| Prev | Next |
Help to the folks keeping an OpenACS installation up and running.
Help to the folks keeping an OpenACS installation up and running.
This is the place to look if you want to extend OpenACS and build on top - of what's already here. Here you can find out about the guts of the system.
Table of Contents
This is the place to look if you want to extend OpenACS and build on top + of what's already here. Here you can find out about the guts of the system.
Table of Contents
- Mat Kovach is graciously maintaining an AOLServer distribution that - includes all the patches and modules needed to run OpenACS 4.5. These - instructions will describe how to install using his source - distribution. He also has binaries for SuSE 7.3 and OpenBSD 2.8 (and - perhaps more to come), currently located at uptime.openacs.org. -
- It's also possible to download all the pieces and patches yourself: -
- AOLServer is available at aolserver.com -
- ArsDigita's AOLServer distribution (including - internationalization patches, nscache, nsrewrite, nssha1 and the - oracle driver) is available at arsdigita.com -
- The OpenACS PostgreSQL driver is available from OpenACS -
- nsxml is available at http://acs-misc.sourceforge.net. -
- The patch that makes exec work - on BSD is available at sourceforge.net -
- The patch that makes ns_uuencode - work for binary files is available at sourceforge.net -
- The patch that makes AOLServer respect the - -g flag is available at sourceforge.net -
+
+ Mat Kovach is graciously maintaining an AOLServer distribution that + includes all the patches and modules needed to run OpenACS 4.6. These + instructions will describe how to install using his source + distribution. He also has binaries for SuSE 7.3 and OpenBSD 2.8 (and + perhaps more to come), currently located at uptime.openacs.org. +
+ It's also possible to download all the pieces and patches yourself: +
+ AOLServer is available at aolserver.com +
+ ArsDigita's AOLServer distribution (including + internationalization patches, nscache, nsrewrite, nssha1 and the + oracle driver) is available at arsdigita.com +
+ The OpenACS PostgreSQL driver is available from OpenACS +
+ nsxml is available at http://acs-misc.sourceforge.net. +
+ The patch that makes exec work + on BSD is available at sourceforge.net +
+ The patch that makes ns_uuencode + work for binary files is available at sourceforge.net +
+ The patch that makes AOLServer respect the + -g flag is available at sourceforge.net +
- .... or just Download Mat's - AOLServer distribution to - /tmp + .... or just Download Mat's + AOLServer distribution to + /tmp -
+joeuser:~$ cd /tmp joeuser:/tmp$ wget -c http://uptime.openacs.org/aolserver-openacs/aolserver3.3ad13-oacs1-beta-src.tar.gz joeuser:/tmp$ cd- As root, untar - aolserver3.3ad13-oacs1-beta-src.tar.gz - into /usr/local/src + As root, untar + aolserver3.3ad13-oacs1-beta-src.tar.gz + into /usr/local/src -
+joeuser:~$ su - Password: ********** -root:~$ cd /usr/local/src -root:/usr/local/src# tar xzf /tmp/aolserver3.3ad13-oacs1-beta-src.tar.gz
- You will need a special user account for running AOLServer. This user - will be called nsadmin and belong - to the special group web. - nsadmin's home directory will - be /usr/local/aolserver.You must - execute these steps as root. -
- Run these commands: -
+root:~# cd /usr/local/src +root:/usr/local/src# tar xzf /tmp/aolserver3.3ad13-oacs1-beta-src.tar.gz +root:/usr/local/src# chown -R root.root aolserver
+ + AOLserver needs to be started as the root user if you want to use + port 80. Once it starts, though, it will drop the root privileges and + run as another user, which you must specify on the command line. It's + important that this user has as few privileges as possible. Why? + Because if an intruder somehow breaks in through AOLserver, you don't + want him to have any ability to do damage to the rest of your + server. At the same time, AOLserver needs to have write access to + some files on your system in order for OpenACS to function + properly. So, we'll run AOLserver as the + nobody user and the + web group. We'll add your regular + user account to the web group and + make sure that OpenACS files are group readable and writable. + +
+ Run these commands: +
root:/usr/local/src# cd -root:~# groupadd nsadmin root:~# groupadd web -root:~# useradd -g nsadmin -G web -d /usr/local/aolserver nsadmin -root:~# passwd nsadmin -; Set password for nsadmin - -root:~# mkdir -p /web /usr/local/aolserver -root:~# chown -R nsadmin.web /usr/local/aolserver /web /usr/local/src/aolserver -root:~# chmod 775 /usr/local/aolserver /web -root:~# exit
At this point, you should customize the - nsadmin login scripts. Login as - nsadmin and add the following - lines to your - /usr/local/aolserver/.bash_profile: -
-joeuser:~$ su - nsadmin -Password: *********** -nsadmin:~$ emacs .bash_profile
- Add the first set of lines, if you're using Oracle. The 2nd set - of lines, if you're using PostgreSQL. Oracle - Note: These environment variables are specific for a - local Oracle installation communicating via IPC. If you are - connecting to a remote Oracle installation, you'll need to adjust - these appropriately. Also, make sure that the '8.1.7' matches - your Oracle version. -
+root:~# adduser joeuser web
+root:~# exit+ + Next, we'll set up our environment variables. Add the following lines + to your /home/joeuser/.bash_profile: + +
+joeuser:~$ emacs .bash_profile
+ + Add the first set of lines, if you're using Oracle. The 2nd set of + lines, if you're using PostgreSQL. Oracle Note: + These environment variables are specific for a local Oracle + installation communicating via IPC. If you are connecting to a remote + Oracle installation, you'll need to adjust these appropriately. Also, + make sure that the '8.1.7' matches your Oracle version. + +
# For Oracle export ORACLE_BASE=/ora8/m01/app/oracle export ORACLE_HOME=$ORACLE_BASE/product/8.1.7 @@ -98,136 +100,192 @@ # For PostgreSQL export PATH=$PATH:/usr/local/pgsql/bin export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib
- Be absolutely certain that you have entered these lines correctly - and that you have saved the file - a slight error in these lines - can lead to many inscrutable error messages. Logout and log back - in so these settings will take effect. Use the - echo command to be sure that the - environment variables have been properly assigned. -
-nsadmin:~$ exit -joeuser:~$ su - nsadmin + + Be absolutely certain that you have entered these lines correctly and + that you have saved the file - a slight error in these lines can lead + to many inscrutable error messages. Logout and log back in so these + settings will take effect. Use the + echo command to be sure that the + environment variables have been properly assigned. + ++joeuser:~$ exit +LOGIN: joeuser Password: ********* -nsadmin:~$ echo $PATH +joeuser:~$ echo $PATH ...some other directory paths...:/usr/local/pgsql/bin -nsadmin:~$ echo $LD_LIBRARY_PATH +joeuser:~$ echo $LD_LIBRARY_PATH :/usr/local/pgsql/lib- Note: The result should be different if you're using Oracle. - /ora8/m01/app/oracle/product/8.1.7 - should have been in $PATH. -
- In order for nsxml to compile, you need libxml2 - (available from http://xmlsoft.org). On Debian, - this can be installed by doing apt-get install - libxml2-dev. Users of other distributions can - download rpms from ftp.gnome.org. You'll - need the libxml2 and - libxml2-devel packages. -
Prepare the distribution
-nsadmin:~$ cd /usr/local/src/aolserver -nsadmin:/usr/local/src/aolserver$ ./conf-clean + Note: The result should be different if you're using Oracle. + /ora8/m01/app/oracle/product/8.1.7 + should have been in $PATH. + +
+ + In order for nsxml to compile, you need libxml2 + (available from http://xmlsoft.org). On Debian, + this can be installed by doing apt-get install + libxml2-dev. Users of other distributions can + download rpms from rpmfind.net. You'll + need the libxml2 and + libxml2-devel packages. +
Prepare the distribution. You need to be root.
+joeuser:~$ su -p +Password: ******** +root:~# mkdir -p /usr/local/aolserver +root:~# cd /usr/local/src/aolserver +root:/usr/local/src/aolserver# ./conf-clean cat: BUILD-MODULES: No such file or directory Done.
- Put the name of the driver(s) that you want into - conf-db. This can be - "postgresql", - "oracle", or the word - "both" if you want both drivers - installed. -
-nsadmin:/usr/local/src/aolserver$ echo "postgresql" > conf-db
+ Put the name of the driver(s) that you want into + conf-db. This can be + "postgresql", + "oracle", or the word + "both" if you want both drivers + installed. - conf-inst should contain the - location where AOLserver is to be installed. This defaults to - /usr/local/aolserver, so we - don't need to change it. +
+root:/usr/local/src/aolserver# echo "postgresql" > conf-db
-
+ conf-inst should contain the + location where AOLserver is to be installed. This defaults to + /usr/local/aolserver, so we + don't need to change it. - conf-make should contain the - name of the GNU Make command on your system. It defaults to - gmake. You may need to change - this to make. -
-nsadmin:/usr/local/src/aolserver$ echo "make" > conf-make
- If you're going to be installing the Postgresql driver, you'll - have to adjust the makefile first. This will hopefully be cleaned - up in future versions of this distribution. -
-nsadmin:/usr/local/src/aolserver$ emacs pgdriver/makefile
- Edit the lines containing PGLIB and PGINC so they look like this: -
+
+ + conf-make should contain the + name of the GNU Make command on your system. It defaults to + gmake. You may need to change + this to make. +
+root:/usr/local/src/aolserver# echo "make" > conf-make
+ If you're going to be installing the Postgresql driver, you'll + have to adjust the makefile first. This will hopefully be cleaned + up in future versions of this distribution. +
+root:/usr/local/src/aolserver# emacs pgdriver/makefile
+ Edit the lines containing PGLIB and PGINC so they look like this: +
PGINC=/usr/local/pgsql/include PGLIB=/usr/local/pgsql/lib
Compile and install AOLserver and modules
-nsadmin:/usr/local/src/aolserver$ ./conf
- This takes about 5 minutes. All of the results are logged to - files in - /usr/local/src/aolserver/log. Make - sure to check these files to see if any errors occurred. -
- You will now test to ensure AOLserver is running correctly. We'll - use the sample config file provided with AOLserver. This file - will attempt to guess your IP address and hostname. It will then - set up the server at port 8000 of that IP address. -
-nsadmin:/usr/local/src/aolserver$ cd -nsadmin:~$ ./bin/nsd -t sample-config.tcl
- As the AOLserver daemon starts up, you should see a few normal - warnings (listed below), which are safe to ignore. -
+root:/usr/local/src/aolserver# ./conf
+ + This takes about 5 minutes. All of the results are logged to + files in + /usr/local/src/aolserver/log. Make + sure to check these files to see if any errors occurred. + +
+ + In order to test AOLserver, we'll run it using the sample-config.tcl + file provided in the AOLserver distribution. We need to adjust + permissions a little since AOLserver needs to be able to write its + logs properly. + +
+root:/usr/local/src/aolserver# cd /usr/local/aolserver +root:/usr/local/aolserver# chown -R root.web log servers +root:/usr/local/aolserver# chmod -R g+w log servers +root:/usr/local/aolserver# ls -l + drwxr-sr-x 8 root staff 1024 Nov 12 01:35 . + drwxrwsr-x 12 root staff 1024 Nov 12 01:25 .. + drwxr-xr-x 2 root staff 1024 Nov 12 01:36 bin + drwxr-xr-x 2 root staff 1024 Jun 11 2001 include + drwxr-xr-x 3 root staff 1024 Nov 12 01:36 lib + drwxrwxr-x 2 root web 1024 Nov 12 01:45 log + drwxr-xr-x 3 root staff 1024 Nov 12 01:35 modules + -rw-r--r-- 1 root staff 7320 Mar 31 2001 sample-config.tcl + drwxrwxr-x 3 root web 1024 Nov 12 01:35 servers
+
+ + Now, we'll run a quick test to ensure AOLserver is running + correctly. We'll use the sample config file provided with + AOLserver. This file will attempt to guess your IP address and + hostname. It will then start up the server at port 8000 of that + IP address. + +
+root:/usr/local/aolserver# ./bin/nsd -t sample-config.tcl -u nobody -g web
+ + As the AOLserver daemon starts up, you should see a few normal + warnings (listed below), which are safe to ignore. + +
Warning: nsd.tcl: nsssl not loaded -- key/cert files do not exist. -Warning: nsd.tcl: nscp not loaded -- user/password is not set.
- The first warning means that the server is missing files for - running ssl, a necessary module - for encrypted HTTPS. See Scott Goodwin's excellent - documentation if you want to set up SSL. The second - warning means that the AOLserver control panel, a special module - for administering AOLserver, could not be loaded. If you're - interested in configuring nscp, please see the AOLserver - documentation. -
- Test to see if AOLserver is working by starting - Mozilla or - Lynx, and surfing over to your - web page: -
-nsadmin:~$ lynx localhost:8000
- You should see a "Welcome to AOLserver" page. If this - doesn't work, try going to - http://127.0.0.1:8000/. If this - still doesn't work, check out the Troubleshooting AOLServer section below. -
- Shutdown the test server:
-nsadmin:~$ killall nsd
- The killall command will kill - all processes with the name nsd, - but clearly this is not a good tool to use for managing your - services in general. We cover this topic in the Keep AOLServer alive section. -
If you can't view the welcome page, it's likely - there's a problem with your server configuration. Start by - viewing your AOLserver log, which is in - /usr/local/aolserver/log/server.log. - You should also try to find lines of the form:
+Warning: nsd.tcl: nscp not loaded -- user/password is not set.
+ + The first warning means that the server is missing files for + running ssl, a necessary module + for encrypted HTTPS. See Scott Goodwin's excellent + documentation if you want to set up SSL. The second + warning means that the AOLserver control panel, a special module + for administering AOLserver, could not be loaded. If you're + interested in configuring nscp, please see the AOLserver + documentation. + +
+ + Test to see if AOLserver is working by starting + Mozilla or + Lynx, and surfing over to your + web page: + +
+root:~# lynx localhost:8000
+ + You should see a "Welcome to AOLserver" page. If this + doesn't work, try going to + http://127.0.0.1:8000/. If this + still doesn't work, check out the Troubleshooting AOLServer section below. + +
+ + Shutdown the test server: + +
+root:~# killall nsd
+ + The killall command will kill + all processes with the name nsd, + but clearly this is not a good tool to use for managing your + services in general. We cover this topic in the Keep AOLServer alive section. + +
+ + If you can't view the welcome page, it's likely there's a + problem with your server configuration. Start by viewing your + AOLserver log, which is in + /usr/local/aolserver/log/server.log. + You should also try to find lines of the form: + +
[01/Jun/2000:12:11:20][5914.2051][-nssock-] Notice: nssock: listening on http://localhost.localdomain:8000 (127.0.0.1:8000) -[01/Jun/2000:12:11:20][5914.2051][-nssock-] Notice: accepting connections
If you can find these lines, try entering the URL the server is - listening on. If you cannot find these lines, there must be an error - somewhere in the file. Search for lines beginning with the word - Error instead of - Notice.
The sample-config.tcl file grabs - your address and hostname from your OS settings.
+[01/Jun/2000:12:11:20][5914.2051][-nssock-] Notice: accepting connections
+ + If you can find these lines, try entering the URL the server is + listening on. If you cannot find these lines, there must be an error + somewhere in the file. Search for lines beginning with the word + Error instead of + Notice. + +
+ + The sample-config.tcl file grabs + your address and hostname from your OS settings. + +
set hostname [ns_info hostname] -set address [ns_info address]
If you get an error that nssock can't get the requested address, - you can set these manually:
-#set hostname [ns_info hostname] -set hostname 127.0.0.1 +set address [ns_info address]
+ + If you get an error that nssock can't get the requested address, you + can set these manually. If you type 0.0.0.0, AOLserver will try to + listen on all available addresses. + +
+set hostname [ns_info hostname] #set address [ns_info address] -set address 127.0.0.1
- If you get an error that nssock can't assign the requested port, - then that port may already be taken by another service. Try specifying - a different port in the config file. -
+
Tcl API
Tcl API
apm-install-procs.tcl (Supports installation of packages)
20-apm-load-procs.tcl (Bootstraps APM for server startup)
-apm-admin-procs.tcl (Supports APM UI)
PL/SQL file
PL/SQL file
+In general terms, a package is a unit of software that serves a single well-defined purpose. That purpose may be to provide a service directly to one or more classes of end-user, (e.g., discussion forums and file storage for community members, user profiling tools for the site publisher), or it may be to act as a building block for other packages (e.g., an application programming interface (API) for storing and querying access control rules, or an API for scheduling email alerts). Thus, packages fall into one of two categories: -
OpenACS Applications: a "program or group of programs +
OpenACS Applications: a "program or group of programs designed for end users" (the Webopedia definition); also known as modules, for historical reasons. Examples of applications include Bboard and News. -
OpenACS Services: the aforementioned building blocks. +
OpenACS Services: the aforementioned building blocks. Examples of services include the OpenACS Content Repository, the OpenACS Templating -System, and the OpenACS Kernel, which includes +System, and the OpenACS Kernel, which includes APM.
An installation of the OpenACS includes the OpenACS Kernel, some services that extend the kernel's functionality, and some applications intended for end-users. Packages function as individual pieces of subsites. A subsite can contain multiple @@ -89,21 +89,21 @@ packages for other ACS users to download and install.
For a simple illustration of the difference between ACS without APM (pre-3.3) and ACS with APM (3.3 and beyond), consider a hypothetical ACS installation that uses only two of the thirty-odd modules available circa ACS -3.2 (say, bboard and e-commerce):
APM itself is part of a package, the OpenACS Kernel, an OpenACS +3.2 (say, bboard and e-commerce):
APM itself is part of a package, the OpenACS Kernel, an OpenACS service that is the only mandatory component of an OpenACS installation.
The OpenACS is a platform for web-based application software, and any software platform has the potential to develop problems like those described above. Fortunately, there are many precedents for systematic solutions, including:
Borrowing from all of the above, OpenACS 3.3 introduces its own package -management system, the OpenACS Package Manager (APM), which consists of:
a standard format for APM packages (also called -"OpenACS packages"), including:
version numbering, independent of any other package and the OpenACS as a -whole
specification of the package interface
specification of dependencies on other packages (if any)
attribution (who wrote it) and ownership (who maintains it)
web-based tools for package management:
obtaining packages from a remote distribution point
installing packages, if and only if:
all prerequisite packages are installed
no conflicts will be created by the installation
configuring packages (obsoleting the monolithic OpenACS configuration -file)
upgrading packages, without clobbering local modifications
uninstalling unwanted packages
a registry of installed packages, database-backed and +management system, the OpenACS Package Manager (APM), which consists of:
a standard format for APM packages (also called +"OpenACS packages"), including:
version numbering, independent of any other package and the OpenACS as a +whole
specification of the package interface
specification of dependencies on other packages (if any)
attribution (who wrote it) and ownership (who maintains it)
web-based tools for package management:
obtaining packages from a remote distribution point
installing packages, if and only if:
all prerequisite packages are installed
no conflicts will be created by the installation
configuring packages (obsoleting the monolithic OpenACS configuration +file)
upgrading packages, without clobbering local modifications
uninstalling unwanted packages
a registry of installed packages, database-backed and integrated with filesystem-based version control -
web-based tools for package development:
creating new packages locally
releasing new versions of locally-created packages
The design chosen for APM was meant to satisfy the following constraints:
The process of authoring a package must be as simple as possible.
Strict conventions must be established that provide a set of canonical locations and names for files and patterns, for OpenACS application @@ -124,7 +124,7 @@ subsites across the system, and be available for distribution to other OpenACS installations without doing a monolithic upgrade or reinstall.
The APM is composed of systems for accomplishing a set of package-related tasks. Each of these tasks comprise a feature area that has an API, data -model, and a UI:
Authoring a Package
Maintaining Multiple Versions of a Package
Creating Instances of the Package
Specifying Configuration Parameters for each Instance
Authoring a Package
Full instructions on how to prepare an OpenACS package are available in Packages. The API here can be invoked manually by a package's data model +model, and a UI:
Authoring a Package
Maintaining Multiple Versions of a Package
Creating Instances of the Package
Specifying Configuration Parameters for each Instance
Authoring a Package
Full instructions on how to prepare an OpenACS package are available in Packages. The API here can be invoked manually by a package's data model creation script, but need not to be used. This API is part of the APM PL/SQL package.
@@ -165,7 +165,7 @@
package_key in apm_package_types.package_key%TYPE
) return integer;
-Maintaining Multiple Versions of a Package
While the package authoring API provides a means for registering a +
Maintaining Multiple Versions of a Package
While the package authoring API provides a means for registering a package, some information about a package is version dependent. For example, between versions, the owner of a package, its vendor, its URI, and its dependency information may change. The API for package versions allows this @@ -245,7 +245,7 @@ );
Files associated with a version can be added and removed. The path is -relative to the package-root which is +relative to the package-root which is acs-server-root/packages/package-key.
-- Add a file to the indicated version.
function add_file(
@@ -327,7 +327,7 @@
version_name_two in apm_package_versions.version_name%TYPE
) return integer;
-Creating Instances of a Package
Once a package is registered in the system, it is possible to create +
Creating Instances of a Package
Once a package is registered in the system, it is possible to create instances of it. Each instance can maintain its own content and parameters.
@@ -382,7 +382,7 @@ show errors -
Specifying Configuration Parameters for each Instance
A parameter is a setting that can be changed on a package instance basis. +
Specifying Configuration Parameters for each Instance
A parameter is a setting that can be changed on a package instance basis. Parameters are registered on each package_key, and the values are associated with each instance. Parameters can have default values and can be of type 'string' or 'number.' There is support with this @@ -513,14 +513,14 @@ site-wide administration.
APM has two parameters for configuring how it interacts with the UNIX filesystem, accessible via the Site Map admin page. These parameters need not be changed under most circumstances, but may -need to be tweaked for Windows compatibility.
GzipExecutableDirectory +need to be tweaked for Windows compatibility.
GzipExecutableDirectory This directory points to where the gunzip program can be found for uncompressing gzip archives. This is needed for the installation of .apm files which are simply gziped tarballs. Default is /usr/local/bin -
InfoFilePermissionsMode +
InfoFilePermissionsMode This sets the default UNIX permissions used when creating files using the APM. Default is 775.
APM has been in production since OpenACS 3.3, and as of version 4.0 offers a stable set of features. One major feature planned is integration with the OpenACS @@ -542,6 +542,4 @@ all of this functionality in one interface and it can be confusing from a usability perspective.
System creator: Bryan Quinn, Jon Salz, Michael Yoon, Lars Pind, Todd Nightingale.
System owner: Bryan Quinn
Documentation author: Bryan Quinn, building from earlier versions by Jon -Salz, Michael Yoon, and Lars Pind.
+
The following is a requirements document for the OpenACS Package Manager + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
The following is a requirements document for the OpenACS Package Manager (APM), version 4.0 (APM4). APM4 offers a superset of APM v3.3 functionality with the following specific enhancements:
A public procedural API. (v 3.3 only has web-based UI)
Support for dependency checking.
Support for compound packages (to support installation chaining).
Support for on-line parameter setting.
Support for sub-site level configuration (requires revised ad_parameter and /admin pages at sub-site level; deprecation of site-wide parameter file).
To differentiate these new requirements from the requirements of version 3.3, all requirements new in v4 are prefaced with the number -4.
We gratefully acknowledge the authors of APM 3 for their original design +4.
We gratefully acknowledge the authors of APM 3 for their original design documentation which suggested these features, as well as the influence of the design and open-source implementation of the Red Hat Package manager, the Debian packaging system, and PERL's CPAN in the development of the ideas @@ -29,36 +29,36 @@ packaging, installing, and configuring OpenACS software in a consistent, user-friendly, and subsite-aware manner.
