Add new admin using html tags in department and/or mail address

After adding admin and saving the comment which is taken from Add organization (why?) in the same browser session and which is longer than 20 chars a red announcement text appears saying: "The comment is limited to 20 chars". But no truncating or the like occurs as tested in a new browser session from the org assuree session.

Now seeing a similar comment from Ted above. I agree to https://bugs.cacert.org/view.php?id=957#c2247 not to give default comments which are then also visible by the org assuree.

Uli60

2011-08-03 10:57

updater   ~0002280

Last edited: 2011-08-03 12:48

View 7 revisions

logged in Org Assurer:
add new Organisation: Bug 957 Test GmbH
Org Contact: bug957.contact@wiamail.de
adding long comment with several rows
click next - Org added

view organisations lists:
Bug 957 Test GmbH, Germany, Hessen DE Domains (0) Admins (0) Edit Delete

ok, interupt to create an OrgAdmin account

created account bug957.orgadmin@
doing assurances with 3 other accounts (3 x 35 AP => 100 AP)
add CATS flag

re-login to Org Assurer account
Org Assurer - View Organisations
Select Bug957 Test GmbH -> Admins (0)
Administrators Add
email: bug957.orgadmin@
department: ..
Master Account: No
Comments: => short comments field (as expected)
          phone / mobile / alt...
   would write "alternate email" but field is limited to 20 chars
   => ok

Admin-comment is displayed under the Admins list => as expected, ok

logout
login as bug957.orgadmin
menu options:
+ Org Client Certs
+ Org Server Certs
only 2 visible, Org Assurer is hidden

ok, interupt to create an OrgAdmin2 account

created account bug957.orgadmin2@
doing assurances with 3 other accounts (3 x 35 AP => 100 AP)
add CATS flag

re-login to Org Assurer account
Org Assurer - View Organisations
Select Bug957 Test GmbH -> Admins (1)
Administrators Add
email: bug957.orgadmin2@
department: ..
Master Account: Yes <= !!!
Comments: some text upto 20 chars => short comments field (as expected)

admin list displays
Bug957 OrgAdmin 0 IT phone / mobile / alt Delete
bug957 OrgAdmin2 1 IT short comment more t Delete

=> ok

from bug notes
https://bugs.cacert.org/view.php?id=957#c2247 and
https://bugs.cacert.org/view.php?id=957#c2253

"- Org Assurer -> View Organisation -> Show Admins of an org -> Add new admin
Big comment from organisation is shown in comment field."

This I cannot confirm. The comment field is empty despite the fact there is a big long comment text under the Organisation comment
but this may relate to the fact, that I've interupted the sessions
to create addtl. user accounts to add as OrgAdmin (?!?)
so this problem seems to be a browser cache problem with cached form fields text
by default the comments field text under OrgAdmin is empty
to outwit the browsers forms caching maybe a name-id for the comment field will prevent the duplication of the text ?!?

to add form name="xyz" identifiers doesn't solve the problem.
The only workable solution is to name the _config['comments'] memory field and the form fields 'comments' different like a) commentsorg and b) commentsoadm
but the problem persists with adding several OrgAdmins. Adding the 2nd OrgAdmin displays the form content from OrgAdmin #1
The only chance here: to reset the form field content for OrgAdmin Adds to zero / empty

Ok, the Add OrgAdmin form prefills the form with content from $_SESSION['config']['*'] fields, so also field $_SESSION['config']['comments']
this makes no sense either here.
Adding a new admin, cannot be the same email as the admin before, adding the department is the only plausible field to duplicate. to duplicate the comment field doesn't make sense here, especialy it duplicates the Organisation comment ...
Proposed solution: to not pre-fill any fields in /pages/account/33.php with values from session config memory.