The OpenACS Package Manager (APM) consists of: -
A standard format for APM packages including:
Version numbering, independent of any other package and the OpenACS as a -whole
Specification of the package interface
Specification of dependencies on other packages (if any)
Attribution (who wrote it) and ownership (who maintains it)
Web-based tools for package management:
Obtaining packages from a remote distribution point
Installing packages, if and only if:
All prerequisite packages are installed
No conflicts will be created by the installation
Configuring packages (obsoleting the monolithic OpenACS configuration -file)
Upgrading packages, without clobbering local modifications
Uninstalling unwanted packages
A registry of installed packages, database-backed and +
A standard format for APM packages including:
Version numbering, independent of any other package and the OpenACS as a +whole
Specification of the package interface
Specification of dependencies on other packages (if any)
Attribution (who wrote it) and ownership (who maintains it)
Web-based tools for package management:
Obtaining packages from a remote distribution point
Installing packages, if and only if:
All prerequisite packages are installed
No conflicts will be created by the installation
Configuring packages (obsoleting the monolithic OpenACS configuration +file)
Upgrading packages, without clobbering local modifications
Uninstalling unwanted packages
A registry of installed packages, database-backed and integrated with file system-based version control -
Web-based tools for package development:
Creating new packages locally
Releasing new versions of locally-created packages
Uploading packages to a global package repository on the web
Use of these tools should be safe, i.e. installing or removing a package -should never break an OpenACS installation
Web-based tools for package configuration:
The ability to change package parameter values on-line through a simple +
Web-based tools for package development:
Creating new packages locally
Releasing new versions of locally-created packages
Uploading packages to a global package repository on the web
Use of these tools should be safe, i.e. installing or removing a package +should never break an OpenACS installation
Web-based tools for package configuration:
The ability to change package parameter values on-line through a simple web interface.
A new ad_parameter which does not require a monolithic site-wide parameter's file or server restarts for changes to take effect.
The ability to manage multiple package instances at the sub-site level.
The APM is intended for the following classes of users, which may or may not -overlap:
Developers (referred to as 'the developer') use +overlap:
Developers (referred to as 'the developer') use the APM to create a software package for distribution and use the procedural -API for direct control of the APM system.
Site-wide administrators (referred to as 'the +API for direct control of the APM system.
Site-wide administrators (referred to as 'the administrator') use the APM to install packages for their OpenACS instance, -and optionally make them available to sub-sites.
Sub-site administrators (referred to as 'the +and optionally make them available to sub-sites.
Sub-site administrators (referred to as 'the sub-admin') use an administration interface to configure and enable -packages for their sub-site.
Initial Package Development
David Developer writes a piece of software used to do +packages for their sub-site.
Initial Package Development
David Developer writes a piece of software used to do knowledge management (km) for the OpenACS. He distributes his data model, procedure code, UI pages, and his documentation according to the APM specification. He splits the documentation and the code into sub-packages, and creates a KM installation-chain to install both with the APM developer -UI. Noting that his software was built with Patricia -Programmer's Super Widget toolkit, he specifies that as a +UI. Noting that his software was built with Patricia +Programmer's Super Widget toolkit, he specifies that as a dependency. Moreover, since this package is capable of being used at the sub-site level, David configures this option in the package. When the package development is complete, David uses the APM developer UI to construct a distribution file. He assigns it a version number, 1.0, and makes the package -available for download at the OpenACS package repository.
Initial Package Installation
Annie Admin learns of David's KM system by browsing +available for download at the OpenACS package repository.
Initial Package Installation
Annie Admin learns of David's KM system by browsing the OpenACS package repository. Annie Admin uses the APM administrator UI on her system. She selects to install a package from a URL and types the URL displayed on the system. The APM automatically downloads the package. The @@ -72,16 +72,16 @@ installation was successful, the package is available for use.
Since the package is available for use, its initialization routines are set to run automatically on server startup. Annie is warned that since there are initialization routines, she must restart the server for the package to -be ready for use. Annie restarts the server.
Initial Subsite Use of Package
Annie Admin decides to make the KM module available only to a particular +be ready for use. Annie restarts the server.
Initial Subsite Use of Package
Annie Admin decides to make the KM module available only to a particular sub-site type on her OpenACS system, and not others. She specifies this option -using the Sub-site type UI (not part of APM).
Annie Admin notifies Sally SubAdmin by e-mail that a new +using the Sub-site type UI (not part of APM).
Annie Admin notifies Sally SubAdmin by e-mail that a new package is now available for use. Sally goes to her sub-site /admin page and sees that a new entry, KM, is available. Sally clicks on it and finds links to the installed KM documentation and to the web based configuration utility. Then, Sally configures the package using an automatically generated web interface and enables KM for use on her sub-site. After some initial use of the package, Sally decides to change some parameters using the SubAdmin UI. -These changes take effect immediately, without any server restarts.
Upgrade Process
Sally SubAdmin finds a bug in the KM system and sends a report to David +These changes take effect immediately, without any server restarts.
Upgrade Process
Sally SubAdmin finds a bug in the KM system and sends a report to David Developer. David reads the bug report and verifies that the bugs are present in the current version. Because the bugs are present in the shared procedure file, David assigns a watch to the file. David makes the necessary @@ -92,195 +92,195 @@ repository.
Sally SubAdmin asks Annie Administrator to upgrade the package using the APM UI. This upgrade supersedes the old version of KM at the site-wide level. Once Annie upgrades the package, the new version starts working immediately -in Sally's sub-site.
Procedural API
Danielle Developer wants her software to perform +in Sally's sub-site.
Procedural API
Danielle Developer wants her software to perform different actions depending on what version of another package is installed. She uses the APM procedural API to check if KM version 1.0 is installed or version 1.1. Based on the results of this procedural call, the software -exhibits different behavior.
4.500.0 Package Identification -(All of these items are entered by the developer using the developer UI.)
4.500.1 A human readable package key that is guaranteed +exhibits different behavior.
4.500.0 Package Identification +(All of these items are entered by the developer using the developer UI.)
4.500.1 A human readable package key that is guaranteed to be unique to the local OpenACS site must be maintained by the APM. For -example, "apm."
4.500.5 A package id (primary key) that is guaranteed to +example, "apm."
4.500.5 A package id (primary key) that is guaranteed to be unique to the local site must be maintained by the APM. For example, -"25."
4.500.10 A package URL that is guaranteed to be unique +"25."
4.500.10 A package URL that is guaranteed to be unique across all sites must be maintained by the APM. The package URL should point to a server that allows download of the latest version of the package. For example, "http://openacs.org/software." -
4.505.0 Version Identification - (All of these items are entered by the developer using the developer UI.)
4.505.1 A version id (primary key) that is guaranteed to -be unique to the local site must be maintained by the APM.
4.505.5 A version URL that is guaranteed to be unique +
4.505.0 Version Identification + (All of these items are entered by the developer using the developer UI.)
4.505.1 A version id (primary key) that is guaranteed to +be unique to the local site must be maintained by the APM.
4.505.5 A version URL that is guaranteed to be unique across all sites must be maintained by the APM. The version URL should point to a server that allows download of a specific version of the package.
The API for APM v3 is explicitly a private API. However, it would be useful to obtain information from the APM through a procedural API. Implementing the API specified below is quite easy given that there are pages -that already do all of the below in raw SQL.
4.400.0 Packages Status Predicates
4.400.1 Given defining information such as a package URL, +that already do all of the below in raw SQL.
4.400.0 Packages Status Predicates
4.400.1 Given defining information such as a package URL, the APM API can return the status of the package on the local OpenACS -instance.
4.405.0 Package Information Procedures
4.405.1 The APM API can return information for any +instance.
4.405.0 Package Information Procedures
4.405.1 The APM API can return information for any locally installed packages, including the version number, paths and files, -and package key.
4.410.0 Sub-site Procedures
4.410.1 After a package has been installed at the +and package key.
4.410.0 Sub-site Procedures
4.410.1 After a package has been installed at the site-wide level, the system API will provide means to check for package -presence, creation, enabling, disabling, and destruction on a subsite.
4.415.0 Parameter Values (replaces ad_parameter)
4.415.1 The system API shall allow subsite parameters for +presence, creation, enabling, disabling, and destruction on a subsite.
4.415.0 Parameter Values (replaces ad_parameter)
4.415.1 The system API shall allow subsite parameters for an installed package to be set by either site-wide administrators or sub-site admins. The subsite parameter can be set to be non-persistent (but default is to survive server restarts). The subsite parameter can also be set to only -take effect after a server restart (default is immediate).
4.415.5 Parameters for a given subsite and package can be +take effect after a server restart (default is immediate).
4.415.5 Parameters for a given subsite and package can be returned by the system API.
Provisions will be made to assure that packages are securely -identified.
4.600.1 Each package will have a PGP signature and there +identified.
4.600.1 Each package will have a PGP signature and there will be MD5 time stamps for each file within the package. -
4.600.5 The APM will provide a facility to validate both +
4.600.5 The APM will provide a facility to validate both the PGP signature and MD5 stamps information before a package install.
The user interface is a set of HTML pages that are used to drive the underlying API. It is restricted to site-wide administrators because the actions taken here can dramatically affect the state of the running OpenACS.
The intent of the developer's interface is to enable the developer to construct and maintain APM packages. It will be possible to disable the developer's interface for production sites to help reduce the chance of site failure; much of the functionality here can have cascading effects -throughout the OpenACS and should not be used on a production site.
10.0 Define a package.
The developer must be able to create a new package by specifying some +throughout the OpenACS and should not be used on a production site.
10.0 Define a package.
The developer must be able to create a new package by specifying some identifying information for the package. This includes a package name, a -package key, version information, owner information, and a canonical URL.
10.1 The APM must maintain the state of all locally -generated packages.
10.50 If the developer fails to provide the required -information, the package cannot be created.
10.55 All of the package information should be editable -after creation, except for the package key.
4.10.60 The package creator must specify whether the +package key, version information, owner information, and a canonical URL.
10.1 The APM must maintain the state of all locally +generated packages.
10.50 If the developer fails to provide the required +information, the package cannot be created.
10.55 All of the package information should be editable +after creation, except for the package key.
4.10.60 The package creator must specify whether the package is capable of being used in sub-sites, or if only a single, global -instance of the package is permitted.
4.10.65 If the developer fails to provide unique +instance of the package is permitted.
4.10.65 If the developer fails to provide unique information for unique fields specified in the data model requirements, the -package cannot be created.
20.0 Add files to a package
20.1 The developer must be able to add files to the +package cannot be created.
20.0 Add files to a package
20.1 The developer must be able to add files to the package. This is done by copying the files into the package directory in the host OS's file system. Files can be added at any point after package -creation.
20.3 Once a package has been versioned and distributed, +creation.
20.3 Once a package has been versioned and distributed, no new files should be added to the package without incrementing the version -number.
20.5 The APM's UI should facilitate the process of +number.
20.5 The APM's UI should facilitate the process of adding new files, by scanning the file system for new files automatically, -and allowing the developer to confirm adding them.
20.10 The developer cannot add files to a given package -via the UI that do not exist in the file system already.
20.15 Package file structure must follow a specified -convention. Please see the design -document for what we do currently.
30.0 Remove files from a package
The developer must be able to remove files from a package. This can be -done in two ways.
30.1 Access the APM UI, browse the file list, and remove -files.
30.1.1If a file is removed from the package list, but not -from the file system, an error should be generated at package load time.
30.5 Remove the file from file system.
30.5.1 The APM UI should take note of the fact that the +and allowing the developer to confirm adding them.
20.10 The developer cannot add files to a given package +via the UI that do not exist in the file system already.
20.15 Package file structure must follow a specified +convention. Please see the design +document for what we do currently.
30.0 Remove files from a package
The developer must be able to remove files from a package. This can be +done in two ways.
30.1 Access the APM UI, browse the file list, and remove +files.
30.1.1If a file is removed from the package list, but not +from the file system, an error should be generated at package load time.
30.5 Remove the file from file system.
30.5.1 The APM UI should take note of the fact that the file is gone and offer the developer an option to confirm the file's deletion. -
40.0 Modify files in a package.
40.1 The developer should be able to modify files in the -file system. The APM UI should not interfere with this.
40.5 However, if the developer modifies files containing -procedural definitions, APM UI should allow a means to watch +
40.0 Modify files in a package.
40.1 The developer should be able to modify files in the +file system. The APM UI should not interfere with this.
40.5 However, if the developer modifies files containing +procedural definitions, APM UI should allow a means to watch those files and automatically reload them if changed. See requirement 50.0 -for more detail.
40.10 Also, although a change in files implies that the +for more detail.
40.10 Also, although a change in files implies that the package distribution file is out of date, it is the developer's -responsibility to update it.
4.45.0 Manage Package Dependency Information.
4.45.1 The developer should be able to specify which -interfaces the package requires.
4.45.5 The developer should be able to specify which -interfaces the package provides.
4.45.10 Circular dependencies are not allowed.
50.0 Watch a file
4.50.1 The developer should be able to assign a watch to -any Tcl procedure file, whether in /packages or /tcl.
50.5 If a watched file is locally modified, then it will +responsibility to update it.
4.45.0 Manage Package Dependency Information.
4.45.1 The developer should be able to specify which +interfaces the package requires.
4.45.5 The developer should be able to specify which +interfaces the package provides.
4.45.10 Circular dependencies are not allowed.
50.0 Watch a file
4.50.1 The developer should be able to assign a watch to +any Tcl procedure file, whether in /packages or /tcl.
50.5 If a watched file is locally modified, then it will be automatically reloaded, thus allowing for any changes made to take affect -immediately.
4.50.10 The setting of a watch should be persistent +immediately.
4.50.10 The setting of a watch should be persistent across server restarts. -
60.0 Display an XML package specification
60.1 The developer should be able to view the XML package +
60.0 Display an XML package specification
60.1 The developer should be able to view the XML package specification that encodes all package information. -
70.0 Write an XML package specification to the file -system
70.1 The developer should be able to write an up-to-date -XML specification to disk.
70.5 The developer should be able to request the current -XML specification for all installed, locally generated packages.
130.0 Distribution file generation
130.1 The developer should be able to generate a .APM -distribution file for the package with just one click.
130.5 Generating a distribution file implies doing an +
70.0 Write an XML package specification to the file +system
70.1 The developer should be able to write an up-to-date +XML specification to disk.
70.5 The developer should be able to request the current +XML specification for all installed, locally generated packages.
130.0 Distribution file generation
130.1 The developer should be able to generate a .APM +distribution file for the package with just one click.
130.5 Generating a distribution file implies doing an "up-to-date" check on all of the files. If any of the files have changed since package installation, then a new version of the package is created. -
140.0 Access CVS information
140.1 The developer should be able to determine the CVS +
140.0 Access CVS information
140.1 The developer should be able to determine the CVS status of a package, or all packages, with a single click. -
4.200.0 Compound Package Construction
4.200.1 The developer can include .APM packages +
4.200.0 Compound Package Construction
4.200.1 The developer can include .APM packages (sub-packages) within a package (the compound package) like any other -file.
4.200.5 The recommended usage for this feature is to +file.
4.200.5 The recommended usage for this feature is to allow for separation of optional and required components from the installation as well as better organization of files once installed. For example, all documentation for the community-core can be packages as community-core-doc.apm. It is legal to include sub-packages with dependencies that are not satisfied by the packages in the compound package, but this is discouraged. In such a case, the sub-package should really be a -separate package that is required by the compound package.
4.200.10 If a sub-package is required for the +separate package that is required by the compound package.
4.200.10 If a sub-package is required for the installation of the compound package, the compound package should have a registered dependency on the sub-package.
The requirement of the administrator's interface is to enable the administrator to install, enable, upgrade, disable, deinstall, and delete -packages.
80.0 Package Enable/Disable
4.80.1 The administrator should be able mark an installed +packages.
80.0 Package Enable/Disable
4.80.1 The administrator should be able mark an installed package as enabled. This means that the package is activated and its functionality is delivered through the Request Processor. As of OpenACS 4, this -is done through the sub-site system.
4.80.5 Moreover, the administrator must be able to +is done through the sub-site system.
4.80.5 Moreover, the administrator must be able to disable a package, thereby removing the functionality provided to a sub-site. As of OpenACS 4, this is done through the sub-site system. -
90.0 Package Install
90.1 The administrator must be able to install new -packages either from locally maintained .APM files or from URLs.
90.5 In the case of an URL, the APM transparently +
90.0 Package Install
90.1 The administrator must be able to install new +packages either from locally maintained .APM files or from URLs.
90.5 In the case of an URL, the APM transparently downloads the APM file off the web, proceeds with a file based installation, -and then optionally removes the .APM file just downloaded.
90.10.1 If .APM files are present in a package, then it -is considered a compound package (use 4.210.0).
90.15.0 Installation requires these steps:
90.15.1The package dependencies are scanned. If some +and then optionally removes the .APM file just downloaded.
90.10.1 If .APM files are present in a package, then it +is considered a compound package (use 4.210.0).
90.15.0 Installation requires these steps:
90.15.1The package dependencies are scanned. If some dependencies are not present, the system warns the administrator that -installation cannot proceed until those packages are installed.
90.15.2 Assuming all dependencies are present, APM -extracts the contents of the APM file into the /packages directory.
90.15.3 The administrator is offered the option of -importing directly into CVS.
90.15.4 The administrator is given a list of data model -scripts found in the package and can select which ones to be executed.
90.15.5 If no errors are recorded during this process, -the package is enabled.
4.210.0 Compound package Install
4.210.1 If .APM files are present in a package, then it -is considered a compound package.
4.210.5.0 Installation of a compound package proceeds -according to the following sequence:
4.210.5.1 Identify the set of all sub-packages within -the compound package by scanning for all files with .APM.
4.210.5.2 Identify which sub-packages are required by +installation cannot proceed until those packages are installed.
90.15.2 Assuming all dependencies are present, APM +extracts the contents of the APM file into the /packages directory.
90.15.3 The administrator is offered the option of +importing directly into CVS.
90.15.4 The administrator is given a list of data model +scripts found in the package and can select which ones to be executed.
90.15.5 If no errors are recorded during this process, +the package is enabled.
4.210.0 Compound package Install
4.210.1 If .APM files are present in a package, then it +is considered a compound package.
4.210.5.0 Installation of a compound package proceeds +according to the following sequence:
4.210.5.1 Identify the set of all sub-packages within +the compound package by scanning for all files with .APM.
4.210.5.2 Identify which sub-packages are required by checking the dependencies of the compound package. If there dependencies not satisfied by the current system or the packages included with the compound package, halt installation and inform user to install these packages -first.
4.210.5.3 Present Administrator with the ability to +first.
4.210.5.3 Present Administrator with the ability to choose which sub-packages to install. Required sub-packages must be -installed.
4.210.5.4 Proceed with the installation of each +installed.
4.210.5.4 Proceed with the installation of each sub-package, starting with required packages. If the sub-package is already installed, then do nothing. Else, If the sub-package is a normal package, -proceed according to 90.15.0, otherwise if it is a compound -package, proceed according to 4.210.5.0.
4.210.5.5 If all required sub-packages are installed, +proceed according to 90.15.0, otherwise if it is a compound +package, proceed according to 4.210.5.0.
4.210.5.5 If all required sub-packages are installed, proceed to install non-required sub-packages. If there was a failure during the installation of a required sub-package, then the installation of the -compound package is also a failure.
4.210.5.6 Any attempt to install a compound package in +compound package is also a failure.
4.210.5.6 Any attempt to install a compound package in the future involves a choice presented to the admin of installing any -uninstalled sub-packages.
4.220.0 Recovering from failed package installation
4.220.1 If any error is generated during package +uninstalled sub-packages.
4.220.0 Recovering from failed package installation
4.220.1 If any error is generated during package installation, the package is not considered installed. To recover from this -failure, the package should be selected for installation again.
100.0 Version Upgrade
100.1 The administrator can upgrade to a new version of a -package. This entails
100.1.1 Running any necessary and included upgrade -scripts.
100.1.5 Replacing any old files with new versions.
100.1.10 Marking the old version of the package as -'superseded' and disabling it.
100.1.15 Assuming no errors from above, the new package -is enabled.
110.0 Package Deinstall
110.1 The administrator must be able to deinstall a -package that has already been installed. Deinstallation entails:
110.1.1 Running any data model scripts necessary to drop -the package.
110.1.5 Moving all of the files into a separate location -in the file system from the installed packages.
4.110.1.10 If the package is a compound package, then +failure, the package should be selected for installation again.
100.0 Version Upgrade
100.1 The administrator can upgrade to a new version of a +package. This entails
100.1.1 Running any necessary and included upgrade +scripts.
100.1.5 Replacing any old files with new versions.
100.1.10 Marking the old version of the package as +'superseded' and disabling it.
100.1.15 Assuming no errors from above, the new package +is enabled.
110.0 Package Deinstall
110.1 The administrator must be able to deinstall a +package that has already been installed. Deinstallation entails:
110.1.1 Running any data model scripts necessary to drop +the package.
110.1.5 Moving all of the files into a separate location +in the file system from the installed packages.
4.110.1.10 If the package is a compound package, then the administrator must confirm removing all sub-packages. Optionally, some -sub-packages can be kept.
110.5 Deinstalled packages can be re-installed at a later -date.
4.110.10 If deinstalling a package or any of its +sub-packages can be kept.
110.5 Deinstalled packages can be re-installed at a later +date.
4.110.10 If deinstalling a package or any of its sub-packages breaks a dependency, then deinstallation cannot proceed until -the package registering the dependency is removed.
120.0 Package Deletion
120.1 The administrator should be able to completely +the package registering the dependency is removed.
120.0 Package Deletion
120.1 The administrator should be able to completely erase all records of the package. This involves removing all instances of the -package, all related database tables and content.
120.5 This option can only be used if all package +package, all related database tables and content.
120.5 This option can only be used if all package instances are deleted or marked as disabled. This is purposefully cumbersome because deleting all instances of a package can have far-sweeping -consequences throughout a site and should almost never be done.
150.0 Scan for new or modified packages
150.1 The administrator should be able to scan the file -system for any changes made in any of the installed package files.
150.5 The administrator should be able to scan the file +consequences throughout a site and should almost never be done.
150.0 Scan for new or modified packages
150.1 The administrator should be able to scan the file +system for any changes made in any of the installed package files.
150.5 The administrator should be able to scan the file system for any newly installed packages.
If the developer is in charge of creating packages and the administrator for installing them, then the sub-site administrator is responsible for configuring and enabling packages. In order for a package to be available for a sub-site it must be associated with the sub-site's type specification. This interface is part of the sub-site /admin interface. -
4.300 Creating a package instance.
4.300.1 From the sub-site /admin interface, there should +
4.300 Creating a package instance.
4.300.1 From the sub-site /admin interface, there should be an option to view all packages available in the system as well as an -option to add a package to the subsite.
4.300.5 From the "add" option, the sub-admin +option to add a package to the subsite.
4.300.5 From the "add" option, the sub-admin can select from a list of packages registered as available in the sub-site -type to which the sub-site belongs.
4.300.19 Once a package instance is added, it is -available on the list of the subsite's available packages.
4.305 Configuring a package instance.
4.305.1 An automatic web interface that lists all -parameters with current values must be available.
4.305.5 Changing the values for the parameters is -accomplished simply by submitting an HTML form.
4.310 Enabling a package instance.
4.310.1 The sub-admin should be able to enable a package +type to which the sub-site belongs.
4.300.19 Once a package instance is added, it is +available on the list of the subsite's available packages.
4.305 Configuring a package instance.
4.305.1 An automatic web interface that lists all +parameters with current values must be available.
4.305.5 Changing the values for the parameters is +accomplished simply by submitting an HTML form.
4.310 Enabling a package instance.
4.310.1 The sub-admin should be able to enable a package with a single click. Enabling a package means that the OpenACS will serve its URLs properly. -
4.315 Disabling a package instance.
4.315.1 The sub-admin should be able to disable a package +
4.315 Disabling a package instance.
4.315.1 The sub-admin should be able to disable a package with a single click. Disabling a package means that the OpenACS will no longer -serve those URLs.
4.320 Deleting a package instance.
4.320.1 Deleting a package instance involves deleting not +serve those URLs.
4.320 Deleting a package instance.
4.320.1 Deleting a package instance involves deleting not only the package instance, but any and all content associated with it. It is questionable whether this option should even be available due to its drastic consequences. Reviewer comments appreciated. @@ -293,6 +293,4 @@ are set using the acs_attribute_values table. The automatic web interface for setting package parameters should be one and the same with the interface for setting acs object attribute values. Consequently, the implementation of -these features should be quite straightforward.
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 8/10/2000 | Bryan Quinn, Todd Nightingale |
| � | Reviewed | 8/11/2000 | John Prevost, Mark Thomas, and Pete Su |
| 0.2 | Revised and updated | 8/12/2000 | Bryan Quinn |
| 0.3 | Reviewed, revised, and updated - conforms to requirements template. | 8/18/2000 | Kai Wu |
| 0.4 | Minor edits before ACS 4 Beta. | 9/30/2000 | Kai Wu |
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 8/10/2000 | Bryan Quinn, Todd Nightingale |
| � | Reviewed | 8/11/2000 | John Prevost, Mark Thomas, and Pete Su |
| 0.2 | Revised and updated | 8/12/2000 | Bryan Quinn |
| 0.3 | Reviewed, revised, and updated - conforms to requirements template. | 8/18/2000 | Kai Wu |
| 0.4 | Minor edits before ACS 4 Beta. | 9/30/2000 | Kai Wu |
+
Tcl code: /tcl/0-acs-init.tcl and /packages/acs-kernel/bootstrap.tcl
This document describes the startup (bootstrapping) process for an AOLserver + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Tcl code: /tcl/0-acs-init.tcl and /packages/acs-kernel/bootstrap.tcl
This document describes the startup (bootstrapping) process for an AOLserver running OpenACS.
Before OpenACS 3.3, the OpenACS startup process was extremely simple: after AOLserver @@ -34,11 +34,11 @@ by trimming the final component from the path to the Tcl library directory (/web/yourservername/tcl). But 0-acs-init.tcl's has an important function, namely sourcing -/packages/acs-core/bootstrap.tcl, which does the following:
Initialize some NSVs used by the core. These NSVs are +/packages/acs-core/bootstrap.tcl, which does the following:
Initialize some NSVs used by the core. These NSVs are documented in /packages/acs-core/apm-procs.tcl - no need to worry about them unless you're an OpenACS core hacker. -
Verify the deletion of obsolete OpenACS files. The +
Verify the deletion of obsolete OpenACS files. The /tcl directory has evolved quite a bit over the months and years, and a few files have come and gone. The /www/doc/removed-files.txt file contains a list of files which @@ -47,18 +47,18 @@ bootstrap.tcl scans through this list, logging error messages to the log if any of these files exist. -
Source *-procs.tcl files in the OpenACS core. +
Source *-procs.tcl files in the OpenACS core. We source each file matching the *-procs.tcl glob in the /packages/acs-kernel directory, in lexicographical order. These procedure are needed to perform any of the following steps. -
Ensure that the database is available by grabbing and +
Ensure that the database is available by grabbing and releasing a handle. If we can't obtain a handle, we terminate initialization (since OpenACS couldn't possibly start up the server without access to the database). -
Register any new packages in the /packages -directory. In each directory inside /packages, we look +
Register any new packages in the /packages +directory. In each directory inside /packages, we look for a .info file; if we find a package that hasn't yet been registered with the package manager (i.e., it's been copied there manually), we insert information about it into the database. (The first time @@ -68,25 +68,23 @@ initially disabled; they must be manually enabled in the package manager before they can be used. -
Ensure that the acs-kernel package is -enabled. If the OpenACS core isn't initialized, the server +
Ensure that the acs-kernel package is +enabled. If the OpenACS core isn't initialized, the server couldn't possibly be operational, so if there's no enabled version of the OpenACS core we simply mark the latest installed one as enabled. -
Load *-procs.tcl files for enabled -packages, activating their APIs. +
Load *-procs.tcl files for enabled +packages, activating their APIs. -
Load *-init.tcl files for enabled packages, +
Load *-init.tcl files for enabled packages, giving packages a chance to register filters and procedures, initialize data structures, etc. -
Verify that the core has been properly initialized by +
Verify that the core has been properly initialized by checking for the existence of an NSV created by the request processor initialization code. If it's not present, the server won't be operational, so we log an error.
At this point, bootstrap.tcl is done executing. AOLserver proceeds to source the remaining files in the /tcl directory (i.e., unpackaged libraries) and begins listening for connections. -
+
Vinod Kurup put + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Vinod Kurup put together the January 2002 version of this guide from many sources of information.
Install an Operating System @@ -30,11 +30,9 @@ Several people have helped with this document, including Torben Brosten, Don Baccus, Roberto Mello, Talli Somekh, Dave Bauer, Jim Lynch, Jon Griffin, Daryl Biberdorf, Bjorn Thor Jonsson, Jade Rubick, - Fred Yankowski, Dan Chak, Sebastiano Pilla, Reuven Lerner and Malte - Sussdorff. + Fred Yankowski, Dan Chak, Sebastiano Pilla, Reuven Lerner, Malte + Sussdorff, Stan Kaufman and Pascal Scheffers.
- All questions and comments regarding - this guide should be posted on the OpenACS bboards. -
+
Tcl procedures: /packages/acs-kernel/10-database-procs.tcl
Tcl initialization: /packages/acs-kernel/database-init.tcl
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Tcl procedures: /packages/acs-kernel/10-database-procs.tcl
Tcl initialization: /packages/acs-kernel/database-init.tcl
One of OpenACS's great strengths is that code written for it is very close to the database. It is very easy to interact with the database from anywhere within OpenACS. Our goal is to develop a coherent API for database access which makes this even easier.
There were four significant problems with the way OpenACS previously used the -database (i.e., directly through the ns_db interface):
Handle management. We required code to pass database +database (i.e., directly through the ns_db interface):
Handle management. We required code to pass database handles around, and for routines which needed to perform database access but didn't receive a database handle as input, it was difficult to know from which of the three "magic pools" (main, subquery, and log) to allocate a new handle. -
Nested transactions. In our Oracle driver, begin +
Nested transactions. In our Oracle driver, begin transaction really means "turn auto-commit mode off" and end transaction means "commit the current transaction and turn auto-commit mode on." Thus if transactional code needed to call a @@ -46,14 +46,14 @@ already have been committed!. This is not a good thing. -
Unorthodox use of variables. The standard mechanism for +
Unorthodox use of variables. The standard mechanism for mapping column values into variables involved the use of the set_variables_after_query routine, which relies on an uplevel variable named selection (likewise for set_variables_after_subquery and subselection). -
Hard-coded reliance on Oracle. It's difficult to +
Hard-coded reliance on Oracle. It's difficult to write code supporting various different databases (dynamically using the appropriate dialect based on the type of database being used, e.g., using DECODE on Oracle and CASE ... WHEN on @@ -155,7 +155,7 @@ until db_release_unused_handles is invoked (or the script terminates).
Note that there is no analogue to ns_db gethandle - the -handle is always automatically allocated the first time it's needed.
Introduction
Most SQL statements require that the code invoking the statement pass along data associated with that statement, usually obtained from the user. For instance, in order to delete a WimpyPoint presentation, a Tcl script might @@ -168,7 +168,7 @@ where some_presentation_id is a number which is a valid presentation ID of the presentation I want to delete. It's easy to write code handling situations like this since SQL statements can include -bind variables, which represent placeholders for actual +bind variables, which represent placeholders for actual data. A bind variable is specified as a colon followed by an identifier, so the statement above can be coded as:
@@ -201,7 +201,7 @@ select * from :table_name -
Why Bind Variables Are Useful
+
Why Bind Variables Are Useful
Why bother with bind variables at all - why not just write the Tcl statement above like this:
@@ -231,7 +231,7 @@ always considers the values of bind variables to be literals, it becomes more difficult for users to perform URL surgery to trick scripts into running dangerous queries and DML. -Usage
Every db_* command accepting a SQL command as an argument +
Usage
Every db_* command accepting a SQL command as an argument supports bind variables. You can either
+
specify the -bind switch to provide a set with bind variable values, or
specify the -bind switch to explicitly provide a list of bind variable names and values, or
not specify a bind variable list at all, in which case Tcl variables are @@ -292,7 +292,7 @@ # of "administrator" } -
+
When processing a DML statement, Oracle coerces empty strings into null. (This coercion does not occur in the WHERE clause of a query, i.e. @@ -330,7 +330,7 @@ its column values), which defeats the purpose of SQL abstraction.
Therefore, the Database Access API provides a database-independent way to represent null (instead of the Oracle-specific idiom of the -empty string): db_null.
Use it instead of the empty string whenever you want to set a column value +empty string): db_null.
Use it instead of the empty string whenever you want to set a column value explicitly to null, e.g.:
set bar [db_null] @@ -382,16 +382,16 @@ ns_db gethandle)! Just start doing stuff, and (if you want) call db_release_unused_handles when you're done as a hint to release the database handle. -
- db_null +
- db_null
Returns a value which can be used in a bind variable to represent the SQL value null. See Nulls and Bind Variables above.
- -db_foreach +db_foreach
Performs the SQL query sql, executing @@ -409,8 +409,8 @@
The code block may contain break statements (which terminate the loop and flush the database handle) and continue statements -(which continue to the next row of the loop).
- db_1row
- db_1row
Performs the SQL query sql, setting variables to column values. Raises an error if the query does not return exactly 1 row.
Example:
@@ -419,48 +419,48 @@ # Bombs if there's no such greeble! # Now $foo and $bar are set. -- db_0or1row
- db_0or1row
Performs the SQL query sql. If a row is returned, sets variables to column values and returns 1. If no rows are returned, -returns 0. If more than one row is returned, throws an error.
- db_string
- db_string
Returns the first column of the result of SQL query sql. If sql doesn't return a row, returns default (or throws an error if default is unspecified). Analogous to database_to_tcl_string and database_to_tcl_string_or_null. -
- db_nextval
- db_nextval
Returns the next value for the sequence sequence-name (using a SQL statement like SELECT sequence-name.nextval FROM DUAL). If sequence pooling is enabled for the sequence, transparently uses a value from the pool if available to save a round-trip to the database. -
- db_list
- db_list
Returns a Tcl list of the values in the first column of the result of SQL query sql. If sql doesn't return any rows, returns an empty list. Analogous to database_to_tcl_list. -
- db_list_of_lists
- db_list_of_lists
Returns a Tcl list, each element of which is a list of all column values in a row of the result of SQL query sql. If sql doesn't return any rows, returns an empty list. (Analogous to database_to_tcl_list_list.) -
- db_list_of_ns_sets
- db_list_of_ns_sets
Returns a list of ns_sets with the values of each column of each row returned by the sql query specified. -
- db_dml
- db_dml
- -db_write_clob, -db_write_blob, -db_blob_get_file +db_write_clob, +db_write_blob, +db_blob_get_file
Analagous to ns_ora write_clob/write_blob/blob_get_file. -
- db_release_unused_handles
-db_release_unused_handles -Releases any allocated, unused database handles.
- db_transaction
- db_release_unused_handles
+db_release_unused_handles +Releases any allocated, unused database handles.
- db_transaction
Executes code_block transactionally. Nested transactions are supported (end transaction is transparently ns_db dml'ed when the outermost transaction completes). The @@ -540,16 +540,16 @@ print_the_foo ; # Writes out "foo is 8" -
- db_abort_transaction +
- db_abort_transaction
Aborts all levels of a transaction. That is if this is called within several nested transactions, all of them are terminated. Use this insetead of db_dml "abort" "abort transaction". -
- db_multirow
- db_multirow
- db_resultrows
-db_resultrows +- db_resultrows
+db_resultrowsReturns the number of rows affected or returned by the previous statement. -
- db_with_handle
- db_with_handle
Places a database handle into the variable var and executes code_block. This is useful when you don't want to have to use the new API (db_foreach, @@ -636,92 +636,92 @@ }
- - + db_name - +
- + db_name - +Returns the name of the database, as returned by the driver.
- - + db_type - +
- + db_type - +Returns the RDBMS type (i.e. oracle, postgresql) this OpenACS installation is using. The nsv ad_database_type is set up during the bootstrap process.
- - + db_compatible_rdbms_p - +
Returns 1 if the given db_type is compatible with the current RDBMS.
- - + db_package_supports_rdbms_p - +
Returns 1 if db_type_list contains the current RDMBS type. A package intended to run with a given RDBMS must note this in it's package info file regardless of whether or not it actually uses the database.
- - + db_legacy_package_p - +
Returns 1 if the package is a legacy package. We can only tell for certain if it explicitly supports Oracle 8.1.6 rather than the OpenACS more general oracle.
- - + db_version - +
Returns the RDBMS version (i.e. 8.1.6 is a recent Oracle version; 7.1 a recent PostgreSQL version.
- - + db_current_rdbms - +
Returns the current rdbms type and version.
- - + db_known_database_types - +
Returns a list of three-element lists describing the database engines known to OpenACS. Each sublist contains the internal database name (used in file @@ -731,6 +731,4 @@ The nsv containing the list is initialized by the bootstrap script and should never be referenced directly by user code. Returns the current rdbms type and version. -
($Id$)
+
By Pete Su and Jon Salz. Modified by Roberto Mello. @@ -400,8 +400,8 @@ db_dml "abort" "abort transaction". -
-db_multirow [ -local ] [ -append ] [ -extend column_list ] \ +
+db_multirow [ -local ] [ -append ] [ -extend column_list ] \ var-name statement-name sql \ [ -bind bind_set_id | -bind bind_value_list ] \ code_block [ if_no_rows if_no_rows_block ] @@ -737,6 +737,4 @@
-
+
By claus@arsdigita.com, with additions by Roberto Mello and the OpenACS Community -
+
ArsDigita created a good documentation ground for us to build upon. Some sections of the documentation, however, lack details and examples; others are simply nonexistant. Our goal is to give OpenACS a superb documentation, so that users, developers and administrators of OpenACS installations can enjoy the system.
- OpenACS™ is a powerful system, with + OpenACS is a powerful system, with incredible possibilities and applications, but with this power comes some complexity and a learning curve that will only be atenuated by good documentation. This is what we are after.
- The documentation for OpenACS™ is + The documentation for OpenACS is written using DocBook XML. The reasons why we are using DocBook are explained in more details in the Why DocBook? section. I will add the reasons why @@ -32,31 +32,31 @@ In order to separate content and presentation, all OpenACS documentation will be marked up to conform to the DocBook XML DTD - + This enables us to publish in a variety of formats and relieves each contributor of the burden of presentation, freeing him to focus on content and sharing knowledge.
Theoretically any strict DTD would have been sufficient - we could even write our own. But DocBook has been around - for a while (since early 90's), + for a while (since early 90's), it's well-tested, it's complete, it's extremely well-suited for technical documents and best of all, it's open-source. A growing community surrounds DocBook (has - mailing lists) + mailing lists) and a number of free and commercial - tools are available + tools are available for editing and publishing DocBook documents.
This primer walks you through the basics, and should cover the needs for 95 percent of the documentation we produce. However, you're always welcome to check out DocBook's - + list of elements and use more exotic features in your documents. The list is made up of SGML-elements but basically - the same elements are valid in the XML DTD as long as you remember to: - + the same elements are valid in the XML DTD as long as you remember to: +
Always close your tags with corresponding end-tags and to - not use other tag minimization + not use other tag minimization
Write all elements and attributes in lowercase
@@ -99,22 +99,22 @@ The documentation for each package will make up a little "book" that is structured like this - examples are emphasized: - +
- book : Docs for one package - templating + book : Docs for one package - templating | - +--chapter : One section - for developers + +--chapter : One section - for developers | ---------+------------------------------------------------------ | - +--sect1 : Single document - requirements + +--sect1 : Single document - requirements | - +--sect2 : Sections - functional requirements + +--sect2 : Sections - functional requirements | - +--sect3 : Subsections - Programmer's API + +--sect3 : Subsections - Programmer's API | - ... : ... + ... : ...
The actual content is split up into documents that start at a sect1-level. These are then tied together in a top-level document that @@ -123,20 +123,20 @@ sources of these DocBook documents to get an idea of how they are tied together.
- + Given that your job starts at the sect1-level, all your documents should open with a <sect1>-tag and end with the corresponding </sect1>.
- + You need to feed every <sect1> two attributes. The first attribute, id, is standard and can be used with all elements. It comes in very handy when interlinking between documents (more about this when talking about links in the section called “Links”). The value of id has to be unique throughout the book you're making since the id's in your sect1's will turn into filenames when the book is parsed into HTML.
- + The other attribute is xreflabel. The value of this is the text that will appear as the link when referring to this sect1.
@@ -151,7 +151,7 @@ </sect1>
- + Inside this container your document will be split up into <sect2>'s, each with the same requirements - id and xreflabel @@ -160,7 +160,7 @@ When it comes to naming your sect2's and below, prefix them with some abbreviation of the id in the sect1 such as requirements-overview.
- + For displaying a snippet of code, a filename or anything else you just want to appear as a part of a sentence, we will use the tag <computeroutput>. @@ -170,12 +170,12 @@ <programlisting> is used. Just wrap your code block in it; mono-spacing, indents and all that stuff is taken care of automatically.
- + Linking falls into two different categories: inside the book you're making and outside: -
+
By having unique id's you can cross-reference any part of your book with a simple tag, regardless of where that part is. -
Check out how I link to a subsection of the Developer's Guide:
+Check out how I link to a subsection of the Developer's Guide:
Put this in your XML: @@ -212,8 +212,8 @@ Note that since I haven't provided an xreflabel for the subsection, packages-looks, the parser will try its best to explain where the link takes you. -
+ If you're hyper-linking out of the documentation, it works almost the same way as HTML - the tag is just a little different @@ -222,19 +222,19 @@
<ulink url="http://www.oracle.com/">Oracle Corporation</ulink>
....will create a hyper-link to Oracle in the HTML-version of the documentation. -
NOTE: Do NOT use ampersands in your hyper links. These are reserved for referencing +
NOTE: Do NOT use ampersands in your hyper links. These are reserved for referencing entities, which is exactly how you'll make an ampersand: &
- NOTE: Currently this section currently only takes HTML-output into consideration - + NOTE: Currently this section currently only takes HTML-output into consideration - not a printed version
- Another Note: Also, it's still not a 100 percent sure that this is how we are going to + Another Note: Also, it's still not a 100 percent sure that this is how we are going to do it, so if you want to start converting your documents right away, start out with the ones without graphics ;)
- + To insert a graphic we use the elements <mediaobject>, <imageobject>, @@ -260,9 +260,9 @@ Put your graphics in a separate directory ("images") and link to them only with relative paths.
- + Here's how you make the DocBook equivalent of the three usual HTML-lists: -
+
Making an unordered list is pretty much like doing the same thing in HTML - if you close your <li>, that is. The only differences are that each list item has to be wrapped in something more, such as <para>, and that the tags are called <itemizedlist> @@ -271,20 +271,20 @@
<itemizedlist> - <listitem><para>Stuff goes here</para><listitem> - <listitem><para>More stuff goes here</para><listitem> + <listitem><para>Stuff goes here</para></listitem> + <listitem><para>More stuff goes here</para></listitem> </itemizedlist> -
+
The ordered list is like the preceding, except that you use <orderedlist> instead:
<orderedlist> - <listitem><para>Stuff goes here</para><listitem> - <listitem><para>More stuff goes here</para><listitem> + <listitem><para>Stuff goes here</para></listitem> + <listitem><para>More stuff goes here</para></listitem> </orderedlist> -
+
This kind of list is called a variablelist and these are the tags you'll need to make it happen: <variablelist>, @@ -295,17 +295,17 @@ <varlistentry> <term>Heading (<dt>) goes here</term> - <listitem><para>And stuff (<dd>)goes here</para><listitem> + <listitem><para>And stuff (<dd>)goes here</para></listitem> </varlistentry> <varlistentry> <term>Another heading goes here</term> - <listitem><para>And more stuff goes here</para><listitem> + <listitem><para>And more stuff goes here</para></listitem> </varlistentry> </variablelist>
- + DocBook supports several types of tables, but in most cases, the <informaltable> is enough: @@ -342,7 +342,7 @@ <table> for an example.
- + Our documentation uses two flavors of emphasis - italics and bold type. DocBook uses one - <emphasis>.
@@ -376,7 +376,7 @@
bash$ xsltproc -o outputfilename.xml /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/html/html.xsl filename.xml
In the process of transforming your HTML into XML, - HTML tidy + HTML tidy can be a a handy tool to make your HTML "regexp'able". Brandoch Calef has made a Perl script @@ -421,6 +421,4 @@
+
Constraint naming standard is important for one reason: The SYS_* name oracle assigns to unnamed constraints is not very understandable. By correctly naming all contraints, we can quickly associate a particular constraint @@ -28,7 +28,7 @@
Truncate the column name until it fits.
If the constraint name is still too long, you should consider rewriting your entire data model :) -
Notes:
If you have to abbreviate the table name for one of the constraints, abbreviate it for all the constraints
If you are defining a multi column constraint, try to truncate the two column names evenly
+Notes:
If you have to abbreviate the table name for one of the constraints, abbreviate it for all the constraints
If you are defining a multi column constraint, try to truncate the two column names evenly
create table example_topics (
topic_id integer
constraint example_topics_topic_id_pk
@@ -82,6 +82,4 @@
debugging (e.g. the error will say something like
"Cannot insert null value into column"), we recommend naming not null
constraints to be consistent in our naming of all constraints.
-($Id$)By michael@arsdigita.com and +
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
To ensure consistency (and its collateral benefit, maintainability), we define and adhere to standards in the following areas:
@@ -37,7 +37,7 @@ For example, the page to view the properties of an ecommerce product is /ecommerce/product.tcl. -
For naming files in a page flow, use the convention:
foobar.extension (Step 1)
foobar-2.extension (Step 2)
...
foobar-N.extension (Step N)
+
For naming files in a page flow, use the convention:
foobar.extension (Step 1)
foobar-2.extension (Step 2)
...
foobar-N.extension (Step N)
where foobar is determined by the above rules.
@@ -94,7 +94,7 @@ </p>
This can be at the top or bottom of the file. -
+
For non-library Tcl files (those not in the private Tcl directory), use ad_page_contract after the file path comment (this supersedes set_the_usual_form_variables and @@ -141,7 +141,7 @@ QQvariables, which were automatically created by ad_page_variables and set_the_usual_form_variables. The use of bind variables makes such previous variable syntax obsolete. -
+
For shared Tcl library files, use ad_library after the file path comment. Its only argument is a doc_string in the standard (javadoc-style) format, like @@ -156,7 +156,7 @@ @author John Doe (jdoe@arsdigita.com) @cvs-id file-standards.html,v 1.2 2000/09/19 07:22:45 ron Exp } -
+
For SQL and other non-Tcl source files, the following file header structure is recommended:
-- path relative to the ACS root directory
@@ -229,6 +229,4 @@
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Like any other part of the OpenACS, PL/SQL (or pl/pgsql) code must be maintainable and professional. This means that it must be consistent and therefore must abide by certain standards. The standards will ensure that @@ -153,6 +153,4 @@ as possible to all source code readers.
Lowercase everything, with the exception of %TYPE and %ROWTYPE. -
+
OpenACS version numbers help identify at a high-level what is in a particular release and what has changed since the last release. A "version number" is really just a string of the form: @@ -91,6 +91,4 @@ detailed set of regression tests. For now we try to enforce this by restricting work on the release branch to fixing reported problem in the current release, e.g. no new features or big changes to -fundamental behavior.
By You
+
By You
NOTE: Some of the sections of this template may not apply to your package, e.g. there may be no user-visible UI elements for a component of the OpenACS Core. Furthermore, it may be easier in some circumstances @@ -11,7 +11,7 @@ your own judgment, consult with peers when possible, and adapt intelligently.
- Also, bear in mind the audience for detailed design: fellow + Also, bear in mind the audience for detailed design: fellow programmers who want to maintain/extend the software, AND parties interested in evaluating software quality.
@@ -98,7 +98,7 @@ itself.
If a core service or other subsystem is being used (e.g., the new parties and groups, permissions, etc.) this should also be mentioned.
Any default permissions should be identified herein.
Discuss any data model extensions which tie into other - packages.
Transactions
Discuss modifications which the database may undergo from + packages.
Transactions
Discuss modifications which the database may undergo from your package. Consider grouping legal transactions according to the invoking user class, i.e. transactions by an OpenACS-admin, by subsite-admin, by a user, by a developer, etc.
@@ -119,7 +119,7 @@ within the OpenACS, this section's details are likely to shift from UI specifics to template interface specifics.
- Under OpenACS 4.5, parameters are set at two levels: at the global level by + Under OpenACS 4.6, parameters are set at two levels: at the global level by the OpenACS-admin, and at the subsite level by a sub-admin. In this section, list and discuss both levels of parameters.
@@ -140,6 +140,4 @@
System creator
System owner
Documentation author
The revision history table below is for this template - modify it as needed for your actual design document. -
| Document Revision # | Action Taken, Notes | When? | By Whom? |
|---|---|---|---|
| 0.3 | Edited further, incorporated feedback from Michael Yoon | 9/05/2000 | Kai Wu |
| 0.2 | Edited | 8/22/2000 | Kai Wu |
| 0.1 | Creation | 8/21/2000 | Josh Finkler, Audrey McLoghlin |
| Document Revision # | Action Taken, Notes | When? | By Whom? |
|---|---|---|---|
| 0.3 | Edited further, incorporated feedback from Michael Yoon | 9/05/2000 | Kai Wu |
| 0.2 | Edited | 8/22/2000 | Kai Wu |
| 0.1 | Creation | 8/21/2000 | Josh Finkler, Audrey McLoghlin |
High level information: What is OpenACS?
Table of Contents
High level information: What is OpenACS?