Uli60

2011-08-03 12:55

updater  

33-update110803.php (2,283 bytes)

Uli60

2011-08-03 13:00

updater   ~0002281

added /pages/account/33.php (update 2011-08-03)
with pre-filling of form fields removed.

the $_SESSION['config']['comments'] field may clash
in a scenario where the Org Assurer adds several Orgs with several OrgAdmins to the database:
a) add Org 1 - add OrgAdmin1.1 - add OrgAdmin1.2
b) add Org 2
here the comment from OrgAdmin1.2 may be displayed in the form for Org 2 comment

This needs a bigger patch by renaming the form namefields for comments different under Organisation add (like commentsorg) and under OrgAdmin add (like commentsoadm)

so first give it the simple try

INOPIAE

2011-08-19 05:20

updater   ~0002306

login in as OrgAssurer in all cases

Create new Organisation
if Organisation name or email address empty => error discription about missing data => ok
Should not the town and country fields become mandatory fields?
Larger comment field => ok
The commit button is labled "Next" should this not better be "Save"

Creating a second Organisation
All fields are prefilled from the previous organisation. Should be empty.
Adding the same organisation there is no cross check if existing and the organisation is duplicated.


Logout + login again
Create new Organisation all fields are empty

View existing Organisation via edit and leave without any action
Creating new Organisation empty fields

View existing Organisation via edit and update data
All fields are prefilled from the previous organisation. Should be empty.

Deleting Organisation
Question if delete => ok
Cancel => Organisation deleted => false
Delete => Organisation delete => ok

Adding Domain
=> ok
Adding a second domain
Field is prefilled from previous domain. Could be usefull if an organisation as a few similar domains e.g. domain.com, domain.net,domain.de
Try to add the same domain again => error discription that the domain is already used in an Organisation Account, nothing happens => ok

Deleting domain
Question if delete => ok
Cancel => nothing happens => ok
Delete => Organisation delete => ok

Adding OrgAdmin
If the email field is empty or an email address that is not a primary one => error discription that the address cannot be used => ok
There is no cross check if account has assurer status. Account with 0 points, no CATS and no assurer flag is added => should not be allowed.
NB. presently an OA must check over support if OrgAdmin has assurer status
Comment field is restricted to 20 characters => ok

Adding second OrgAdmin
All field are prefilled from previous OrgAdmin.
If the same data is used => nothing happens => ok

Create new organisation
Add new OrgAdmin
Comment field is prefilled with the text from the Organisation Account. If the is text is longer than 20 characters it is still saved without length restriction => false

Deleting OrgAdmin
Question if delete => ok
Cancel => nothing happens => ok
Delete => OrgAdmin delete => ok

Uli60

2011-08-19 08:32

updater   ~0002308

Last edited: 2011-08-19 08:40

View 4 revisions

prefills of forms .. read note
https://bugs.cacert.org/view.php?id=957#c2280
below
 from bug notes
https://bugs.cacert.org/view.php?id=957#c2247 and
https://bugs.cacert.org/view.php?id=957#c2253

and https://bugs.cacert.org/view.php?id=957#c2281

renaming the form namefields for comments different under Organisation add (like commentsorg) and under OrgAdmin add (like commentsoadm) solves the problem that comments added under Org aren't displayed under OrgAdmin, but this doesn't solve the problem, that the browser cache adds the comment from Org1 to Org2, the comment from OrgAdmin1 to OrgAdmin2 :-P
reset memory vars ? before / after each form process ?!?


> There is no cross check if account has assurer status. Account with 0 points, > no CATS and no assurer flag is added => should not be allowed.
> NB. presently an OA must check over support if OrgAdmin has assurer status

there is a seperate bug# added
https://bugs.cacert.org/view.php?id=967

Uli60

2011-08-19 09:48

updater  

24-update110819.php (2,782 bytes)

Uli60

2011-08-19 09:49

updater  

33-update110819.php (2,668 bytes)

Uli60

2011-08-19 09:52

updater   ~0002309

updated patch for
/pages/account/ 24.php and 33.php
to reset session variables for form prefills
prefilled forms confuses more then it helps.
so in add forms the fields are reset to empty (don't prefill)
and also effected session variables reset
will be set if form is saved next time

Ted

2011-08-23 22:06

administrator   ~0002336

Added Ulis changes to branch bug-957, installed changes on testserver.

Ted

2011-08-23 22:09

administrator   ~0002337

Repeated test from https://bugs.cacert.org/view.php?id=957#c2247, comment in add admin dialog is empty ==> OK

Ted

2011-08-23 22:10

administrator   ~0002338

First review done, changes acceptable.