Table of Contents
Table of Contents
Table of Contents
+
User directory
Sitewide administrator directory
Subsite administrator directory
TCL script directory
Data model
PL/SQL file
User directory
Sitewide administrator directory
Subsite administrator directory
TCL script directory
Data model
PL/SQL file
ER diagram
Transaction flow diagram
Almost all database-backed websites have users, and need to model the grouping of users. The OpenACS 4 Parties and Groups system is intended to provide the flexibility needed to model complex real-world organizational structures, @@ -62,16 +62,16 @@
The set of direct membership relationships between a group and a party.
A mapping of a party P to the groups -{Gi}the party is a member of; this mapping +
A mapping of a party P to the groups +{Gi}the party is a member of; this mapping includes the type of relationship by including the appropriaterel_id from the membership_rels table.
The set of direct component relationships between a group and another group.
A mapping of a group Gto the set of groups -{Gi} that G is a component of; +
A mapping of a group Gto the set of groups +{Gi} that G is a component of; this mapping includes the type of relationship by including the appropriaterel_id from the composition_rels table.
New groups are created through the group.new constructor. When a specialized type of group is required, the group type can be extended @@ -116,26 +116,26 @@
A person may appear in the group member map multiple times, for example, by being a member of two different groups that are both components of a third -group. This view is strictly a mapping of approved members +group. This view is strictly a mapping of approved members to groups.
A mapping of a group Gto the set of groups -{Gi} group G is a component of; +
A mapping of a group Gto the set of groups +{Gi} group G is a component of; this mapping includes the type of relationship by including the appropriaterel_id from the composition_rels table.
A mapping of a party P to the set of parties -{Pi} party P is a member +
A mapping of a party P to the set of parties +{Pi} party P is a member of.
A mapping of a party P to the set of parties -{Pi} party P is an -approved member of.
The API consists of tables and views and PL/SQL functions.
The group_types table is used to create new types of groups.
The group_member_map, group_approved_member_map, group_distinct_member_map, group_component_map, party_member_map, and party_approved_member_map views are -used to query group membership and composition.
Person
person.new creates a new person and returns the +used to query group membership and composition.
Person
person.new creates a new person and returns the person_id. The function must be given the full name of the person in two pieces: first_names and last_name. All other fields are optional and default to null except for object_type which defaults @@ -162,7 +162,7 @@ function person.name ( person_id persons.person_id%TYPE ) return varchar; -
User
acs_user.new creates a new user and returns the user_id. +
User
acs_user.new creates a new user and returns the user_id. The function must be given the user's email address and the full name of the user in two pieces: first_names and last_name. All other fields are optional. The interface for this function is:
@@ -204,7 +204,7 @@ procedure acs_user.unapprove_email ( user_id users.user_id%TYPE ); -
Group
acs_group.new creates a new group and returns the +
Group
acs_group.new creates a new group and returns the group_id. All fields are optional and default to null except for object_type which defaults to 'group', creation_date which defaults to sysdate, and @@ -232,7 +232,7 @@ group_id groups.group_id%TYPE, party_id parties.party_id%TYPE, ) return char; -
Membership Relationship
membership_rel.new creates a new membership relationship type +
Membership Relationship
membership_rel.new creates a new membership relationship type between two parties and returns the relationship type's rel_id. All fields are optional and default to null except for rel_type which defaults to membership_rel. The interface for this function is:
@@ -278,7 +278,7 @@ procedure membership_rel.delete ( rel_id membership_rels.rel_id%TYPE ); -
Composition Relationship
composition_rel.new creates a new composition relationship type +
Composition Relationship
composition_rel.new creates a new composition relationship type and returns the relationship's rel_id. All fields are optional and default to null except for rel_type which defaults to composition_rel. The interface for this function is:
@@ -301,6 +301,4 @@
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 08/22/2000 | Rafael H. Schloming |
| 0.2 | Initial Revision | 08/30/2000 | Mark Thomas |
| 0.3 | Additional revisions; tried to clarify membership/compostion | 09/08/2000 | Mark Thomas |
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 08/22/2000 | Rafael H. Schloming |
| 0.2 | Initial Revision | 08/30/2000 | Mark Thomas |
| 0.3 | Additional revisions; tried to clarify membership/compostion | 09/08/2000 | Mark Thomas |
+
Almost all database-backed websites have users, and need to model the + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Almost all database-backed websites have users, and need to model the grouping of users. The OpenACS 4 Parties and Groups system is intended to provide the flexibility needed to model complex real-world organizational structures, particularly to support powerful subsite services; that is, where one OpenACS @@ -16,7 +16,7 @@ person who is employed by (is a member of) a specific department is also a member of the division and the corporation, and works at (is a member of, but in a different sense) a particular office. OpenACS 4's Parties and Groups -system will support such complex relations faithfully.
Historical Motivations
The primary limitation of the OpenACS 3.x user group system is that it +system will support such complex relations faithfully.
Historical Motivations
The primary limitation of the OpenACS 3.x user group system is that it restricts the application developer to representing a "flat group" that contains only users: The user_groups table may contain the group_id of a parent group, but parent-child relationship @@ -33,29 +33,29 @@ (e.g., a row with a scope value of "group" but a null group_id)
perform extra checks in Tcl and PL/SQL functions and procedures to check both the user_id and -group_id values
In sum, the goal of the Parties and Groups system is to +group_id values
In sum, the goal of the Parties and Groups system is to provide OpenACS programmers and site administrators with simple tools that fully describe the complex relationships that exist among groups in the real world.
Pat Developer has a client project and wants to model the company, its offices, its divisions, and its departments as groups and the employees as -users.
We start with Groups, which contain members; the -member can be either a person or another group (i.e. a +users.
We start with Groups, which contain members; the +member can be either a person or another group (i.e. a member is a party).
In addition to membership, the party and groups system defines a -composition relationship that may exist between groups: A -group can be a component of another group. The child group +composition relationship that may exist between groups: A +group can be a component of another group. The child group is called a component group; the parent group is called a -composite group.
A group Gc can be a member and/or a component -of another group Gp; the difference is in the way -the members of Gc are related to -Gp:
If a party P is a member (or a component) of -Gc and if Gc is a -component of Gp, then P is also -a member (or a component) of Gp
If a party P is a member (or a component) of -Gc and if Gc is a -member of Gp, then no -relationship between P and -Gp exists as a result of the relationship between -Gp and Gp.
Consider an example to make this less abstract: Pretend that the Sierra +composite group.
A group Gc can be a member and/or a component +of another group Gp; the difference is in the way +the members of Gc are related to +Gp:
If a party P is a member (or a component) of +Gc and if Gc is a +component of Gp, then P is also +a member (or a component) of Gp
If a party P is a member (or a component) of +Gc and if Gc is a +member of Gp, then no +relationship between P and +Gp exists as a result of the relationship between +Gp and Gp.
Consider an example to make this less abstract: Pretend that the Sierra Club is a member of Greenpeace. The Sierra Club has chapters; each chapter is a component of the Sierra Club. If Eddie Environmentalist is a member of the Massachusetts Chapter of the Sierra Club, Eddie is @@ -68,160 +68,158 @@ Massachusetts chapter), and between the Sierra Club and Greenpeace.
Membership requirements can vary from group to group. The parties and groups system must provide a base type that specifies the bare minimum necessary to join a group.
The parties and groups system must support constraints between a composite -group GP and any of its component groups, -GC. For example, the system should be able to -enforce a rule like: Do not allow a party P to become a -member of GC unless P is already -a member of GP.
The data model for the parties and groups system must provide support for -the following types of entities:
The data model for the parties and groups system must provide support for +the following types of entities:
A party is an entity used to represent either a -group or a person.
The data model should enforce these constraints:
10.10 A party has an email address, which can be -empty.
10.20 A party may have multiple email addresses -associated with it.
10.30 The email address of a party must be unique within -an OpenACS system.
A party is an entity used to represent either a +group or a person.
The data model should enforce these constraints:
10.10 A party has an email address, which can be +empty.
10.20 A party may have multiple email addresses +associated with it.
10.30 The email address of a party must be unique within +an OpenACS system.
A group is a collection of zero or more parties.
20.10 The data model should support the subclassing of -groups via OpenACS Objects.
A group is a collection of zero or more parties.
20.10 The data model should support the subclassing of +groups via OpenACS Objects.
A person represents an actual human being, past or -present.
A person represents an actual human being, past or +present.
A user is a person who has registered with an OpenACS site. A -user may have additional attributes, such as a screen name.
The data model should enforce these constraints:
40.10 A user must have a non-empty email address.
40.20 Two different users may not have the same email +
A user is a person who has registered with an OpenACS site. A +user may have additional attributes, such as a screen name.
The data model should enforce these constraints:
40.10 A user must have a non-empty email address.
40.20 Two different users may not have the same email address on a single OpenACS installation; i.e., an email address identifies a -single user on the system.
40.30 A user may have multiple email addresses; for -example, two or more email addresses may identify a single user.
40.40 A user must have password field which can be +single user on the system.
40.30 A user may have multiple email addresses; for +example, two or more email addresses may identify a single user.
40.40 A user must have password field which can be empty.
The data model for the parties and groups system must provide support for -the following types of relationships between entities:
-A party P is considered a member of a -group G
when a direct membership relationship exists between P -and G
or when there exists a direct membership relationship between -P and some group GC and -GC has a composition relationship (c.f., 60.0) with G.
50.10 A party may be a member of multiple groups.
50.20 A party may be a member of the same group multiple +A party P is considered a member of a +group G
when a direct membership relationship exists between P +and G
or when there exists a direct membership relationship between +P and some group GC and +GC has a composition relationship (c.f., 60.0) with G.
50.10 A party may be a member of multiple groups.
50.20 A party may be a member of the same group multiple times only when all the memberships have different types; for example, Jane may be a member of The Company by being both an Employee and an -Executive.
50.30 A party as a member of itself is not supported.
50.40 The data model must support membership -constraints.
50.50The data model should support the subclassing of +Executive.
50.30 A party as a member of itself is not supported.
50.40 The data model must support membership +constraints.
50.50The data model should support the subclassing of membership via OpenACS Relationships.
A group GC is considered a -component of a second group -GP
when a direct composition relationship exists between -GC and GP
or when there exists a direct composition relationship between -GC and some group Gi -and Gi has a composition relationship with -GP.
60.10A group may be a component of multiple groups.
60.20A group as a component of itself is not -supported.
60.30The data model must support component -constraints.
60.40The data model should support the subclassing of -composition via OpenACS Relationships.
The API should let programmers accomplish the following tasks:
A group GC is considered a +component of a second group +GP
when a direct composition relationship exists between +GC and GP
or when there exists a direct composition relationship between +GC and some group Gi +and Gi has a composition relationship with +GP.
60.10A group may be a component of multiple groups.
60.20A group as a component of itself is not +supported.
60.30The data model must support component +constraints.
60.40The data model should support the subclassing of +composition via OpenACS Relationships.
The API should let programmers accomplish the following tasks:
The parties and groups system provides a well defined API call that creates a new group by running the appropriate transactions on the parties and groups system data model. This API is subject to the constraints laid out -in the data model.
The parties and groups system provides a well defined API call that creates a new person by running the appropriate transactions on the parties and groups system data model. This API is subject to the constraints laid out -in the data model.
The parties and groups system provides a well defined API call that creates a new user by running the appropriate transactions on the parties and groups system data model. This API is subject to the constraints laid out in -the data model.
The parties and groups system provides a well defined API call that creates a new user by running the appropriate transactions on an existing person entity. This API is subject to the constraints laid out in the data -model.
The parties and groups system provides a well defined API call that demotes an existing user entity to a person entity by running the appropriate transactions on the existing user. This API is subject to the constraints -laid out in the data model.
The programmer should be able to modify, add, and delete attributes on any -party. This API is subject to the constraints laid out in the data model.
The programmer should be able to view the attributes on any party. This -API is subject to the constraints laid out in the data model.
The system provides an API for deleting a party. This API is subject to -the constraints laid out in the data model.
100.30 The system may provide a single API call to remove -the party from all groups and then delete the party.
100.40 In the case of a group, the system may provide a +the constraints laid out in the data model.
100.30 The system may provide a single API call to remove +the party from all groups and then delete the party.
100.40 In the case of a group, the system may provide a single API call to remove all parties from a group and then delete the -group.
The parties and groups system provides an API for adding a party as a member of a group. This API is subject to the constraints laid out in the -data model.
The parties and groups system provides an API for adding a group as a component of a second group. This API is subject to the constraints laid out -in the data model.
The parties and groups system provides an API for deleting a party's membership in a group. This API is subject to the constraints laid out in the -data model.
The parties and groups system provides an API for deleting a group's composition in a second group. This API is subject to the constraints laid -out in the data model.
The parties and groups system provides an API for answering the question: -"Is party P a member of group -G?"
The parties and groups system provides an API for answering the question: -"Is group GC a component of group -GP?"
The parties and groups system provides an API for answering the question: -"Which parties are members of group G?"
The parties and groups system provides an API for answering the question: -"Which groups are components of group G?"
The parties and groups system provides an API for answering the question: -"Of which groups is party P a member?"
The parties and groups system provides an API for answering the question: -"Of which groups is group G a component?"
The parties and groups system provides an API for answering the question: -"Is party P allowed to become a member of group -G?"
The parties and groups system provides an API for answering the question: -"Is group GC allowed to become a component -of group GP?"
Since many pages at a site may check membership in a group before serving a page (e.g., as part of a general permissions check), the data model must support the efficient storage and retrieval of party attributes and -membership.
Since many SQL queries will check membership in a group as part of the where clause, whatever mechanism is used to check membership in SQL should be fairly small and simple.
The user interface is a set of HTML pages that are used to drive the -underlying API. The user interface may provide the following functions:
200.0 Create a party
210.0 View the attributes of a party
220.0 Update the attributes of a party
240.0 Delete a party
250.0 Add a party to a group
260.0 Remove a party from a group
270.0 Perform the membership and composition checks -outlined in 130.x to 165.x
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 08/16/2000 | Rafael Schloming |
| 0.2 | Initial revision | 08/19/2000 | Mark Thomas |
| 0.3 | Edited and reviewed, conforms to requirements template | 08/23/2000 | Kai Wu |
| 0.4 | Further revised, added UI requirements | 08/24/2000 | Mark Thomas |
| 0.5 | Final edits, pending freeze | 08/24/2000 | Kai Wu |
| 0.6 | More revisions, added composition requirements | 08/30/2000 | Mark Thomas |
| 0.7 | More revisions, added composition requirements | 09/08/2000 | Mark Thomas |
200.0 Create a party
210.0 View the attributes of a party
220.0 Update the attributes of a party
240.0 Delete a party
250.0 Add a party to a group
260.0 Remove a party from a group
270.0 Perform the membership and composition checks +outlined in 130.x to 165.x
| Document Revision # | Action Taken, Notes | When? | By Whom? |
| 0.1 | Creation | 08/16/2000 | Rafael Schloming |
| 0.2 | Initial revision | 08/19/2000 | Mark Thomas |
| 0.3 | Edited and reviewed, conforms to requirements template | 08/23/2000 | Kai Wu |
| 0.4 | Further revised, added UI requirements | 08/24/2000 | Mark Thomas |
| 0.5 | Final edits, pending freeze | 08/24/2000 | Kai Wu |
| 0.6 | More revisions, added composition requirements | 08/30/2000 | Mark Thomas |
| 0.7 | More revisions, added composition requirements | 09/08/2000 | Mark Thomas |
Table of Contents
Table of Contents
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
According to Philip Greenspun:
“The ArsDigita Community System (ACS) is a toolkit of software @@ -17,16 +17,16 @@ et al decided to port ACS from Oracle to PostgreSQL, thus making it a fully open-source solution.
- OpenACS 4.5 is the next generation of the web toolkit. It's based on + OpenACS 4.6 is the next generation of the web toolkit. It's based on ACS 4, but no longer follows ArsDigita development. Unlike both ACS (which required Oracle) and OpenACS 3.x (which required PostgreSQL), - OpenACS 4.5 allows you to use either database. It's also built in such + OpenACS 4.6 allows you to use either database. It's also built in such a way to allow enterprising hackers (in the good sense of the word) to extend it to other databases. Don Baccus leads the development and numerous developers (and non-developers) contribute from around the world.
- This document will describe how to install OpenACS 4.5 from scratch, + This document will describe how to install OpenACS 4.6 from scratch, using the source code. We will assume that you have an OS installed, but we'll discuss this more in the next section. For most of this guide, we will assume that you are using Linux on a PC, but we'll @@ -110,86 +110,84 @@ together.
If you find errors in this document or if you have ideas about - making it better, please post them in our bug tracker - the - SDM. -
- After reading through this tome, you may ask yourself if there is a - better way. And there is! Jonathan Marsden has done all the dirty - work to create RPMs for OpenACS 4.5. These RPMs will install AOLServer, - all the AOLServer modules, PostgreSQL and OpenACS 4.5 simply by typing - one magic command. They're currently at http://www.xc.org, - but will eventually also be available at http://openacs.org/software. They're - quite new and Jonathan invites (and is quite responsive to) - feedback. Leave comments at this thread. -
- This document was created by Vinod Kurup, but it's really - just plagiarism from a number of documents that came before it. If - I've used something that you've written without proper credit, let me - know and I'll fix it right away. -
These are a few of my sources:
- Please also see the Credits section for more acknowledgements. -
- Here are some resources that OpenACS users have found useful. -
+ making it better, please post them in our + BugTracker. +
- Philip - and Alex's Guide to Web Publishing - A very readable - guide to database-backed community websites. + After reading through this tome, you may ask yourself if there is a + better way. Well, not quite. Jonathan Marsden has created RPMs (at + http://www.xc.org) + for OpenACS 4.5 but there are not yet any for version + 4.6. There has been talk about automating the install process, + but that hasn't happened yet. Stay tuned! -
+
+ This document was created by Vinod Kurup, but it's really + just plagiarism from a number of documents that came before it. If + I've used something that you've written without proper credit, let me + know and I'll fix it right away. +
These are a few of my sources:
+ Please also see the Credits section for more acknowledgements. +
+ Here are some resources that OpenACS users have found useful. +
- UNIX - Power Tools - An excellent introduction to the - command line tools and basic programs of UNIX + Philip + and Alex's Guide to Web Publishing - A very readable + guide to database-backed community websites. -
+
- UNIX - System Administration Handbook (formerly the "red book" - - now the "purple" book) + UNIX + Power Tools - An excellent introduction to the + command line tools and basic programs of UNIX -
+
- UNIX - System Administrator's Bible - (LePage and Iarerra 1998; - IDG) + UNIX + System Administration Handbook (formerly the "red book" + - now the "purple" book) -
+
+ UNIX + System Administrator's Bible - (LePage and Iarerra 1998; + IDG) - Linux - in a Nutshell +
-
- The Linux Documentation - Project + The UNIX + Reference Desk -
+
- LPI - certification exam preps - A series of articles from - IBM developerworks on basic and intermediate Linux skills - (requires registration) + The Linux Documentation + Project -
+ + LPI + certification exam preps - A series of articles from + IBM developerworks on basic and intermediate Linux skills + (requires registration) + +
Table of Contents
Table of Contents
- Compared to its predecessors, version 4.5 of OpenACS has a much +
+ Compared to its predecessors, version 4.6 of OpenACS has a much more structured organization, i.e. the most significant change is found at the system architecture level, reflected in the following hierarchy: -
The OpenACS 4.5 Kernel, which handles system-wide necessities +
The OpenACS 4.6 Kernel, which handles system-wide necessities such as metadata, security, users and groups, subsites, and package management and deployment. -
The OpenACS 4.5 Core, which comprises all the other packages +
The OpenACS 4.6 Core, which comprises all the other packages that ship with the kernel and are most frequently needed by users, such as templating, bboard, and user registration/management. The packages tend to be developed and distributed with the kernel. -
OpenACS 4.5 Application packages, which typically provide +
OpenACS 4.6 Application packages, which typically provide user-level web services built on top of the Kernel and Core. Such packages include those built by ArsDigita as well as external contributors. Application packages are developed separately from the Kernel, and are typically released independently of it.
This document provides a high level overview of the kernel package. Documentation for the other packages can be found elsewhere. -
Here are some tips from Don Baccus regarding backup strategy:
- The need for making backups should be self-explanatory. There are - several strategies you can use. My own strategy for minimizing the - odds that I'll lose all my data is quite simple: -
- The database is stored on a mirrored (RAID 1) disk. -
- The machine has battery backup. -
- Backups are made nightly onto a third disk on another controller -
- FTP is used to copy the resulting backup to two separate remote - servers in two locations -
- Rather than making remote copies, you might choose to dump to tape or - writeable CD media. Whatever strategy you use, it is important to - routinely check dumps to make sure they can be reloaded. The strategy - outlined above means that in the case of catastrophic failure, I'll - lose at most one day's data. +
- By mirroring disks and using a battery backup, preferably one that - can trigger an automatic and controlled shutdown of the system when - the battery runs low, you greatly lower the odds of ever having to - use your nightly backup. Despite this, it is important to take - backups seriously if the data stored at your site is valuable to you - or your users. -
- While you're working with Oracle, you should configure it to do - automatic exports. An export is a separate backup copy of the - database. This copy includes all of the database's state at the - time that the export was initiated. If your database is corrupted, - you can restore from one of these backups. You should do this step as - root. -
- Download the backup script. Save the file export-oracle.txt as - /tmp/export-oracle.txt -
- Login as root. The following commands will install the export script: -
-nsadmin:~$ su - + Here are some tips from Don Baccus regarding backup strategy: + ++ + The need for making backups should be self-explanatory. There are + several strategies you can use. My own strategy for minimizing the + odds that I'll lose all my data is quite simple: + +
+ The database is stored on a mirrored (RAID 1) disk. +
+ The machine has battery backup. +
+ Backups are made nightly onto a third disk on another controller +
+ FTP is used to copy the resulting backup to two separate remote + servers in two locations +
+ + Rather than making remote copies, you might choose to dump to tape or + writeable CD media. Whatever strategy you use, it is important to + routinely check dumps to make sure they can be reloaded. The strategy + outlined above means that in the case of catastrophic failure, I'll + lose at most one day's data. + +
+ + By mirroring disks and using a battery backup, preferably one that + can trigger an automatic and controlled shutdown of the system when + the battery runs low, you greatly lower the odds of ever having to + use your nightly backup. Despite this, it is important to take + backups seriously if the data stored at your site is valuable to you + or your users. + +
+ While you're working with Oracle, you should configure it to do + automatic exports. An export is a separate backup copy of the + database. This copy includes all of the database's state at the + time that the export was initiated. If your database is corrupted, + you can restore from one of these backups. You should do this step as + root. +
+ Download the backup script. Save the file export-oracle.txt as + /tmp/export-oracle.txt +
+ Login as root. The following commands will install the export script: +
+joeuser:~$ su - Password: *********** root:~# cp /tmp/export-oracle.txt /usr/sbin/export-oracle root:~# chmod 700 /usr/sbin/export-oracle
@@ -52,17 +62,17 @@ root:~# mkdir /ora8/m02/oracle-exports root:~# chown oracle.dba /ora8/m02/oracle-exports root:~# chmod 770 /ora8/m02/oracle-exports
- Now edit - /usr/sbin/export-oracle and - change the SERVICE_NAME and - DATABASE_PASSWORD fields to - their correct values. If you want to use a directory other than - /ora8/m02/oracle-exports, you - also need to change the - exportdir setting. -
- Test the export procedure by running the command: -
+ Now edit + /usr/sbin/export-oracle and + change the SERVICE_NAME and + DATABASE_PASSWORD fields to + their correct values. If you want to use a directory other than + /ora8/m02/oracle-exports, you + also need to change the + exportdir setting. ++ Test the export procedure by running the command: +
root:~# /usr/sbin/export-oracle mv: /ora8/m02/oracle-exports/oraexport-service_name.dmp.gz: No such file or directory @@ -100,217 +110,227 @@ . exporting post-schema procedural objects and actions . exporting statistics Export terminated successfully without warnings.If you don't have any warnings, proceed to automate the - backups.
- Automating backups is accomplished using the UNIX - crontab facility.
- While still root, run the - following command. You can replace the - EDITOR="emacs -nw" - portion with whatever editor your prefer, such as - EDITOR=vi. -
+ backups.
+ Automating backups is accomplished using the UNIX + crontab facility.
+ While still root, run the + following command. You can replace the + EDITOR="emacs -nw" + portion with whatever editor your prefer, such as + EDITOR=vi. +
root:~# export EDITOR="emacs -nw" root:~# crontab -e
Now add the following line on a line by itself
0 23 * * * /usr/sbin/export-oracle
- Save the file, exit the editor. Verify that the addition - succeeded by checking the output of the following command.
+ Save the file, exit the editor. Verify that the addition + succeeded by checking the output of the following command.root:~# crontab -l | grep export-oracle 0 23 * * * /usr/sbin/export-oracle root:~# exit ; LogoutIf you see the line, go ahead and log out.
- Dowload this script - to /tmp. At the top of the script - are several variables that you'll need to customize: -
- bak - location where you want - local backups to be saved -
- servername - name of your server - (and database instance) -
- ftp_user - username on your ftp - account -
- ftp_password - password on your - ftp account -
- ftp_dir - path on the remote - server where your backups will be uploaded -
- ftp_server - your ftp server -
+ Dowload this script + to /tmp. At the top of the script + are several variables that you'll need to customize: +
+ bak - location where you want + local backups to be saved +
+ servername - name of your server + (and database instance) +
+ ftp_user - username on your ftp + account +
+ ftp_password - password on your + ftp account +
+ ftp_dir - path on the remote + server where your backups will be uploaded +
+ ftp_server - your ftp server +
- Next, we'll save this file to our server's - tcl directory so that it will be - loaded on startup. It will automatically be run every night at - midnight. Note that this script only backs up the database - not the - OpenACS scripts and file content. -
-nsadmin:~$ cp /tmp/acs-pgbackup-init.txt /web/birdnotes/tcl/acs-pgbackup-init.tcl -nsadmin:~$ restart-aolserver birdnotes
- That's it! The script will email you with each successful backup (or - if it fails, it will send you an email with the reason) -
- The "vacuum" command must be run periodically to reclaim space. The - "vacuum analyze" form additionally collects statistics on the - disbursion of columns in the database, which the optimizer uses when - it calculates just how to execute queries. The availability of this - data can make a tremendous difference in the execution speed of - queries. This command can also be run from cron, but it probably makes - more sense to run this command as part of your nightly backup - procedure - if "vacuum" is going to screw up the database, you'd - prefer it to happen immediately after (not before!) you've made a - backup! The "vacuum" command is very reliable, but conservatism is - the key to good system management. So, if you're using the export - procedure described above, you don't need to do this extra step. -
Edit your crontab:
-nsadmin:~$ crontab -e
We'll set vacuum up to run nightly at 1 AM. Add the following - line:
+ Next, we'll save this file to our server's + tcl directory so that it will be + loaded on startup. It will automatically be run every night at + midnight. Note that this script only backs up the database - not the + OpenACS scripts and file content. ++joeuser:~$ cp /tmp/acs-pgbackup-init.txt ~/web/birdnotes/tcl/acs-pgbackup-init.tcl +joeuser:~$ restart-aolserver birdnotes+ That's it! The script will email you with each successful backup (or + if it fails, it will send you an email with the reason) +
+ The "vacuum" command must be run periodically to reclaim space. The + "vacuum analyze" form additionally collects statistics on the + disbursion of columns in the database, which the optimizer uses when + it calculates just how to execute queries. The availability of this + data can make a tremendous difference in the execution speed of + queries. This command can also be run from cron, but it probably makes + more sense to run this command as part of your nightly backup + procedure - if "vacuum" is going to screw up the database, you'd + prefer it to happen immediately after (not before!) you've made a + backup! The "vacuum" command is very reliable, but conservatism is + the key to good system management. So, if you're using the export + procedure described above, you don't need to do this extra step. +
Edit your crontab:
+joeuser:~$ crontab -e
We'll set vacuum up to run nightly at 1 AM. Add the following + line:
0 1 * * * /usr/local/pgsql/bin/vacuumdb birdnotes
Starting another server is simply a matter of configuring another - aolserver instance, creating another database and pointing this - aolserver instance at a fresh copy of the OpenACS-4 code. We'll call - our new server birdnotes-dev
- Download another copy of openacs4.tcl.txt - into /tmp.
-nsadmin:~$ cp /tmp/openacs4.tcl.txt ./birdnotes-dev.tcl -nsadmin:~$ chmod 660 birdnotes-dev.tcl -nsadmin:~$ emacs birdnotes-dev.tcl
Just like in the section called “Configuring AOLserver”, - you'll need to set the server parameters appropriately. Be sure to - choose a different port than your original server and to set - server to - birdnotes-dev.
+ aolserver instance, creating another database and pointing this + aolserver instance at a fresh copy of the OpenACS-4 code. We'll call + our new server birdnotes-dev
+ You can either copy your current OpenACS installation: +
+joeuser:~$ cp -r web/birdnotes web/birdnotes-dev
+ Or Download the OpenACS + 4 software into /tmp again. +
+joeuser:~$ cd web +joeuser:~/web$ tar xzvf /tmp/openacs-4-5-release.tgz +joeuser:~/web$ mv openacs-4 birdnotes-dev
+ Download another copy of openacs4.tcl.txt + into /tmp.
+joeuser:~/web$ cp /tmp/openacs4.tcl.txt ./birdnotes-dev/nsd.tcl +joeuser:~/web$ chmod 600 birdnotes-dev/nsd.tcl +joeuser:~/web$ emacs birdnotes-dev/nsd.tcl
Just like in the section called “Configuring AOLserver”, + you'll need to set the server parameters appropriately. Be sure to + choose a different port than your original server and to set + server to + birdnotes-dev.
- Create a new database instance called - birdnotes-dev. Follow the instructions in - Prepare Oracle for OpenACS or Prepare PostgreSQL for OpenACS. + Create a new database instance called + birdnotes-dev. Follow the instructions in + Prepare Oracle for OpenACS or Prepare PostgreSQL for OpenACS. -
+
+ Start your new server! +
+joeuser:~/web$ cd
+joeuser:~/web$ /usr/local/aolserver/bin/nsd-postgres -t /home/joeuser/web/birdnotes-dev/nsd.tcl+ Visit the site with a web browser (using the port that you set + above). You should see the OpenACS installer. Once you install + the OpenACS datamodel, you'll also need to add your new aolserver + instance to /etc/inittab (or + daemontools) so it restarts automatically.
- You can either copy your current OpenACS installation: -
-nsadmin:~$ cd /web -nsadmin:~$ cp -r birdnotes birdnotes-dev
- Or Download the OpenACS - 4 software into /tmp again. -
-nsadmin:~$ cd /web -nsadmin:/web$ tar xzvf /tmp/alpha2.tgz -nsadmin:/web$ mv openacs-4 birdnotes-dev
- Start your new server! -
-nsadmin:/web$ cd
-nsadmin:~$ /usr/local/aolserver/bin/nsd-postgres -t /usr/local/aolserver/birdnotes-dev.tcl- Visit the site with a web browser (using the port that you set - above). You should see the OpenACS installer. Once you install - the OpenACS datamodel, you'll also need to add your new aolserver - instance to /etc/inittab (or - daemontools) so it restarts automatically.
- OpenACS uses the OpenFTS package to - implement site-wide-search. You'll need to have the Tcl development - libraries and headers installed. (Debian users: - apt-get install tcl8.3-dev) -
- As root, download the - Search-OpenFTS driver. -
-nsadmin:~$ su - + OpenACS uses the OpenFTS package to + implement site-wide-search. As of this writing, the current version + is 0.3.2. There are good instructions included in the OpenFTS + instructions which I will repeat here. Be sure to look at those + instructions if you're installing a version later than 0.3.2; the + instructions may have changed. You'll need to have the Tcl + development libraries and headers installed. (Debian users: + apt-get install tcl8.3-dev) + +
+ + As root, download the latest TCL + version of the Search-OpenFTS driver from SourceForge + into /tmp. Extract the source + into /usr/local/src + +
+joeuser:~$ su - Password: ********** -root:~# cd /tmp -root:/tmp# wget http://prdownloads.sourceforge.net/openfts/Search-OpenFTS-tcl-0.2.tar.gz root:~# cd /usr/local/src -root:/usr/local/src# tar xzf /tmp/Search-OpenFTS-tcl-0.2.tar.gz -root:/usr/local/src# chown -R nsadmin.web Search-OpenFTS-tcl-0.2 -root:/usr/local/src# exit- Configure it. Note that you may need to set - --with-tcl=(your Tcl library - location). For Debian, add this to the end of the - ./configure command: - --with-tcl=/usr/lib/tcl8.3 -
-nsadmin:~$ cd /usr/local/src/Search-OpenFTS-tcl-0.2 -nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2$ ./configure --with-aolserver-src=/usr/local/src/aolserver/aolserver- In order to compile on Debian, I had to edit my - Makefile.global. Add - -I/usr/include/tcl8.3 to the - line where INC is defined, so it looks like this: -
-INC = ../include -I/usr/include/tcl8.3Then compile it:
-nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2$ make -nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2$ cd aolserver -nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2/aolserver$ make- Install it. You need to do this step as root since some of the - libraries will be installed alongside your TCL libraries and some - alongside your PostgreSQL libraries. -
-nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2/aolserver$ su - -Password: *********** -root:~# cd /usr/local/src/Search-OpenFTS-tcl-0.2 -root:/usr/local/src/Search-OpenFTS-tcl-0.2# make install -root:/usr/local/src/Search-OpenFTS-tcl-0.2# exit -nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2/aolserver$ cp nsfts.so /usr/local/aolserver/bin/- Add the following line to your aolserver config file (in our - example: - /usr/local/aolserver/birdnotes.tcl) - in the "ns_section ns/server/${server}/modules" section: -
+root:/usr/local/src# tar xzf /tmp/Search-OpenFTS-tcl-0.3.2.tar.gz +root:/usr/local/src# chown -R root.root Search-OpenFTS-tcl-0.3.2 +root:/usr/local/src# cd Search-OpenFTS-tcl-0.3.2+ + Configure it. Note that you may need to set + --with-tcl=(your Tcl library + location). For Debian, add this to the end of the + ./configure command: + --with-tcl=/usr/lib/tcl8.3 + +
+root:/usr/local/src/Search-OpenFTS-tcl-0.3.2# ./configure --with-aolserver-src=/usr/local/src/aolserver/aolserver+ + Then compile it, copy the module to your AOLserver + bin directory, and copy the TCL + files to your AOLserver tcl + directory: + +
+root:/usr/local/src/Search-OpenFTS-tcl-0.3.2# cd aolserver +root:/usr/local/src/Search-OpenFTS-tcl-0.3.2/aolserver# make +root:/usr/local/src/Search-OpenFTS-tcl-0.3.2/aolserver# cp nsfts.so /usr/local/aolserver/bin +root:/usr/local/src/Search-OpenFTS-tcl-0.3.2/aolserver# cd ..+ + Load the tsearch module SQL into your database and then compile + the openfts module in the Postgresql contrib directory. + +
+root:/usr/local/src/Search-OpenFTS-tcl-0.3.2# cp -r pgsql_contrib_openfts /usr/local/src/postgresql-7.2.3/contrib +root:/usr/local/src/Search-OpenFTS-tcl-0.3.2# cd /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts +root:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts# make +root:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts# su postgres +postgres:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts$ make install +postgres:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts$ /usr/local/pgsql/bin/psql birdnotes -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql +postgres:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts$ /usr/local/pgsql/bin/psql birdnotes -f openfts.sql +postgres:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts$ exit +root:/usr/local/postgresql-7.2.3/contrib/pgsql_contrib_openfts# exit+ + Uncomment the following line in your aolserver config file (in our + example: + ~/web/birdnotes/nsd.tcl) + in the "ns_section ns/server/${server}/modules" section: + +
ns_param nsfts ${bindir}/nsfts.so- Load the openFTS code into your database: -
-nsadmin:/usr/local/src/Search-OpenFTS-tcl-0.2/aolserver$ cd -nsadmin:~$ psql -f /web/birdnotes/packages/openfts-driver/sql/postgresql/load.sql birdnotes -nsadmin:~$ restart-aolserver birdnotes- Open a browser and go to your server - (http://yourserver:port). Click on the "Package Manager" link in - the "Quick Links" section on the right side of the page. -
- Click on the "Install packages" link and follow the instructions - to install the Note package and the OpenFTS Driver 4.2 package. -
- Restart your server. + Open a browser and go to your server + (http://yourserver:port). Click on the "Package Manager" link in + the "Quick Links" section on the right side of the page. +
+ Click on the "Install packages" link and follow the instructions + to install the Note package and the OpenFTS Driver 4.2 package. +
+ Restart your server. -
-nsadmin:~$ restart-aolserver birdnotes-- Give the server a few minutes to restart and then go back to your - server's front page and click on "Site Map" from the "Quick - Links" -
- Create a "new sub folder" under "Main Site". Call the url - "openfts". -
Click "mount" to mount the OpenFTS driver at the url - "openfts" (despite what the system says about these packages not - being meant to be mounted) -
Click on "Set parameters" for the OpenFTS instance - and make sure that openfts_tcl_src_path properly points to your - local copy of the Search package source code. If you've followed - these directions strictly, you shouldn't need to change it. -
- Create another folder under "Main Site" at the url - "search". Create a "new application". Call the application - "Search" and choose the "Search" package from the drop-down list. -
- Create a third folder under "Main Site" at the url - "notes". Create a "new application". Call the application "Notes" - and choose the "Note" package from the drop-down list. -
- Restart the server. -
- Return to your home page. Near the bottom of the page, Click on - the "OpenFTS Driver" link. Then click on - "Administration". Finally, click on "Initialize OpenFTS - Engine". Accept the defaults and continue. -
- Click on the "Main Site" link to get back to the home page. Now, - click on the "ACS Service Contract" link near the bottom of the - home page. -
- Click on the link to "install" the FtsEngineDriver. Also, click - the link to install the Note content provider. -
- Restart the server. You can try inserting some notes and then - going to the search page to search for stuff. Note that the - content may not get indexed immediately, so give it a few - minutes. -
+joeuser:~$ svc -t /service/birdnotes+
+ Give the server a few minutes to restart and then go back to your + server's front page and click on "Site Map" from the "Quick + Links" +
+ Create a "new sub folder" under "Main Site". Call the url + "openfts". +
Click "mount" to mount the OpenFTS driver at the url + "openfts" (despite what the system says about these packages not + being meant to be mounted) +
+ + Click the "Set parameters" link next to OpenFTS. Change the + openfts_tcl_src_path to + /usr/local/src/Search-OpenFTS-tcl-0.3.2 + +
+ Create another folder under "Main Site" at the url + "search". Create a "new application". Call the application + "Search" and choose the "Search" package from the drop-down list. +
+ Create a third folder under "Main Site" at the url + "notes". Create a "new application". Call the application "Notes" + and choose the "Note" package from the drop-down list. +
+ Restart the server. +
+ Return to your home page. Near the bottom of the page, Click on + the "OpenFTS Driver" link. Then click on + "Administration". Finally, click on "Initialize OpenFTS + Engine". Accept the defaults and continue. +
+ Click on the "Main Site" link to get back to the home page. Now, + click on the "ACS Service Contract" link near the bottom of the + home page. +
+ Click on the link to "install" the FtsEngineDriver. Also, click + the link to install the Note content provider. +
+ Restart the server. You can try inserting some notes and then + going to the search page to search for stuff. Note that the + content may not get indexed immediately, so give it a few + minutes. +
+
One of the major design features of OpenACS 4.5 is the explicit representation + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
One of the major design features of OpenACS 4.6 is the explicit representation of object identity. The reason I say "explicit representation" is because the concept of object identity has been around forever. It is inherent to our problem domain. Consider the example of 3.x style scoping. The 3.x data models use the triple (user_id, group_id, -scope) to identify an object. In the 4.5 data model this +scope) to identify an object. In the 4.6 data model this object is explicitly represented by a single party_id.
Another good example of this is can be found in the user groups data model. The 3.x user groups data model contains another example of an implied identity. Every mapping between a user and a group could have an arbitrary number of attached values (user_group_member_fields, etc.). In this case it is the pair (group_id, user_id) that implicitly refers to an -object (the person's membership in a group). In the 4.5 data model this +object (the person's membership in a group). In the 4.6 data model this object identity is made explicit by adding an integer primary key to the table that maps users to groups.
Coming from a purely relational world, this might seem slightly weird at first. The pair (group_id, user_id) is sufficient to uniquely identify the @@ -33,6 +33,4 @@ even capable of fully tracking the history of membership state.
The design choice of explicitly representing object identity with an integer primary key that is derived from a globally unique sequence is the key to eliminating redundant code and replacing it with generic object -level services.
+
The next section will explore these facilities in the context of the the -particular programming idioms that we wish to generalize.
Related Links
This design document should be read along with the design documents for the new groups system, subsites and the permissions system
The motivation for most of the facilities in the OpenACS 4 Object Model can be +particular programming idioms that we wish to generalize.
Related Links
This design document should be read along with the design documents for the new groups system, subsites and the permissions system
The motivation for most of the facilities in the OpenACS 4 Object Model can be understood in the context of the 3.x code base and the kinds of programming idioms that evolved there. These are listed and discussed below.
Object identification is a central mechanism in OpenACS 4. Every application object in OpenACS 4 has a unique ID which is mapped to a row in a central table @@ -77,14 +77,14 @@ make sure every object the system is to manage is associated with a row in acs_objects. More importantly, if they do this, new services like general comments can be created without requiring existing applications -to "hook into" them via new metadata.
Note: Object identifiers are a good example of metadata +to "hook into" them via new metadata.
Note: Object identifiers are a good example of metadata in the new system. Each row in acs_objects stores information about the application object, but not the application object itself. This becomes more clear if you skip ahead and look at the SQL schema code that defines this table.
Until the implementation of the general permissions system, every OpenACS application had to manage access control to its data separately. Later on, a notion of "scoping" was introduced into the core data model.
"Scope" is a term best explained by example. Consider some -hypothetical rows in the address_book table:
... scope user_id group_id ... ... user 123 � ... ... group � 456 ... ... public � � ...
The first row represents an entry in User 123's personal address book, +hypothetical rows in the address_book table:
... scope user_id group_id ... ... user 123 � ... ... group � 456 ... ... public � � ...
The first row represents an entry in User 123's personal address book, the second row represents an entry in User Group 456's shared address book, and the third row represents an entry in the site's public address book.
In this way, the scoping columns identify the security context in which a @@ -245,8 +245,8 @@ the more limited domain of the metadata model, this is acceptable since the type hierarchy is fairly small. But the object system data model is not designed to support, for example, a huge type tree like the Java runtime -libraries might define.
This last point cannot be over-stressed: the object model is not -meant to be used for large scale application data storage. It is +libraries might define.
This last point cannot be over-stressed: the object model is not +meant to be used for large scale application data storage. It is meant to represent and store metadata, not application data.
Like most data models, the OpenACS Core data model has two levels:
The knowledge level (i.e. the metadata model)
The operational level (i.e. the concrete data model)
You can browse the data models themselves from here:
Pete Su generated this document from material culled from other documents by Michael Yoon, Richard Li and Rafael Schloming. But, any remaining lies -are his and his alone.
+
A major goal in OpenACS 4 is to unify and normalize many of the core services + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
A major goal in OpenACS 4 is to unify and normalize many of the core services of the system into a coherent common data model and API. In the past, these services were provided to applications in an ad-hoc and irregular fashion. Examples of such services include:
General Comments
User/groups
Attribute storage in user/groups
General Permissions
Site wide search
General Auditing
All of these services involve relating extra information and services to @@ -24,7 +24,7 @@ within the OpenACS, and typically corresponds to a single row within the relational database.
The OpenACS 4 Object Model must address five high-level requirements that repeatedly exhibit themselves in the context of existing services in OpenACS 3.x, -as described below.
Object Identifiers for General Services
Generic services require a single unambiguous way of identifying +as described below.
Object Identifiers for General Services
Generic services require a single unambiguous way of identifying application objects that they manage or manipulate. In OpenACS 3.x, there are several different idioms that construct object identifiers from other data. Many modules use a (user_id, group_id, scope) triple combination @@ -46,12 +46,12 @@ that their definition and use is ad-hoc and inconsistent. This makes the construction of generic application-independent services difficult. Therefore, the OpenACS 4 Object Model should provide a centralized and uniform -mechanism for tagging application objects with unique identifiers.
Support for Unified Access Control
Access control should be as transparent as possible to the application +mechanism for tagging application objects with unique identifiers.
Support for Unified Access Control
Access control should be as transparent as possible to the application developer. Until the implementation of the general permissions system, every OpenACS application had to manage access control to its data separately. Later on, a notion of "scoping" was introduced into the core data model.
"Scope" is a term best explained by example. Consider some -hypothetical rows in the address_book table:
... scope user_id group_id ... ... user 123 � ... ... group � 456 ... ... public � � ...
The first row represents an entry in User 123's personal address book, +hypothetical rows in the address_book table:
... scope user_id group_id ... ... user 123 � ... ... group � 456 ... ... public � � ...
The first row represents an entry in User 123's personal address book, the second row represents an entry in User Group 456's shared address book, and the third row represents an entry in the site's public address book.
In this way, the scoping columns identify the security context in which a @@ -65,7 +65,7 @@ page, a security problem could result.
Thus the OpenACS 4 Object Model must support a more general access control system that allows access control domains to be hierarchical, and specifiable with a single piece of data, instead of the old composite keys described -above.
Extensible Data Models
Another problem with previous OpenACS data models is that many of the central +above.
Extensible Data Models
Another problem with previous OpenACS data models is that many of the central tables in the system became bloated as they were extended to support an increasing number of modules. The users table is the best case in point: it became full of columns that exist for various special @@ -83,10 +83,10 @@ custom extensions to the existing data models, and the OM does the bookkeeping necessary to make this easier, providing a generic API for object creation that automatically keeps track of the location and relationships -between data.
Design Note: While this doesn't really belong in a +between data.
Design Note: While this doesn't really belong in a requirements document, the fact that we are constrained to using relational databases means that certain constraints on the overall design of the object -data model exist, which you can read about in Summary and Design Considerations.
Modifiable Data Models
Another recurring applications problem is how to store a modifiable data +data model exist, which you can read about in Summary and Design Considerations.
Modifiable Data Models
Another recurring applications problem is how to store a modifiable data model, or how to store information that may change extensively between releases or in different client installations. Furthermore, we want to avoid changes to an application's database queries in the face of any custom @@ -103,7 +103,7 @@ store values for those attributes.
Thus the Object Model must provide a general mechanism for applications and developers to modify or extend data models, without requiring changes to the SQL schema of the system. This ensures that all applications use the same -base schema, resulting in a uniform and more maintainable system.
Generic Relations
Many OpenACS applications define simple relationships between application +base schema, resulting in a uniform and more maintainable system.
Generic Relations
Many OpenACS applications define simple relationships between application objects, and tag those relationships with extra data. In OpenACS 3.x, this was done using mapping tables. The user/groups module has the most highly developed data model for this purpose, using a single table called @@ -127,8 +127,8 @@ that store metadata on application objects. The object type system supports subtyping with inheritance, so new object types can be defined in terms of existing object types.
The OM data model forms the main part of the OpenACS 4 Kernel data model. The -other parts of the Kernel data model include:
Parties and Groups
Permissions
Each of these is documented elsewhere at length.
The data model for the object system provides support for the following -kinds of schema patterns that are used by many existing OpenACS modules:
Object identification is a central mechanism in the new metadata system. +other parts of the Kernel data model include:
Parties and Groups
Permissions
Each of these is documented elsewhere at length.
The data model for the object system provides support for the following +kinds of schema patterns that are used by many existing OpenACS modules:
Object identification is a central mechanism in the new metadata system. The fact that every object has a known unique identifier means that the core can deal with all objects in a generic way. Thus the only action required of an application to obtain any general service is to "hook into" the @@ -149,15 +149,15 @@ application data. More importantly, object identifiers will enable developers to readily build and use generic services that work globally across a system.
The object identifiers should be subject to the following -requirements:
10.10 Uniqueness
The object ID should be unique among all the IDs in the entire OpenACS system -in which the object lives.
10.20 Useful as a Reference
Applications should be able to use the unique object ID as a reference, -with which they can fetch any or all of the object's attributes.
10.30 Storable
Object IDs should be storable in tables. e.g. you should be able to use +requirements:
10.10 Uniqueness
The object ID should be unique among all the IDs in the entire OpenACS system +in which the object lives.
10.20 Useful as a Reference
Applications should be able to use the unique object ID as a reference, +with which they can fetch any or all of the object's attributes.
10.30 Storable
Object IDs should be storable in tables. e.g. you should be able to use them to implement mapping tables between objects, to represent -relationships.