INOPIAE

2011-08-23 22:34

updater   ~0002339

login in as OrgAssurer in all cases

Create new Organisation
if Organisation name or email address empty => error discription about missing data => ok
Should not the town and country fields become mandatory fields?
Larger comment field => ok
The commit button is labled "Next" should this not better be "Save"

Creating a second Organisation
All fields are empty. => ok


Logout + login again
Create new Organisation all fields are empty

View existing Organisation via edit and leave without any action
Creating new Organisation empty fields

View existing Organisation via edit and update data
All fields are empty. => ok

Deleting Organisation
Question if delete => ok
Cancel => Organisation deleted => false
Delete => Organisation delete => ok

Adding Domain
=> ok
Adding a second domain
Field is prefilled from previous domain. Could be usefull if an organisation as a few similar domains e.g. domain.com, domain.net,domain.de
Try to add the same domain again => error discription that the domain is already used in an Organisation Account, nothing happens => ok

Deleting domain
Question if delete => ok
Cancel => nothing happens => ok
Delete => Organisation delete => ok

Adding OrgAdmin
If the email field is empty or an email address that is not a primary one => error discription that the address cannot be used => ok
There is no cross check if account has assurer status. Account with 0 points, no CATS and no assurer flag is added => should not be allowed.
NB. presently an OA must check over support if OrgAdmin has assurer status
Comment field is restricted to 20 characters => ok

Adding second OrgAdmin
All field are empty => ok

Create new organisation
Add new OrgAdmin
Comment field is empty. => ok

Deleting OrgAdmin
Question if delete => ok
Cancel => nothing happens => ok
Delete => OrgAdmin delete => ok

Uli60

2011-09-22 23:18

updater   ~0002493

Last edited: 2011-09-22 23:28

View 2 revisions

login as orgassurer (orgadmin flag set)
"edit" one existing org
editing big comment field, update
https://cacert1.it-sls.de/account.php?id=25&viewcomment=1
long comments are saved into the record
=> ok

add new org
editing big comment field with html and Ümlauts
https://cacert1.it-sls.de/account.php?id=25&viewcomment=1
displays both not handled. < b > < /b > removed, Ü not converted
=> ok

adding 2 admins to prior created new org
editing small comment field for new admin
"small comment over l"
  2 4 6 8 0 2 4 6 8 0
has 20 chars, prevents adding more characters -> ok
adding 2nd admin
=> both ok

login with orgadmin #1 (master flag set), of org created before and admin added before
Menu section "Org Assurer" lists only "View"
(despite the fact user has master flag set)
listed organisation(s) with admin(2) link
lists admins like orgassurer sees in adding view org
except own account cannot be removed (N/A) -> ok
delete 2nd admin -> cancel -> returns to overview with 2 admins listed -> ok
delete 2nd admin -> delete -> returns to overview with 1 admin listed, 1 removed -> ok
adding new admin (master flag not set) -> works -> ok
all as expected -> ok

Uli60

2011-09-22 23:33

updater   ~0002494

tested by 3
needs 2nd and last review + deploy to critical system

NEOatNHNG

2011-12-26 19:18

administrator   ~0002758

I have reviewed the changes and they are good to go. I have sent an email to the critical admins.

wytze

2011-12-27 11:57

developer   ~0002759

The fix has been installed on the production server on December 27, 2011.
See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2011-12/msg00011.html