10.40 Moveable
Objects should be mobile between databases. That is, information will +relationships.
10.40 Moveable
Objects should be mobile between databases. That is, information will often need to be moved between multiple servers (development, staging, and production), so a mechanism for moving this data is necessary. In addition, a mechanism for tagging these objects in a way similar to CVS would be useful -in determining which objects need to be synchronized.
An object type refers to a specification of one or more +in determining which objects need to be synchronized.
An object type refers to a specification of one or more attributes to be managed along with a piece of application data.
The object system should provide a data model for describing and representing object types. This data model is somewhat analogous to the Oracle data dictionary, which stores information about all user defined @@ -170,33 +170,33 @@ is meant to be a generalization of this mechanism. The data model should allow developers to at least do everything they used to with user/groups, but without its administrative hassles.
Therefore, the data model must be able to represent object types that have -the following characteristics:
20.10 Type Name
A human readable name for the object type.
20.20 Type Attributes
Attributes whose values are shared by all instances of the object -type.
20.30 Object Attributes
Attributes that are specific to each particular object belonging to a -given type.
The data model must also enforce certain constraints on object types:
20.40 Type Uniqueness
Object type names must be unique.
20.50 Attribute Name Uniqueness
Attribute names must be unique in the scope of a single object type and -any of its parent types.
The Object Model must support the definition of object types that are +the following characteristics:
20.10 Type Name
A human readable name for the object type.
20.20 Type Attributes
Attributes whose values are shared by all instances of the object +type.
20.30 Object Attributes
Attributes that are specific to each particular object belonging to a +given type.
The data model must also enforce certain constraints on object types:
20.40 Type Uniqueness
Object type names must be unique.
20.50 Attribute Name Uniqueness
Attribute names must be unique in the scope of a single object type and +any of its parent types.
The Object Model must support the definition of object types that are subtypes of existing types. A subtype inherits all the attributes of its parent type, and defines some attributes of its own. A critical aspect of the OM is parent types may be altered, and any such change must propagate to child subtypes.
The OM data model must enforce constraints on subtypes that are similar to -the ones on general object types.
30.10 Subtype Uniqueness
Subtype names must be unique (this parallels requirement 10.40).
30.20 Subtype Attribute Name Uniqueness
Attribute names must be unique in the scope of a single object -subtype.
30.30 Parent Type Prerequisite
Subtypes must be defined in terms of parent types that, in fact, already -exist.
30.40
The extended attribute names in a subtype must not be the same as those in -its parent type.
35.10 Method and Type Association
The OM data model should define a mechanism for associating procedural +the ones on general object types.
30.10 Subtype Uniqueness
Subtype names must be unique (this parallels requirement 10.40).
30.20 Subtype Attribute Name Uniqueness
Attribute names must be unique in the scope of a single object +subtype.
30.30 Parent Type Prerequisite
Subtypes must be defined in terms of parent types that, in fact, already +exist.
30.40
The extended attribute names in a subtype must not be the same as those in +its parent type.
35.10 Method and Type Association
The OM data model should define a mechanism for associating procedural code, called methods, with objects of a given type. Methods are associated with the each object type - not each object -instance.
35.20 Method Sharing
All instances of a given object type should share the same set of defined -methods for that type.
In addition to information on types, the OM data model provides for the +instance.
35.20 Method Sharing
All instances of a given object type should share the same set of defined +methods for that type.
In addition to information on types, the OM data model provides for the centralized storage of object attribute values. This facility unifies the many ad-hoc attribute/value tables that exist in various OpenACS 3.x data models, such as:
User groups: Each instance of a group type can have custom data.
Photo DB: Users can define their own custom metadata to attach to photograph objects.
Ecommerce: Vendors can attach custom fields to the data model describing -their products.
40.10 Generic Retrieval
Attributes should be stored so that they are retrievable in a way that is +their products.
40.10 Generic Retrieval
Attributes should be stored so that they are retrievable in a way that is independent of the type of the object that they belong to. That is, the only data needed to retrieve an attribute should be the system-wide ID of an -object (see requirement 10.20 above) and the attribute name.
40.20 Inherited Attributes
The system should allow for the automatic retrieval of inherited attribute -values, for an object belonging to a subtype.
40.30. Constraints on Attributes
The system should allow the developer to put down constraints on the +object (see requirement 10.20 above) and the attribute name.
40.20 Inherited Attributes
The system should allow for the automatic retrieval of inherited attribute +values, for an object belonging to a subtype.
40.30. Constraints on Attributes
The system should allow the developer to put down constraints on the values that an attribute may hold, for the purposes of maintaining -application specific integrity rules.
In OpenACS 3.x, there was a notion of "scope" for application +application specific integrity rules.
In OpenACS 3.x, there was a notion of "scope" for application objects. An object could be belong to one of three scopes: public, group or user. This provided a crude way to associate objects with particular scopes in the system, but it was awkward to use and limited in flexibility.
The OpenACS 4 Object Model provides a generalized notion of scope that allows @@ -205,66 +205,64 @@ object has no explicit permissions attached to it, then it inherits permissions from its context.
The context data model also forms the basis of the subsites system, and is a basic part of the permissions system, -described in separate documents.
The context data model should provide the following facilities:
50.10 Unique ID
Every context should have a unique ID in the system.
50.20 Tree Structure
The data model should support a tree structured organization of contexts. +described in separate documents.
The context data model should provide the following facilities:
50.10 Unique ID
Every context should have a unique ID in the system.
50.20 Tree Structure
The data model should support a tree structured organization of contexts. That is, contexts can be logically "contained" within other contexts (i.e. contexts have parents) and contexts can contain other contexts -(i.e. contexts can have children).
50.30 Data Model Constraints
All objects must have a context ID. This ID must refer to an existing +(i.e. contexts can have children).
50.30 Data Model Constraints
All objects must have a context ID. This ID must refer to an existing context or be NULL. The meaning of a NULL context is determined by the -implementation.
Note:
The current system interprets the NULL context as meaning the default +implementation.
Note:
The current system interprets the NULL context as meaning the default "site-wide" context in some sense. I wanted to note this fact for others, but there is no need to make this a requirement of the system. I think it would be reasonable to have a NULL context be an error (psu -8/24/2000).
The data model should include a notion of pair-wise relations between +8/24/2000).
The data model should include a notion of pair-wise relations between objects. Relations should be able to record simple facts of the form "object X is related to object Y by relationship R," and also be -able to attach attributes to these facts.
The API should let programmers accomplish the following actions:
60.10 Create a New Object Type
The object system API should provide a procedure call that creates a new +able to attach attributes to these facts.
The API should let programmers accomplish the following actions:
60.10 Create a New Object Type
The object system API should provide a procedure call that creates a new object type by running the appropriate transactions on the object system data model. This API call is subject to the constraints laid out in the data -model. We call this operation "instantiating" an object.
60.20 Create a New Object Subtype
The object system API should provide a procedure call for creating +model. We call this operation "instantiating" an object.
60.20 Create a New Object Subtype
The object system API should provide a procedure call for creating subtypes of a given type. Operationally, this API is the same as requirement 60.10. Instances of subtypes automatically contain all attributes of the parent type in addition to all attributes of the subtype. This API is subject -to the constraints laid out in the data model.
60.30 Create a New Relation Type
There should be an API call to create a new type of object relation. +to the constraints laid out in the data model.
60.30 Create a New Relation Type
There should be an API call to create a new type of object relation. Relation types can be modeled as object types. The API below for manipulating -attributes can then be used to add attributes to relation types.
The object system API must allow the programmer to modify, add, and delete +attributes can then be used to add attributes to relation types.
The object system API must allow the programmer to modify, add, and delete attributes from any object type. Updates should be propagated to any child subtypes. This API is subject to the constraints laid out in the data -model.
The system provides an API call for deleting an object type.
80.10
Deleting an object type destroys all instances of the type. It should be +model.
The system provides an API call for deleting an object type.
80.10
Deleting an object type destroys all instances of the type. It should be an error to delete types that have dependent subtypes. This API is subject to -the constraints laid out in the data model.
80.10.10
However, the programmer should also be able to specify that all the +the constraints laid out in the data model.
80.10.10
However, the programmer should also be able to specify that all the subtypes and instances of those subtypes be destroyed before destroying the object type. This is similar to a "delete cascade" constraint in -SQL.
The system must provide API calls to manage the creation and destruction -of object instances.
90.10 Create an Instance of an Object Type
The system should provide an API call for creating a new instance of a +SQL.
The system must provide API calls to manage the creation and destruction +of object instances.
90.10 Create an Instance of an Object Type
The system should provide an API call for creating a new instance of a given object type. The new instance should be populated with values for each of the attributes specified in the definition of the type. In addition, it should be possible to create the new instance with an optional context ID -that refers to the default context that the object will live in.
90.20 Delete an Object Instance
The OM should provide an API call for object deletion. Objects can be +that refers to the default context that the object will live in.
90.20 Delete an Object Instance
The OM should provide an API call for object deletion. Objects can be deleted only when no other objects in the system refer to them. Since it might not be practical to provide a mechanism like "delete cascade" here in a reliable way, providing such a facility in the system is -optional.
The system must provide API calls to manage the creation and destruction -of object relations.
The OM must provide an API call to declare that two objects are related to +optional.
The system must provide API calls to manage the creation and destruction +of object relations.
The OM must provide an API call to declare that two objects are related to each other by a given relation type. This API call should also allow -programmers to attach attributes to this object relation.
There should be an API call for destroying object relations and their -attributes.
The system should provide an API to create and destroy object -contexts.
The system should provide an API for updating the attribute values of a -particular instance of an object type.
The system should provide an API for retrieving attribute values from a -particular instance of an object type.
The Object Model must support the efficient storage and retrieval of +programmers to attach attributes to this object relation.
There should be an API call for destroying object relations and their +attributes.
The system should provide an API to create and destroy object +contexts.
The system should provide an API for updating the attribute values of a +particular instance of an object type.
The system should provide an API for retrieving attribute values from a +particular instance of an object type.
The Object Model must support the efficient storage and retrieval of object attributes. Since the OM is intended to form the core of many general services in the OpenACS, and these services will likely make extensive use of the OM tables, queries on these tables must be fast. The major problem here seems to be supporting subtyping and inheritance in a way that does not severely -impact query performance.
Most OpenACS packages will be expected to use the Object Model in one way or +impact query performance.
Most OpenACS packages will be expected to use the Object Model in one way or another. Since it is important that the largest audience of developers possible adopts and uses the OM, it must be easy to incorporate into applications, and it must not impose undue requirements on an application's data model. In other words, it should be easy to "hook into" the object model, and that ability should not have a major impact -on the application data model.
Note: Is the API the only way to obtain values? How does -this integrate with application level SQL queries?
| Document Revision # | Action Taken, Notes | When? | By Whom? | ||||||||||||||||||||||||||||||||||||||||||||
| 0.1 | Creation | 08/10/2000 | Bryan Quinn | ||||||||||||||||||||||||||||||||||||||||||||
| 0.2 | Major re-write | 08/11/2000 | Pete Su | ||||||||||||||||||||||||||||||||||||||||||||
| 0.3 | Draft completed after initial reviews | 08/22/2000 | Pete Su | ||||||||||||||||||||||||||||||||||||||||||||
| 0.4 | Edited, updated to conform to requirements template, pending freeze | 08/23/2000 | Kai Wu | ||||||||||||||||||||||||||||||||||||||||||||
| � | Final edits before freeze | 08/24/2000 | Pete Su | ||||||||||||||||||||||||||||||||||||||||||||
| 0.5 | Edited for consistency | 08/27/2000 | Kai Wu | ||||||||||||||||||||||||||||||||||||||||||||
| 0.6 | Put Object ID stuff first, because it makes more sense | 08/28/2000 | Pete Su | ||||||||||||||||||||||||||||||||||||||||||||
| 0.7 | Added requirement that knowledge-level objects must be moveable between
+on the application data model. Note: Is the API the only way to obtain values? How does +this integrate with application level SQL queries?
| 09/06/2000 | Pete Su | ||||||||||||||||||||||||||||||||||||||||||||
| 0.9 | Edited for ACS 4 Beta release. | 09/30/2000 | Kai Wu |
+
-Developing data models in OpenACS 4.5 is much like developing data models + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
+Developing data models in OpenACS 4.6 is much like developing data models for OpenACS 3, save for the implementation. As usual, you need to examine how to model the information that the application must store and manipulate, and define a suitable set of SQL tables. In our Notes @@ -28,12 +28,12 @@ Thinking further ahead, we can imagine doing any of the following things with Notes as well:
Define access control policies on notes.
Attach user comments on notes.
Allow users to define custom fields to store on their notes.
Automatically generate input forms or output displays for notes.
Allow other applications to use notes in ways we don't know of yet.
-In OpenACS 4.5, the key to enabling these types of services on your +In OpenACS 4.6, the key to enabling these types of services on your application data is to take advantage of the Object System. The first question, then, is "Just what are objects, and what do you use them for anyway?". The short answer: objects are anything represented in the application's data model that will need to be -managed by any central service in OpenACS 4.5, or that may be reusable in +managed by any central service in OpenACS 4.6, or that may be reusable in the context of future applications. Every object in the system is represented using a row in the acs_objects table. This table defines all the standard attributes that are stored on every @@ -63,7 +63,7 @@ new object type. Object types are analogous to classes in programming languages such as C++ and Java. In Java, a class defines a set of attributes that store data and a set of methods -that run code. In OpenACS 4.5, we use one or more Oracle tables to store the +that run code. In OpenACS 4.6, we use one or more Oracle tables to store the data attributes, and we define a PL/SQL package to hold procedures to define the programming interface to the data model.
@@ -80,8 +80,8 @@
Fire up your text editor and open the ROOT/packages/notes/sql/oracle/notes-create.sql (ROOT/packages/notes/sql/postgresql/notes-create.sql for the PG version) file created -when we created the package. Then, do the following: -
+when we created the package. Then, do the following: +
First, add an entry to the acs_object_types table with the following PL/SQL call:
begin @@ -141,7 +141,7 @@ because the new type note is a subtype of acs_object, it will inherit these attributes, so there is no need for us to define them. -
The next thing we do is make a small modification to the data model to reflect the fact that each row in the notes table represents something that is not only an object of type @@ -166,7 +166,7 @@ use the acs_objects table to find objects will transparently find any objects that are instances of any subtype of acs_objects. -
The next step is to define a PL/SQL package for your new type, and write some basic procedures to create and delete objects. Here is a package definition for our new type: @@ -197,7 +197,7 @@ You might be wondering what all the extra parameters are to these calls, since we haven't mentioned them before. These parameters are needed to fill out information that will be stored about the object -that's not stored directly in the table you defined. The OpenACS 4.5 Object +that's not stored directly in the table you defined. The OpenACS 4.6 Object System defines these attributes on the type acs_object since all objects should have these attributes. Internally, there are tables that store this information for you. Most of the data is pretty @@ -214,7 +214,7 @@ object OBJ was "read only", then any other object that used OBJ as its context would also be "read only" by default. We'll talk about this more later. -
The PL/SQL package body contains the implementations of the procedures defined above. The only subtle thing going on here is that we must use acs_object.new to insert a row into @@ -317,7 +317,7 @@ models that are meant to be integrated with the OpenACS object system.
-There are two basic rules you should follow when designing OpenACS 4.5 data +There are two basic rules you should follow when designing OpenACS 4.6 data models: @@ -372,7 +372,7 @@ requires a good amount of thought at design time even for simple applications.
-Hooking into the OpenACS 4.5 object system brings the application developer +Hooking into the OpenACS 4.6 object system brings the application developer numerous benefits, and doing it involves only four easy steps: @@ -396,6 +396,4 @@ especially true for the context_id field.
-
+ OpenACS (Open Architecture Community System) is an advanced + toolkit for building scalable, community-oriented web applications. + If you're thinking of building an enterprise-level web application, + OpenACS is a solid, proven foundation that will give you a 3-6 month headstart. +
+ OpenACS is also a collection of pre-built applications and services that + you can use to build your web site/application. Through a modular architecture, + OpenACS has packages for user/groups management, content management, e-commerce, + news, FAQ, calendar, forums, bug tracking, full-text searching, and + much more. +
+ OpenACS relies on AOLserver, + the free, multithreaded, scalable, Tcl-enabled, web/application server used by + America On-Line for most of its web sites, and a true acid-compliant + Relational Database Management System (RDBMS). Currently OpenACS supports + PostgreSQL, an open source RDBMS, and Oracle. (read more) +
+ The OpenACS toolkit is based on the ArsDigita Community System. ArsDigita + (now part of Red Hat, Inc.) kindly made their work available under the + GPL, + making all of this possible. +
+ The OpenACS community would like to hear your comments and help you + in your endeavors with the system. Stop by our web site + and feel free to ask a question, post ideas or whatever. +
+
Download the OpenACS 4.5 software + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Download the OpenACS 4.6 software to the /tmp directory:
- Login as nsadmin - and untar the downloaded components into - /web directory. The OpenACS - 4.5 tarball is currently named - openacs-4-5-release.tgz. Replace - openacs-4-5-release.tgz in the + + Create a directory called web + inside your home directory and untar the downloaded components + there. Set the permissions as directed. The OpenACS 4.6 + tarball is currently named + openacs-4-6-release.tgz. Replace + openacs-4-6-release.tgz in the commands below with whatever the current tarball is named. +
-joeuser:~$ su - nsadmin -Password: *********** -nsadmin:~$ cd /web -nsadmin:/web$ tar xzf /tmp/openacs-4-5-release.tgz
+joeuser:~$ mkdir -p web +joeuser:~$ chown joeuser.web web +joeuser:~$ cd web +joeuser:~/web$ tar xzf /tmp/openacs-4-6-release.tgz +joeuser:~/web$ chown -R joeuser.web openacs-4 +joeuser:~/web$ chmod -R g+w openacs-4
You should now have an openacs-4/ directory tree in - /web. Rename this directory to + ~/web. Rename this directory to whatever you want your web service to be identified as. The name of your web service is referred to as the service_name. Since you can run multiple @@ -33,67 +37,72 @@ community. We'll use birdnotes as an example in these docs.
-nsadmin:/web$ ls -l
-total 4
-drwxr-xr-x 8 nsadmin nsadmin 4096 Nov 27 09:32 openacs-4
-nsadmin:/web$ mv openacs-4 birdnotes
-nsadmin:/web$ ls -l
-total 4
-drwxr-xr-x 8 nsadmin nsadmin 4096 Dec 20 14:37 birdnotes+joeuser:~/web$ ls -l +drwxrwxr-x 8 joeuser web 4096 Nov 27 09:32 openacs-4 +joeuser:~/web$ mv openacs-4 birdnotes +joeuser:~/web$ ls -l +drwxrwxr-x 8 joeuser web 4096 Dec 20 14:37 birdnotes
+ + Finally create a directory for the AOLserver logs. + +
+joeuser:~/web$ mkdir birdnotes/log
Skip ahead if you want to Prepare PostgreSQL for OpenACS -
You should be logged on as - nsadmin for this step and you should - make sure that nsadmin is in the - dba group.
- Verify nsadmin membership by typing +
+ + You should be sure that your user account + (e.g. joeuser) is in the + dba group. + +
+ Verify membership by typing groups when you login: -
-nsadmin:~$ groups -nsadmin dba web+
+joeuser:~$ groups +dba web
If you do not see these groups, take the following action: -
-nsadmin:~$ su - ++joeuser:~$ su - Password: ************ -root:~# usermod -g nsadmin -G dba,web nsadmin+root:~# adduser joeuser dba
If you get an error about an undefined group, then add that group manually: -
+root:~# groupadd dba -root:~# groupadd nsadmin -root:~# groupadd web+root:~# groupadd web
Make sure to logout as root when you are finished with this step and log back in as - nsadmin. + your regular user.
Connect to Oracle using svrmgrl and login: -
-nsadmin:~$ svrmgrl ++joeuser:~$ svrmgrl SVRMGR> connect internal -Connected.+Connected.
Determine where the system tablespaces are stored: -
-SVRMGR> select file_name from dba_data_files;+
+SVRMGR> select file_name from dba_data_files;
Example results: -
+/ora8/m01/app/oracle/oradata/ora8/system01.dbf /ora8/m01/app/oracle/oradata/ora8/tools01.dbf /ora8/m01/app/oracle/oradata/ora8/rbs01.dbf /ora8/m01/app/oracle/oradata/ora8/temp01.dbf /ora8/m01/app/oracle/oradata/ora8/users01.dbf /ora8/m01/app/oracle/oradata/ora8/indx01.dbf -/ora8/m01/app/oracle/oradata/ora8/drsys01.dbf+/ora8/m01/app/oracle/oradata/ora8/drsys01.dbf
Using the above output, you should determine where to store your tablespace. As a general rule, you'll want to @@ -113,24 +122,26 @@ exit from svrmgrl and login as root for this step:
SVRMGR> exit
-nsadmin:~$ su -
+joeuser:~$ su -
Password: ************
root:~# mkdir -p /ora8/m02/oradata/ora8/
-root:~# chown nsadmin.web /ora8/m02/oradata/ora8
+root:~# chown joeuser.web /ora8/m02/oradata/ora8
root:~# chmod 775 /ora8/m02/oradata/ora8
root:~# exit
-nsadmin:~$- As nsadmin, create a tablespace for - the service. It is important that the tablespace can - autoextend. This allows the - tablespace's storage capacity to grow as the size of the data - grows. We set the pctincrease to be a very low value so that our - extents won't grow geometrically. We do not set it to 0 at - the tablespace level because this would affect Oracle's - ability to automatically coalesce free space in the - tablespace.
-nsadmin:~$ svrmgrl +joeuser:~$
+ Create a tablespace for the service. It is important that the + tablespace can autoextend. This + allows the tablespace's storage capacity to grow as the size + of the data grows. We set the pctincrease to be a very low value + so that our extents won't grow geometrically. We do not set + it to 0 at the tablespace level because this would affect + Oracle's ability to automatically coalesce free space in the + tablespace. + +
+joeuser:~$ svrmgrl + SVRMGR> connect internal; SVRMGR> create tablespace birdnotes datafile '/ora8/m02/oradata/ora8/birdnotes01.dbf' @@ -161,7 +172,7 @@
Make sure that you can login to Oracle using your service_name account:
-nsadmin:~$ sqlplus birdnotes/birdnotespassword +joeuser:~$ sqlplus birdnotes/birdnotespassword SQL> select sysdate from dual; SYSDATE @@ -178,22 +189,28 @@ variables set before launching. Download this nsd-oracle script into /tmp/nsd-oracle.txt :-nsadmin:~$ cp /tmp/nsd-oracle.txt ./bin/nsd-oracle -nsadmin:~$ chmod 700 ./bin/nsd-oracleNote
RedHat 7.3 and 8.0 users: set the the LD_ASSUME_KERNEL environment - variable in your nsd-oracle script: -
export LD_ASSUME_KERNEL=2.2.5
Preparing PostgreSQL is just a little bit simpler than preparing Oracle. We simply need to create a database with the name of our service-name (i.e. birdnotes)
-nsadmin:/web$ createdb birdnotes +joeuser:~/web$ createdb birdnotes CREATE DATABASE
Next we'll set up AOLserver so that it has the proper environment variables set before launching. Download this nsd-postgres script into /tmp/nsd-postgres.txt :
-nsadmin:/web$ cd -nsadmin:~$ cp /tmp/nsd-postgres.txt ./bin/nsd-postgres -nsadmin:~$ chmod 700 ./bin/nsd-postgres
+joeuser:~/web$ cd +joeuser:~$ su - +Password: ******** +root:~# cd /usr/local/aolserver/bin +root:/usr/local/aolserver/bin# cp /tmp/nsd-postgres.txt ./nsd-postgres +root:/usr/local/aolserver/bin# chmod 755 nsd-postgres +root:/usr/local/aolserver/bin# exit
The AOLserver architecture lets you run an arbitrary number of virtual servers. A virtual server is an HTTP service running on a specific port, e.g. port 80. In order for the OpenACS to work, you @@ -203,14 +220,16 @@ Download openacs4.tcl.txt into /tmp.