Werner Dworak

2012-12-21 05:19

updater   ~0003522

More than 3 month fixed and no complaints

Issue History

Date Modified Username Field Change
2011-07-01 14:01 INOPIAE New Issue
2011-07-14 15:14 Uli60 Note Added: 0002133
2011-07-14 15:25 Uli60 Assigned To => Uli60
2011-07-14 15:25 Uli60 Status new => needs work
2011-07-14 15:25 Uli60 File Added: 27.php
2011-07-14 15:27 Uli60 Note Added: 0002134
2011-07-14 15:27 Uli60 Status needs work => fix available
2011-07-14 15:30 Uli60 File Added: 24.php
2011-07-14 15:32 Uli60 Note Added: 0002135
2011-07-17 07:50 INOPIAE Note Added: 0002145
2011-07-17 15:27 Uli60 File Added: 33.php
2011-07-17 15:45 Uli60 Note Added: 0002146
2011-07-17 15:46 Uli60 File Added: 32.php
2011-07-17 15:58 Uli60 File Deleted: 33.php
2011-07-17 15:58 Uli60 File Added: 33.php
2011-07-17 16:03 Uli60 Note Added: 0002147
2011-08-02 18:37 Ted Assigned To Uli60 => Ted
2011-08-02 19:15 Ted Source_changeset_attached => cacert-devel master c924d8a3
2011-08-02 19:25 Ted Note Added: 0002245
2011-08-02 19:25 Ted Status fix available => needs review & testing
2011-08-02 19:25 Ted Source_changeset_attached => cacert-devel master 130e67e0
2011-08-02 19:44 Ted Reviewed by => Ted
2011-08-02 19:44 Ted Note Added: 0002246
2011-08-02 20:00 Ted Note Added: 0002247
2011-08-02 21:28 alex Note Added: 0002253
2011-08-03 10:57 Uli60 Note Added: 0002280
2011-08-03 11:17 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 11:26 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 11:32 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 11:38 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 12:34 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 12:48 Uli60 Note Edited: 0002280 View Revisions
2011-08-03 12:55 Uli60 File Added: 33-update110803.php
2011-08-03 13:00 Uli60 Note Added: 0002281
2011-08-19 05:20 INOPIAE Note Added: 0002306
2011-08-19 08:32 Uli60 Note Added: 0002308
2011-08-19 08:33 Uli60 Note Edited: 0002308 View Revisions
2011-08-19 08:37 Uli60 Note Edited: 0002308 View Revisions
2011-08-19 08:40 Uli60 Note Edited: 0002308 View Revisions
2011-08-19 09:48 Uli60 File Added: 24-update110819.php
2011-08-19 09:49 Uli60 File Added: 33-update110819.php
2011-08-19 09:52 Uli60 Note Added: 0002309
2011-08-19 09:52 Uli60 Assigned To Ted => Uli60
2011-08-19 09:52 Uli60 Status needs review & testing => fix available
2011-08-19 12:03 Uli60 Relationship added related to 0000967
2011-08-23 22:06 Ted Note Added: 0002336
2011-08-23 22:06 Ted Status fix available => needs review & testing
2011-08-23 22:09 Ted Note Added: 0002337
2011-08-23 22:10 Ted Source_changeset_attached => cacert-devel master ae39a705
2011-08-23 22:10 Ted Note Added: 0002338
2011-08-23 22:34 INOPIAE Note Added: 0002339
2011-09-22 23:18 Uli60 Note Added: 0002493
2011-09-22 23:28 Uli60 Note Edited: 0002493 View Revisions
2011-09-22 23:33 Uli60 Note Added: 0002494
2011-09-22 23:33 Uli60 Status needs review & testing => needs review
2011-09-27 23:12 NEOatNHNG Source_changeset_attached => cacert-devel testserver bd3888b5
2011-10-20 17:32 NEOatNHNG Assigned To Uli60 => NEOatNHNG
2011-11-24 17:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver 3adaa440
2011-11-24 17:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver 751dc567
2011-12-26 19:18 NEOatNHNG Note Added: 0002758
2011-12-26 19:18 NEOatNHNG Status needs review => ready to deploy
2011-12-27 00:33 NEOatNHNG Reviewed by Ted => Ted, NEOatNHNG
2011-12-27 11:57 wytze Note Added: 0002759
2011-12-27 11:57 wytze Status ready to deploy => solved?
2011-12-27 11:57 wytze Resolution open => fixed
2011-12-27 12:00 NEOatNHNG Source_changeset_attached => cacert-devel release ab6709e0
2012-07-11 16:03 INOPIAE Relationship added related to 0001083
2012-12-21 05:19 Werner Dworak Note Added: 0003522
2012-12-21 05:19 Werner Dworak Status solved? => closed
2013-01-15 17:33 Werner Dworak Fixed in Version => 2011 Q4