- Modify it for your needs and save it in - /usr/local/aolserver/birdnotes.tcl - (Of course change birdnotes to - whatever you're using as your service-name + + Modify it for your needs and save it inside your + ~/web/birdnotes directory. (Of + course change birdnotes to + whatever you're using as your service-name.) +
-nsadmin:~$ cp /tmp/openacs4.tcl.txt ./birdnotes.tcl -nsadmin:~$ chmod 660 birdnotes.tcl -nsadmin:~$ emacs birdnotes.tcl
+joeuser:~$ cp /tmp/openacs4.tcl.txt ./web/birdnotes/nsd.tcl +joeuser:~$ chmod 600 ./web/birdnotes/nsd.tcl +joeuser:~$ emacs ./web/birdnotes/nsd.tcl
Specifically, you'll have set the following variables
server - This is the name of @@ -226,7 +245,12 @@ *pretty* name for your server. For example, we might call ours "Birdnotes.net Community"
httpport - If you want your - server on a different port, enter it here
+ server on a different port, enter it here
+ + user_account - The account that will both + own OpenACS files and connect to the database (for Postgresql). + +
AOLServer is very configurable. These settings should get you started, but for more options, read the AOLServer docs. @@ -235,26 +259,27 @@ one. (Note, if you are using Oracle, rather than PostgreSQL, replace nsd-postgres with nsd-oracle):
-nsadmin:~$ killall nsd
+joeuser:~$ killall nsd
; Should probably see:
nsd: no process killed
-nsadmin:~$ /usr/local/aolserver/bin/nsd-postgres -t /usr/local/aolserver/birdnotes.tcl+joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl
Attempt to connect to the service from a web browser as you did in the Test AOLserver section. You should specify a URL like:
http://ip_name:ip_port/
You should see a page that looks like this - if so, go on to Using the OpenACS Installer.
+ If you don't see the login page, view your error log - (/usr/local/aolserver/log/birdnotes-error.log) + (~/web/birdnotes/log/error.log) to make sure the service is starting without any problems. If you - need to make changes, don't forget to kill any running - servers. + need to make changes, don't forget to kill any running servers. +
-nsadmin:~$ killall nsd
Now that you've got AOLserver up and running, let's install OpenACS - 4.5. + 4.6.
You should see a page from the webserver titled OpenACS Installation: @@ -265,28 +290,36 @@ side. But if everything is fine, you can click Next to proceed to load the OpenACS Kernel data model. -
+
+ The next page shows the results of loading the OpenACS Kernel data model - be prepared to wait a few minutes as it works. You - should see a string of "No errors." as the tables are - created. You'll see the line: + should see a string of output messages from the database as the + datamodel is created. You'll see the line: +
Loading package .info files ... this will take a few minutes
- This will really take a few minutes. Have faith! Finally, - another Next button will appear at - the bottom - click it. + + This will really take a few minutes. Have faith! Finally, another + Next button will appear at the + bottom - click it. +
- The following page shows the results of loading the package data - models. You should see positive results for each of the + + The following page shows the results of loading the core package + data models. You should see positive results for each of the previously selected packages, but watch out for any errors. Eventually, the page will display "Generating secret tokens" and then "Done"- click - Next. + Next. +
+ You should see a page, "OpenACS Installation: Create Administrator" with form fields to define the OpenACS site administrator. Fill out the fields as appropriate, and click - Create User. + Create User. +
You should see a page, "OpenACS Installation: Set System Information" allowing you to name your service. Fill out the @@ -299,11 +332,11 @@ AOLServer to restart itself (ie. inittab or daemontools), you'll need to manually restart your service.
-nsadmin:~$ /usr/local/aolserver/bin/nsd-postgres -t /usr/local/aolserver/birdnotes.tcl+joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl
Give the server a few minutes to start up. Then reload the final page above. You should see the front page, with an area to login near the upper right. Congratulations, OpenACS - 4.5 is now up and running! + 4.6 is now up and running!
Now, we'll describe how to start AOLserver automatically on boot, or whenever else the service dies. @@ -349,7 +382,7 @@ have Perl installed and also a symbolic link to it in /usr/local/bin.
-nsadmin:~$ su - +joeuser:~$ su - Password: *********** root:~# cp /tmp/restart-aolserver.txt /usr/local/bin/restart-aolserver root:~# chown root.web /usr/local/bin/restart-aolserver @@ -362,194 +395,206 @@ restart-aolserver to kill it. If it works, then there should be no more servers running. You should see the following lines.-nsadmin:~$ killall nsd +joeuser:~$ killall nsd nsd: no process killed -nsadmin:~$ /usr/local/aolserver/bin/nsd-postgres -t /usr/local/aolserver/birdnotes.tcl -nsadmin:~$ restart-aolserver birdnotes +joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl +joeuser:~$ restart-aolserver birdnotes Killing 23727 -nsadmin:~$ killall nsd +joeuser:~$ killall nsd nsd: no process killed- The number 23727 indicates the process id(s) (PIDs) of the - processes being killed. It is important that no processes are killed by the second - call to killall. If there are - processes being killed, it means that the script is not - working.
- Assuming that the restart-aolserver - script worked, login as root and open - /etc/inittab for - editing.
-nsadmin:~$ su -
+ The number 23727 indicates the process id(s) (PIDs) of the
+ processes being killed. It is important that no processes are killed by the second
+ call to killall. If there are
+ processes being killed, it means that the script is not
+ working.+ Assuming that the restart-aolserver + script worked, login as root and open + /etc/inittab for + editing.
+joeuser:~$ su - Password: ************ root:~# emacs -nw /etc/inittab
- Copy this line into the bottom of the file as a template, - making sure that the first field - nss1 is unique. -
-nss1:345:respawn:/usr/local/aolserver/bin/nsd-postgres -i -u nsadmin -g web -t /usr/local/aolserver/birdnotes.tcl- Important: Make sure there is a - newline at the end of the file. If there is not a newline at - the end of the file, the system may suffer catastrophic - failures. -
- Still as root, enter the following command to re-initialize - /etc/inittab.
+ Copy this line into the bottom of the file as a template, + making sure that the first field + nss1 is unique. ++nss1:345:respawn:/usr/local/aolserver/bin/nsd-postgres -i -u nobody -g web -t /home/joeuser/web/birdnotes/nsd.tcl
+ Important: Make sure there is a + newline at the end of the file. If there is not a newline at + the end of the file, the system may suffer catastrophic + failures. +
+ Still as root, enter the following command to re-initialize + /etc/inittab.
root:~# killall nsd nsd: no process killed root:~# /sbin/init q
- See if it worked by running the - restart-aolserver script - again.
+ See if it worked by running the
+ restart-aolserver script
+ again.
root:~# restart-aolserver birdnotes
Killing 23750- If processes were killed, congratulations, your server is now - automated for startup and shutdown. -
+ If processes were killed, congratulations, your server is now + automated for startup and shutdown. +
- Installation instructions: + Installation instructions: -
+
- Debian
- Red Hat
RPMs for RH 6.2 and RPM 7.1 are available - http://untroubled.org/rpms/daemontools. I - have not tested these, so I have no idea whether they work - properly. -
- Other distributions
+root:~# build-daemontools
+
- Red Hat
RPMs for RH 6.2 and RPM 7.1 are available + http://untroubled.org/rpms/daemontools. I + have not tested these, so I have no idea whether they work + properly. +
- Other distributions
- You can download the source directly from the author's site - at http://cr.yp.to/daemontools/install.html. + You can download the source directly from the author's site + at http://cr.yp.to/daemontools/install.html. -
-
- Create a file called run inside - /web/birdnotes: -
-nsadmin:~$ cd /web/birdnotes -nsadmin:/web/birdnotes$ emacs run- Copy this text into that file: -
+
+
+ Create a file called run inside + ~/web/birdnotes: +
+joeuser:~$ cd web/birdnotes +joeuser:~/web/birdnotes$ emacs run
+ Copy this text into that file: +
#!/bin/sh -exec /usr/local/aolserver/bin/nsd-postgres -it /usr/local/aolserver/birdnotes.tcl -u nsadmin -g web
- As root, change the ownership of this file: -
-nsadmin:/web/birdnotes$ su -
+exec /usr/local/aolserver/bin/nsd-postgres -it /home/joeuser/web/birdnotes/nsd.tcl -u nobody -g web+ + As root, change the ownership of this file. We also need to delete + any logs that may be present from previous testing. If they are + owned by users other than nobody, + then AOLserver willl not be able to append to them. + +
+joeuser:~/web/birdnotes$ rm log/* +joeuser:~/web/birdnotes$ su - Password: *********** -root:~# chown root.root /web/birdnotes/run -root:~# chmod 700 /web/birdnotes/run
- Now, we'll link our web root to the - /service directory. This causes - daemontools to monitor this directory. It should find your - run script and run it as soon as - you hit return. -
+root:~# chown root.root /home/joeuser/web/birdnotes/run +root:~# chmod 700 /home/joeuser/web/birdnotes/run
+ Now, we'll link our web root to the + /service directory. This causes + daemontools to monitor this directory. It should find your + run script and run it as soon as + you hit return. +
root:~# killall nsd
-root:~# ln -s /web/birdnotes /service
+root:~# ln -s /home/joeuser/web/birdnotes /service
root:~# ps -A | grep nsd
19359 pts/3 00:00:08 nsd
19361 pts/3 00:00:00 nsd
19362 pts/3 00:00:00 nsd
19363 pts/3 00:00:00 nsd
19364 pts/3 00:00:00 nsd- At this point, you should be able to use the - restart-aolserver script described - in Editing inittab. Daemontools, however, - allows you much more precision control. -
- svc -d /web/birdnotes - Bring - the server down -
- svc -u /web/birdnotes - Start - the server up. Also, restart it whenever it stops. -
- svc -o /web/birdnotes - Start - the server up once. Do not restart it if it stops. -
- svc -t /web/birdnotes - Stop - and immediately restart the server -
- - svc -k /web/birdnotes - Sends - the server a KILL signal. This is like KILL -9. AOLserver exits - immediately. If svc -t fails to fully kill AOLserver, use this - option. + At this point, you should be able to use the + restart-aolserver script described + in Editing inittab. Daemontools, however, + provides you with more precise control. +
-
- At this point, these commands will work only for the - root user. We can give a group - permission to run these commands as well. Download this script to - /tmp. -
+ svc -d /service/birdnotes - + Bring the server down + +
+ + svc -u /service/birdnotes - + Start the server up. Also, restart it whenever it stops. + +
+ + svc -o /service/birdnotes - + Start the server up once. Do not restart it if it stops. + +
+ + svc -t /service/birdnotes - + Stop and immediately restart the server + +
+ + svc -k /service/birdnotes - + Sends the server a KILL signal. This is like KILL -9. AOLserver + exits immediately. If svc -t fails to fully kill AOLserver, use + this option. + +
+ At this point, these commands will work only for the + root user. We can give a group + permission to run these commands as well. Download this script to + /tmp. +
root:~# cp /tmp/svgroup.txt /usr/local/bin/svgroup root:~# chmod 755 /usr/local/bin/svgroup root:~# svgroup web /service/birdnotes
- This command will give the web - group permission to use svc commands - on the birdnotes server. -
- Try it out. You may want to tail -f - /usr/local/aolserver/log/birdnotes-error.log in - another window, so you can see what happens when you type these - commands. -
+ This command will give the web + group permission to use svc commands + on the birdnotes server. ++ Try it out. You may want to tail -f + ~/web/birdnotes/log/error.log in + another window, so you can see what happens when you type these + commands. +
root:~# exit -nsadmin:~$ # first, bring the server down -nsadmin:~$ svc -d /web/birdnotes -nsadmin:~$ # now, start the server up -nsadmin:~$ svc -u /web/birdnotes -nsadmin:~$ # wait for server to come up, then restart it -nsadmin:~$ svc -t /web/birdnotes- Most of this information comes from Tom Jackson's AOLServer+Daemontools - Mini-HOWTO. -
- If you want to run the service on port 80 (the default HTTP port), - you need to set the port to 80 in your - service_name.tcl file in - /usr/local/aolserver. -
- Moreover, you will need to start the service as - root. If you follow the instructions - above for automating - startup, this will be taken care of, but if you ever start the - server from the command line, be sure to su - - first. -
- Port 80 is a privileged port. Only certain users - can claim it. When you start nsd as - root, it obtains the port, and then changes to run as whatever user - you specify in the server configuration file. This ensures a high - level of security, as the server, once started, is not running as - root. This mean that if someone was - able to exploit your web server to execute a command on your server, - they would not be able to gain root - access.
Skip down for instructions on Deleting a PostgreSQL tablespace. -
- Should it become necessary to rebuild a tablespace from scratch, - you can use the drop user command - in SVRMGRL with the cascade - option. This command will drop the user and every database object - the user owns.
+joeuser:~$ # first, bring the server down +joeuser:~$ svc -d /service/birdnotes +joeuser:~$ # now, start the server up +joeuser:~$ svc -u /service/birdnotes +joeuser:~$ # wait for server to come up, then restart it +joeuser:~$ svc -t /service/birdnotes
+ + Most of this information comes from Tom Jackson's AOLServer+Daemontools + Mini-HOWTO. + +
+ If you want to run the service on port 80 (the default HTTP port), + you need to set the port to 80 in your + nsd.tcl config file. +
+ Moreover, you will need to start the service as + root. If you follow the instructions + above for automating + startup, this will be taken care of, but if you ever start the + server from the command line, be sure to su + - first. +
+ Port 80 is a privileged port. Only certain users + can claim it. When you start nsd as + root, it obtains the port, and then changes to run as whatever user + you specify in the server configuration file. This ensures a high + level of security, as the server, once started, is not running as + root. This mean that if someone was + able to exploit your web server to execute a command on your server, + they would not be able to gain root + access.
Skip down for instructions on Deleting a PostgreSQL tablespace. +
+ Should it become necessary to rebuild a tablespace from scratch, + you can use the drop user command + in SVRMGRL with the cascade + option. This command will drop the user and every database object + the user owns.
SVRMGR> drop user birdnotes cascade;- If this does not work because svrmgrl "cannot drop a user that - is currently connected", make sure to kill the AOLserver using - this user. If it still does not work, do:
+ If this does not work because svrmgrl "cannot drop a user that + is currently connected", make sure to kill the AOLserver using + this user. If it still does not work, do:SVRMGR> select username, sid, serial# from v$session where lower(username)='birdnotes';and then
SVRMGR> alter system kill session 'sid,serial#';- where sid and serial# are - replaced with the corresponding values for the open session.
Use with caution!
- If you feel the need to delete everything - related to the service, you can also issue the following:
+ where sid and serial# are + replaced with the corresponding values for the open session.Use with caution!
+ If you feel the need to delete everything + related to the service, you can also issue the following:
SVRMGR> drop tablespace birdnotes including contents cascade constraints;
- Dropping a PostgreSQL tablespace is easy. You have to stop any - AOLserver instances that are using the database that you wish to - drop. If you're using daemontools, this is simple, just use the - 'down' flag (-d). If you're using inittab, you have to comment out - your server in /etc/inittab, - reread the inittab with /sbin/init - q, and then restart-aolserver - birdnotes.
Then, to drop the db, just do:
-nsadmin:~$ dropdb birdnotes
-DROP DATABASEThen, to drop the db, just do:
+joeuser:~$ dropdb birdnotes
+DROP DATABASE+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
We won't provide detailed instructions to install an operating system since there are so many valid choices available and each OS has their own installation procedures. @@ -12,7 +12,7 @@ and even Windows systems. The remainder of this guide will be specific to Linux. Users of other OS's may find some helpful information here, but we recommend that you instead use one of these - OS specific guides to install OpenACS 4.5. + OS specific guides to install OpenACS 4.6.
@@ -25,14 +25,15 @@
OpenACS Installation Guide for Windows 2000
+ This was written for ACS and has not yet - been updated for OpenACS. (Note: AOLServer is no longer - supporting Windows - it may be possible to run AOLServer under - Cygwin, but I haven't - seen any success reports yet). Another alternative is to use John - Sequeira's Oasis - VM, which is basically a fully working OpenACS 4.5 + been updated for OpenACS. (Note: AOLServer is not currently + supported on Windows, but this may change soon. Keep an eye on + the AOLserver mailing list or the OpenACS forums) Another + alternative is to use John Sequeira's Oasis + VM, which is basically a fully working OpenACS 4.6 system that you load into VMware. +
I'm currently using Debian GNU/Linux, so this guide may show that bias. Installation on any Linux distribution should be similar and @@ -43,22 +44,25 @@ to set aside a swap partition which is twice your RAM size.
Some things that you will need: -
| Requirement | Reason | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| recent kernel | Currently version 2.2.19 or - greater is the standard requirement. Some people are using 2.4.x - (2.4.16) kernels. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| bash | Bash is the standard Linux shell.
- We assume you are using bash for these instructions. If you're
- not using bash, then you will need to substitute your shell's
- conventions for setting environment variables when appropriate.
+
Locations:
+ None of these locations are set in stone - they're simply the values that we've chosen. You are free to install your software in other locations, but you'll need to adjust the instructions in this document to point to those locations. - - Here's a list of some helpful documentation for various OS's -
- Once you get your OS installed, it's imperative that you secure your - installation. As Jon Griffin repeatedly warns us, "No distribution is - secure out of the box." Again, this topic is too big to cover properly - here, so see these links. -
($Id$)
+
+ + + Note that previous versions of this document recommended using + /web for the web root and running + AOLserver as the nsadmin user. For + security and compatibility reasons, this is no longer recommended. + + + + This guide will use joeuser as a + normal user. Substitute your own username wherever you see + joeuser. + + + Here's a list of some helpful documentation for various OS's +
+ + Once you get your OS installed, it's imperative that you secure your + installation. As Jon Griffin repeatedly warns us, "No distribution is + secure out of the box." Again, this topic is too big to cover properly + here, so see these links. + +
($Id$) + Skip this page if you're not interested in Oracle NOTE: We've not yet tested - OpenACS 4.5 under Oracle 9i NOTE: This document assumes that - you'll be installing Oracle on the same box as AOLServer. For more - details on a remote Oracle installation, see Daryl Biberdorf's document. - + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + + + Skip this page if you're not interested in Oracle + + Note+ + OpenACS 4.6 does not yet work with Oracle 9i + + + + This document assumes that you'll be installing Oracle on the same + box as AOLServer. For more details on a remote Oracle installation, + see Daryl Biberdorf's document. + + + You can obtain the software through a variety of methods (You'll need to become a member of technet.oracle.com, which is free): +
- Throughout these instructions, we will refer to a number of - configurable settings and advise certain defaults. With the exception - of passwords, we advise you to follow these defaults unless you know - what you are doing. Subsequent documents will expect that you used - the defaults, so a change made here will necessitate further changes - later. For a guide to the defaults, please see the section called “Defaults”. - - For additional resources/documentation, please see this thread. - - Though Oracle 8.1.7 has an automated installer, we still need to - perform several manual, administrative tasks before we can launch - it. You must perform all of these steps as the - root user. We recommend entering the - X window system as a normal user and then doing a su - -. This command gives you full root access. -
+ + Throughout these instructions, we will refer to a number of + configurable settings and advise certain defaults. With the exception + of passwords, we advise you to follow these defaults unless you know + what you are doing. Subsequent documents will expect that you used + the defaults, so a change made here will necessitate further changes + later. For a guide to the defaults, please see the section called “Defaults”. + + + + For additional resources/documentation, please see this thread. + + + + Though Oracle 8.1.7 has an automated installer, we still need to + perform several manual, administrative tasks before we can launch + it. You must perform all of these steps as the + root user. We recommend entering the + X window system as a normal user and then doing a su + -. This command gives you full root access. + +
- This step will take you through the steps of creating a customized - database. Be warned that this process takes about an hour on a - Pentium II with 128 MB of RAM. - NoteRedHat 7.3 and 8.0 users: Before running dbassist, do the following.
+ Congratulations, you have just installed Oracle 8.1.7 Server! + However, you still need to create a database which can take about an + hour of non-interactive time, so don't quit yet. + + This step will take you through the steps of creating a customized + database. Be warned that this process takes about an hour on a + Pentium II with 128 MB of RAM. + NoteRedHat 7.3 and 8.0 users: Before running dbassist, do the following.
- For this step, open up a terminal and - su to - oracle as usual. You should be - running X and Netscape (or other web browser) for this phase. -
+ For this step, open up a terminal and + su to + oracle as usual. You should be + running X and Netscape (or other web browser) for this phase. +
- You will want to automate the database startup and shutdown process. - It's probably best to have Oracle spring to life when you boot up - your machine. -
+ You will want to automate the database startup and shutdown process. + It's probably best to have Oracle spring to life when you boot up + your machine. +
+ + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + This document is a guide on how to write a software package for OpenACS. OpenACS packages are installed and maintained with the OpenACS Package Manager (APM). This document presents reasons @@ -61,7 +61,7 @@ the pieces of each module are strewn all over the tree in at least 3 or 4 different areas. - Here is how an OpenACS 4.5 server is laid out: + Here is how an OpenACS 4.6 server is laid out:
ROOT/
@@ -125,7 +125,7 @@
sends to our server to the right page in the appropriate
package. While we're at it, this tool should also automate
package installation, dependency checking, upgrades, and package
- removal. In OpenACS 4.5, this tool is called the APM.
+ removal. In OpenACS 4.6, this tool is called the APM.
The APM is used to create, maintain, and install packages. It takes care of copying all of the files and registering the package in the @@ -147,7 +147,7 @@ The following sections will show you how to make a package for the Notes application. In addition, they will discuss some new site - management features in OpenACS 4.5 that take advantage of the APM's package + management features in OpenACS 4.6 that take advantage of the APM's package instance model. The two most important of these are subsites, and the site map tool, which can be used to map applications to one or more arbitrary URLs in a running site. @@ -365,7 +365,7 @@ notes.info file. Create a file called ROOT/packages/notes/sql/oracle/notes-create.sql. We'll - fill this file with our data model + fill this file with our data model very soon. Create a file called ROOT/packages/notes/sql/oracle/notes-drop.sql. This will contain the instructions to drop the data model. To be @@ -435,7 +435,7 @@ map content that lived outside the page root into the site, and it was also hard to map mulitiple URLs to the same place in the file system. - In OpenACS 4.5, administrators can define an arbitrary mapping between the + In OpenACS 4.6, administrators can define an arbitrary mapping between the URLs the user types and the actual file in the file system that is served. This mapping is called the site map and entries in the site map are called site nodes. Each site node maps a URL to an @@ -450,7 +450,7 @@ of many indedendent applications that actually run on a single shared code base. The request-processor document shows you how OpenACS figures out which instance of your application was - requested by the user at any given time. The page development tutorial shows you how to use this + requested by the user at any given time. The page development tutorial shows you how to use this information in your user interface. In order to make the new notes application visible to @@ -477,7 +477,7 @@ yet written Notes application at various places in the site. In a later document, we'll see how to write your application so that the code can detect from what URL it was invoked. This is the key - to supporting subsites. + to supporting subsites. The APM performs the following tasks in an OpenACS site:
+ While many applications must deal with individuals and many applications + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + While many applications must deal with individuals and many applications must deal with groups, most applications must deal with individuals or groups. It is often the case with such applications that in many respects both individuals and groups are treated in an identical manner. It @@ -18,7 +18,7 @@ isn't a company. It is a "party". Most developers who do significant work with the OpenACS will become intimately familiar with the parties data model, and probably extend it on many occasions. For this reason the parties developer guide will begin with -an introduction to the data model. Parties The central table in the parties data model is the parties table itself. +an introduction to the data model. Parties The central table in the parties data model is the parties table itself. Every party has exactly one row in this table. Every party has an optional unique email address and an optional url. A party is an acs object, so permissions may granted and revoked on parties and auditing information is @@ -39,7 +39,7 @@ table and one is the groups table. A row in the persons table represents the most basic form of individual that is modeled by the parties data model. A row in the groups table represents the most basic form of an aggregation of -individuals that is represented. Persons If a party is an individual then there will be a row in the persons table +individuals that is represented. Persons If a party is an individual then there will be a row in the persons table containing first_names and last_name for that individual. Note that the primary key of the persons table (person_id) references the primary key of the parties table (party_id). This guarantees that if there is a row in the @@ -57,7 +57,7 @@ ); - Users The users table is an even more specialized form of an individual. A row + Users The users table is an even more specialized form of an individual. A row in the users table represents an individual that has login access to the system. Note that the primary key of the users table references the primary key of the persons table. Once again this guarantees that if there is a row @@ -67,8 +67,8 @@ users) is that it is now possible to "nuke" a user from a live system by removing his entry from the users table, but leaving the rest of his information present (i.e. turning him from a user into a person). This is -because wherever possible the OpenACS 4.5 data model references the persons or -parties table, not the users table. If this feature is +because wherever possible the OpenACS 4.6 data model references the persons or +parties table, not the users table. If this feature is desired when extending the system, then the developers should be careful to only references the users table in situations where it is clear that the references is to a user and not to an individual. @@ -100,7 +100,7 @@ ); - Groups The final piece of the parties data model is the groups data model. A + Groups The final piece of the parties data model is the groups data model. A group is a specialization of a party that represents an aggregation of other parties. The only extra information directly associated with a group (beyond that in the parties table) is the name of the group. As you might guess there @@ -116,7 +116,7 @@ ); - Group Relations One surprise here is that there are actually two relations involved. One + Group Relations One surprise here is that there are actually two relations involved. One is the normal membership relation between parties and groups. A party may be a "member" of a group. The other relation is a composition relation between two groups. To fully understand why two relations are @@ -134,7 +134,7 @@ composition. Having a membership relation between groups and parties, and having a composition relation between groups and groups allows us to easily model the full range of sophisticated group structures that exist in the real -world. Group Membership Group memberships can be created and manipulated using the membership_rel +world. Group Membership Group memberships can be created and manipulated using the membership_rel package. Note that you can only create one membership object for a given group, party pair. Because of composition, it is possible in some circumstances to make someone a member of a group of which they are already a @@ -183,7 +183,7 @@ show errors - Group Composition Composition relations can be created or destroyed using the + Group Composition Composition relations can be created or destroyed using the composition_rel package. The only restriction on compositions is that there cannot be a cycle, i.e., a group cannot be a component of itself either directly or indirectly. This constraint is maintained for you by the API, but @@ -289,7 +289,7 @@ but it is foolish to assume that this data model is sufficient for every application. It therefore seems likely that developers will want to extend the parties data model in a number of ways. This section will describe some -of the more common ways. Specializing Users It is conceivable that some applications will want to collect more +of the more common ways. Specializing Users It is conceivable that some applications will want to collect more detailed information for people using the system. If it is the case that there can be only one such piece of information per user, then it might make sense to create another type of individual that is a further specialization @@ -299,12 +299,12 @@ have a primary key that references the users table, thereby guaranteeing that each row in the mensa_users table has a corresponding row in each of the users, persons, parties, and acs_objects tables. This child table could then -store any extra information relevant to the MENSA community. Specializing Groups If one were to build an intranet application on top of the 4.5 party +store any extra information relevant to the MENSA community. Specializing Groups If one were to build an intranet application on top of the 4.6 party system, it is likely that one would want to take advantage of the systems efficient representation of sophisticated organizational structures, but there would be much more specialized information associated with each group. In this case it would make sense to specialize the group party type into a -company party type in the same manner as above. Specializing Membership Relations The final portion of the parties data model that is designed to be +company party type in the same manner as above. Specializing Membership Relations The final portion of the parties data model that is designed to be extended is the membership relationship. Consider the intranet example again. It is likely that a membership in a company would have more information associated with it than a membership in an ordinary group. An obvious example @@ -313,6 +313,4 @@ single integer primary key in what could be thought of as a pure relation. Because a membership relation is an ordinary acs object with object identity, it is as easy to extend the membership relation to store extra information as it is to extend the users -table or the groups table. ($Id$) ($Id$) +
The goal of the Permissions system is to provide generic means to both @@ -48,14 +48,14 @@ The set of all defined privileges. A relation describing the set of methods directly + A relation describing the set of methods directly associated with each privilege. A relation describing which privileges directly + A relation describing which privileges directly "contain" other privileges. A table with one (party, object, privilege) -row for every privilege directly granted on any object in +row for every privilege directly granted on any object in the system - this is a denormalization of acs_privilege_method_rules and acs_privilege_hierarchy There are also a number of views to make it easier to ask specific @@ -78,7 +78,7 @@ a party is a member of a group (at any depth). Relation with every (object, party, method) -tuple implied by the above trees. In general, only acs_object_party_method_map +tuple implied by the above trees. In general, only acs_object_party_method_map should be used for queries from other modules. The other views are intermediate steps in building that query. The data model also includes two simple PL/SQL procedures (acs_permission.grant_permission and @@ -95,15 +95,15 @@ acs_privilege_hierarchy) objects get access control from direct grants, or inherit permissions from their context (unless the "don't inherit" flag is set) There are three essential areas in which all transactions in the -permissions system fall:
"Modification of methods and privileges." This +permissions system fall:
"Modification of methods and privileges." This refers to actions that happen mainly at package installation time - a package will create a number of methods for its own use, then associate them with the system's standard privileges, or new privileges which the package has created. The association step might also happen later, if the site-wide administrator chooses to change permissions policy. These steps involve directly manipulating the acs_methods, acs_privileges, and acs_privilege_method_rules tables. A web page for manipulating these features should be limited to site-wide -administrators. "Modification of permissions" - involves fairly +administrators. "Modification of permissions" - involves fairly common operations. Users are typically able to administer permissions for objects they themselves create. The two basic operations here are "grant" and "revoke". Granting permissions is done via @@ -112,7 +112,7 @@ acs_permissions table. Web pages for making these changes are available to all users, so they should not be in an admin area. In order to grant and revoke permissions on an object, the user must have the administer_privileges method -permission on that object. "Queries on permissions" - by far the most +permission on that object. "Queries on permissions" - by far the most common operation is querying the permissions database. Several kinds of questions are commonly asked: First, and most commonly, "Can this party perform this method on this object?" Two Tcl functions are provided to @@ -127,15 +127,15 @@ for appropriate methods. Finally, when administering the permissions for an object, a web page needs to know all permissions directly granted on that object. This is done by querying against acs_permissions. The API to the permissions system consists of a few well-known tables, -plus a pair of PL/SQL procedures and a pair of Tcl functions. Tables acs_methods, acs_privileges, and +plus a pair of PL/SQL procedures and a pair of Tcl functions. Tables acs_methods, acs_privileges, and acs_privilege_method_rules manage the set of permissions in the system. At installation time, a package will add to these three tables to introduce new permissions into the system. The main table for queries is acs_object_party_method_map, which contains (object, party, method) triples for all allowed operations in the system. Also of interest for queries is acs_permissions, which lists directly granted privileges. Neither acs_object_party_method_map (which is a view) nor acs_permissions should be updated -directly. PL/SQL Procedures acs_permissions.grant_permission introduces new permissions for +directly. PL/SQL Procedures acs_permissions.grant_permission introduces new permissions for an object. It should be given an (object, party, privilege) triple, and will always succeed. If the permission is already in the system, no change occurs. The interface for this procedure @@ -154,7 +154,7 @@ privilege acs_permissions.privilege%TYPE ); These procedures are defined in -permissions-create.sql Tcl Procedures Two tcl procedures provide a simple call for the query, "Can this +permissions-create.sql Tcl Procedures Two tcl procedures provide a simple call for the query, "Can this user perform this method on this object?" One returns true or false, the other presents an error page. To receive a true or false value, Tcl code should call: ad_permission_p $object_id $object_type $method -user_id $user_id @@ -184,6 +184,4 @@ + This document records requirements for the OpenACS 4 Permissions system, a + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + This document records requirements for the OpenACS 4 Permissions system, a component of the OpenACS 4 Kernel. The Permissions system is meant to unify and centralize the handling of access and control on a given OpenACS 4 system. Any multi-user software system must address the general problem of permissions, or "who can do what, on what." On web services, which @@ -15,7 +15,7 @@ manner reduces both cost and risk: cost, in that less code has to be written and maintained for dealing with recurring permissions situations; risk, in that we need not rely on any single programmer's diligence to ensure -access control is implemented and enforced correctly. Historical Motivations In earlier versions of the OpenACS, permissions and access control was handled +access control is implemented and enforced correctly. Historical Motivations In earlier versions of the OpenACS, permissions and access control was handled on a module-by-module basis, often even on a page-by-page basis. For example, a typical module might allow any registered user to access its pages read-only, but only allow members of a certain group to make changes. The way @@ -33,14 +33,14 @@ common administrative interface, and easily deployed and maintained access control. The system must be flexible enough to support every access model required in OpenACS applications, but not so flexible that pieces will go unused -or fall outside the common administrative interfaces. Terminology The primary question an access control system must answer is a three-way +or fall outside the common administrative interfaces. Terminology The primary question an access control system must answer is a three-way relation, like that between the parts of most simple sentences. A simple sentence generally has three parts, a subject, an object, and a verb - in the context of OpenACS Permissions, our simple sentence is, "Can this party -perform this operation on this target?" Definitions: The subject of the sentence is "party" - a +perform this operation on this target?" Definitions: The subject of the sentence is "party" - a distinguishable actor whose access may be controlled, this special word is used because one person may be represented by several parties, and one party -may represent many users (or no users at all). The object of the sentence is "target" - this +may represent many users (or no users at all). The object of the sentence is "target" - this is an entity, or object, that the party wishes to perform some action on. An entity/object here is anything that can be put under access control. The verb of the sentence is "operation" - a behavior on the OpenACS system subject to control, this word is used to represent the fact that a @@ -50,45 +50,43 @@ that operation. Examples of the essential question addressed by the Permissions system: Can jane@attacker.com delete the web security bboard? Can the Boston office (a party) within the VirtuaCorp intranet/website create its own news -instance? 10.0 Granularity The system must support access control down to the level of a single +instance? 10.0 Granularity The system must support access control down to the level of a single entity (this would imply down to the level of a row in the OpenACS Objects data -model). 20.0 Operations The system itself must be able to answer the essential permissions -question as well as several derived questions.
40.0 Scale of Privileges Privileges must be designed with appropriate scope for a given OpenACS +model). 20.0 Operations The system itself must be able to answer the essential permissions +question as well as several derived questions.
40.0 Scale of Privileges Privileges must be designed with appropriate scope for a given OpenACS package. Some privileges are of general utility (e.g. "read" and "write"). Others are of more limited use (e.g. "moderate" - applies mainly to a package like bboard, where many users are contributing content simultaneously). A package defining its own privileges should do so with moderation, being careful not to overload a privilege like -"read" to mean too many things. 50.0 Aggregation of Operations (Privileges) For user interface purposes, it can be appropriate to group certain +"read" to mean too many things. 50.0 Aggregation of Operations (Privileges) For user interface purposes, it can be appropriate to group certain privileges under others. For example, anyone with the "admin" privilege may also automatically receive "read", "write", -"delete", etc. privileges. 60.0 Aggregation of Parties (Groups) The system must allow aggregation of parties. The exact method used for +"delete", etc. privileges. 60.0 Aggregation of Parties (Groups) The system must allow aggregation of parties. The exact method used for aggregation will probably be addressed by the OpenACS 4 "Groups" system. Regardless of the exact behavior of aggregate parties, if an aggregate party exists, then access which is granted to the aggregate party -should be available to all members of that aggregate. 70.0 Scope of Access Control
100.0 Efficiency At least the basic access check (20.10) and the allowed targets check (20.40) must be efficient enough for general use, i.e. scalable under fairly heavy website traffic. It can be expected that almost every page will contain at least one basic access check, and most pages will contain an allowed targets check (20.40). In particular, constraining a SELECT to return only rows the current user has access to should not be much slower than the SELECT -on its own. 120.0 Ease of Use Since most SQL queries will contain an allowed target check in the where +on its own. 120.0 Ease of Use Since most SQL queries will contain an allowed target check in the where clause, whatever mechanism is used to make checks in SQL should be fairly small and simple. In particular, constraining a SELECT to return only rows the -current user has access to should not add more than one line to a query.
-The OpenACS 4.5 Permissions system allows developers and administrators to + +The OpenACS 4.6 Permissions system allows developers and administrators to set access control policies at the object level, that is, any application or system object represented by a row in the acs_objects table can be access-controlled via a simple @@ -14,7 +14,7 @@ Although this may all sound easy and wonderful, no developer or administrator would want to explicitly set access control rights for every user and every object on a -site. Therefore, OpenACS 4.5 has two auxiliary mechanisms for making this +site. Therefore, OpenACS 4.6 has two auxiliary mechanisms for making this easier: First, the Groups system allows users to be grouped together in flexible ways. Second, the object model defines a notion of object context, which allows applications to group objects @@ -26,7 +26,7 @@ define simple groupings of users. Each group had a human readable name and unique ID, and there was a single mapping table that mapped users to groups. (The actual data model was more complicated because it -contained a meta-data system much like the OpenACS 4.5 object type system, +contained a meta-data system much like the OpenACS 4.6 object type system, but that's not relevant right now.) The 3.x groups system, while very useful, was limited in few ways. The @@ -48,7 +48,7 @@ member of Greenpeace, its members are not necessarily members of Greenpeace. -OpenACS 4.5 solves both of these modeling problems by introducing a new +OpenACS 4.6 solves both of these modeling problems by introducing a new abstraction called a party. Parties have a recursive definition, and we can illustrate how it works with the following simplified data model. First, we define the parties @@ -105,23 +105,27 @@ tutorial - I've just given you what you need to understand how permissions work. For further detail, you can look at Parties in OpenACS 4 or OpenACS 4 Groups Design. + NOTE: Much more detailed information about the permissions system + and how to use it is available in the + OpenACS Permissions Tediously Explained document. + The permissions data model is actually pretty simple. The data model is a mapping between privileges, parties and objects. We already know what parties and objects are, but we don't know what privileges are. -In OpenACS 4.5, a privilege models the right to perform some operation on +In OpenACS 4.6, a privilege models the right to perform some operation on some object. They are the basic units out of which we build access control policies. For example, in the Unix filesystem we typically implement access control by granting users some combination of -read. write or execute privileges on files and directories. In OpenACS 4.5, +read. write or execute privileges on files and directories. In OpenACS 4.6, the table of privileges is organized hierarchically so that developers can define privileges that aggregate some set of privileges together. For example, if we have read, write, create and delete privileges, it might be convenient to combine them into a new privilege called "admin". Then if we grant a user this privilege she is automatically granted all the child privileges that the privilege -contains. The OpenACS 4.5 kernel data model actually defines these +contains. The OpenACS 4.6 kernel data model actually defines these privileges as follows: @@ -161,7 +165,7 @@ permissions to large groups of objects in the site, all at once. We use contexts to achieve this goal. -In OpenACS 4.5, an object context is a generalization of the scoping +In OpenACS 4.6, an object context is a generalization of the scoping mechanism introduced in OpenACS 3.x. "Scoping" and "scope" are terms best explained by example: consider some hypothetical rows in the address_book table: @@ -176,7 +180,7 @@ person or a group of people or the general public (itself a group of people). -In OpenACS 4.5, rather than breaking the world into a limited set of scopes, +In OpenACS 4.6, rather than breaking the world into a limited set of scopes, every object lives in a single context. A context is just an another object that represents the security domain to which the object belongs. By convention, if an object A doesn't have any permissions @@ -193,7 +197,7 @@ application. With only row-level permissions it is not obvious how to reasonably initialize the access control list when creating a message. At best, we have to explicitly grant various read and write -privileges whenever we create a message, which is tedious. In OpenACS 4.5, +privileges whenever we create a message, which is tedious. In OpenACS 4.6, a reasonable thing to do is to create an object representing a forum, and point the context_id field of a new message at the forum. Then, suppose we grant every user in the system read-access to @@ -207,7 +211,7 @@ hierarchy that matches the structure they need for access control in their application. The following picture shows a typical context hierarchy for a hypothetical site: - + A few things to note here. First, the top two contexts in the picture are "magic" in some sense because they are created by default by OpenACS for a specific purpose. The object default_context @@ -327,7 +331,7 @@ This displays the title of the note as either a link or plain text depending on whether or not we have write privileges on the object. -The if tag is something that the OpenACS 4.5 template system +The if tag is something that the OpenACS 4.6 template system defines for you to support conditional presentation. The templates developer guide provides more information about this. If you study the rest of the system, you will also notice that the @@ -341,7 +345,7 @@ permissions to notes that she wanted to make public or whatever. But that's beyond the scope of this example. -OpenACS 4.5 defines three separate mechanisms for specifying access control +OpenACS 4.6 defines three separate mechanisms for specifying access control in applications. The Groups data model allows you to define hierarchical organizations of users and groups of users. The Permissions data model allows you to define a hierarchy of user rights. Finally, @@ -351,6 +355,4 @@ In the next section, we'll look at a more complex page for adding and editing notes, and discuss these issues further. - ($Id$) ($Id$) + + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + Skip this page if you're not interested in PostgreSQL. - Download PostgreSQL 7.1.3 from the mirror closest to you. The list of - mirrors is at http://www.postgresql.org. Download - it to /tmp. + + Download PostgreSQL 7.2.3 from the mirror closest to you. The list of + mirrors is at http://www.postgresql.org. + Download it to /tmp. + As root, unpack it into /usr/local/src joeuser:~$ su - Password: *********** root:~# cd /usr/local/src -root:/usr/local/src# tar xzf /tmp/postgresql-7.1.3.tar.gz Still as root, create a user and group (if you haven't done so before) for PostgreSQL. This is the account that PostgreSQL will run as since it will not run as @@ -28,7 +30,7 @@ root:~# passwd postgres root:~# mkdir -p /usr/local/pgsql -root:~# chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.1.3 +root:~# chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.2.3 root:~# chmod 750 /usr/local/pgsql root:~# exit logout @@ -41,17 +43,21 @@ PATH=$PATH:/usr/local/pgsql/bin export PATH LD_LIBRARY_PATH - Logout and login again as postgres. Use the + + Logout and login again as + postgres. Use the echo command to make sure that /usr/local/pgsql/bin is now in your PATH + postgres:~$ exit logout joeuser:~$ su - postgres Password: ************ postgres:~$ echo $PATH /usr/local/bin:/usr/bin:/bin: ... :/usr/local/pgsql/bin + First, we run ./configure to set the compilation options automatically. This is the point at which you can configure PostgreSQL in various ways. For example, if you want to @@ -60,60 +66,71 @@ --enable-multibyte. If you want to see what the other possibilities are, run ./configure --help. + -postgres:~$ cd /usr/local/src/postgresql-7.1.3 -postgres:/usr/local/src/postgresql-7.1.3$ ./configure -postgres:/usr/local/src/postgresql-7.1.3$ make all +postgres:~$ cd /usr/local/src/postgresql-7.2.3 +postgres:/usr/local/src/postgresql-7.2.3$ ./configure +postgres:/usr/local/src/postgresql-7.2.3$ make all + Compilation will take a while (about 10 minutes). Once it's done, you will see the following message: + All of PostgreSQL is successfully made. Ready to install. + Next, we'll install PostgreSQL. If all is successful, you'll see the following “Thank You” message. + -postgres:/usr/local/src/postgresql-7.1.3$ make install +postgres:/usr/local/src/postgresql-7.2.3$ make install ... Thank you for choosing PostgreSQL, the most advanced open source database engine. - OpenFTS is the module that provides full text search to OpenACS 4.5. We - won't be installing it until later, but we'll set up a couple things - that are best done right now. + OpenFTS is the module that provides full text search to OpenACS + 4.6. We won't be installing it until later, but since it needs + a special PostgreSQL module called 'tsearch', we'll install it now. -postgres:/usr/local/src/postgresql-7.1.3$ make install-all-headers -postgres:/usr/local/src/postgresql-7.1.3$ cd contrib/intarray -postgres:/usr/local/src/postgresql-7.1.3/contrib/intarray$ make -postgres:/usr/local/src/postgresql-7.1.3/contrib/intarray$ make install The initdb command initializes - the database. pg_ctl is used to - start up PostgreSQL. +postgres:/usr/local/src/postgresql-7.2.3$ cd contrib/tsearch +postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ make +postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ make install + + The initdb command initializes the + database. pg_ctl is used to start up + PostgreSQL. + -postgres:/usr/local/src/postgresql-7.1.3/contrib/intarray$ cd +postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ cd postgres:~$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data postgres:~$ /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/data/server.log start postmaster successfully started + PostgreSQL errors will be logged in /usr/local/pgsql/data/server.log - - We have to install plpgsql into our PostgreSQL installation so that - we can use stored procedures. Fortunately, it's pretty easy. We'll - also create a database user named - nsadmin, so that aolserver can - access the database. (Don't worry that you don't have a - nsadmin user yet - we'll create that - in the next chapter.) + + + + Next, we'll install plpgsql into our PostgreSQL installation so that + we can use stored procedures. We'll also create a database user named + joeuser (replace with your own + username), so that you'll be able to access the database via + AOLserver. +
postgres:~$ createlang plpgsql template1
postgres:~$ # Test if we succeeded
postgres:~$ createlang -l template1
- Procedural languages
- Name | Trusted? | Compiler
----------+----------+----------
- plpgsql | t | PL/pgSQL
+Procedural languages
+ Name | Trusted?
+---------+----------
+ plpgsql | t
(1 row)
-postgres:~$ createuser nsadmin
+postgres:~$ createuser joeuser
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) y
CREATE USER+ Create a database and try some simple commands. The output should be as shown. + postgres:~$ createdb mytestdb CREATE DATABASE @@ -143,9 +160,11 @@ mytestdb=# \q postgres:~$ dropdb mytestdb DROP DATABASE + Download postgresql.txt to /tmp. Then follow the instructions specific to your distribution: +
- From now on, PostgreSQL should start automatically each time you boot - up and it should shutdown gracefully each time you shut down. (Note: - Debian defaults to starting all services on runlevels 2-5. Red Hat - defaults to starting services on 3-5. So, on Red Hat, PostgreSQL won't - start on runlevel 2 unless you alter the above commands a - little. This usually isn't a problem as Red Hat defaults to runlevel 3) - - Here are some links: - ($Id$) + + Here are some links: + +
($Id$) + + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + When using AOLserver, remember that there are effectively two types of global namespace, not one:
($Id$) + PSGML Mode is a mode for editing, umm, SGML and XML documents in emacs. It + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. + PSGML Mode is a mode for editing, umm, SGML and XML documents in emacs. It can parse a DTD and help you insert the right tags in the right place, knows about tags' attributes and can tell you in which contexts a tag can be used. If you give it the right DTD, that is. But even without a DTD, @@ -84,6 +84,4 @@ element is a sect1. Of course, you should read the emacs texinfo pages that come with PSGML mode from start to finish. Barring that, here are some handy commands:
|
+
- This is a final release of OpenACS 4.5. This release has been subjected + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
+ This is a final release of OpenACS 4.6. This release has been subjected to an organized test effort, but please bear in mind that we are still in the process of developing testing tools, methodology, and scripts.
@@ -18,18 +18,18 @@
You may want to begin by reading our installation documentation for Installing on Unix/Linux or Installing on Windows. Note - that the Windows documentation is not current for OpenACS 4.5, + that the Windows documentation is not current for OpenACS 4.6, but an alternative is to use John Sequeira's Oasis VM project.
After installation, the full documentation set can be found by visiting - http://[your-host]/doc. Not all pieces are updated for OpenACS 4.5 at + http://[your-host]/doc. Not all pieces are updated for OpenACS 4.6 at this moment.
If you're using Oracle 8.1.6 or 8.1.7 Enterprise Edition you may want to uncomment the SQL that causes InterMedia to keep online searching online while indexing. The feature doesn't exist in Standard Edition - and OpenACS 4.5 now defaults to being loadable in SE. Just grep for + and OpenACS 4.6 now defaults to being loadable in SE. Just grep for 'sync' to find the code.
Also be sure to read the documentation in the Site Wide Search @@ -203,6 +203,4 @@ Test Coverage: Minimal Suggested Status: Alpha Comments: Don tested personally -
+
-This document is a brief introduction to the OpenACS 4.5 Request Processor; + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
+This document is a brief introduction to the OpenACS 4.6 Request Processor; more details can be found in the OpenACS 4 Request Processor Design. Here we cover the high level concepts behind the system, and implications and usage for the application developer.
@@ -28,30 +28,30 @@ To achieve this functionality above in OpenACS 3.x, developers used an ad hoc combination of AOLserver filters, the ns_perm call, -special purpose code in pages, and other procedures. In OpenACS 4.5, the +special purpose code in pages, and other procedures. In OpenACS 4.6, the Request Processor, along with the OpenACS Package Manager, centralizes and unifies this functionality, making it more transparent and readily available to developers.
-The 4.5 Request Processor is a global filter and set of Tcl procs that +The 4.6 Request Processor is a global filter and set of Tcl procs that respond to every incoming URL reaching the server. The following diagram summarizes the stages of the request processor assuming a URL request like http://someserver.com/notes/somepage.adp. -
+
The first thing the RP does is to map the given URL to the appropriate physical directory in the filesystem, from which to serve content. We do this by searching the site map data model (touched on in the Packages, and further -discussed in the section called “Writing OpenACS 4.5 Application Pages”). This data model maps URLs to objects representing +discussed in the section called “Writing OpenACS 4.6 Application Pages”). This data model maps URLs to objects representing content, and these objects are typically package instances.
After looking up the appropriate object, the RP stores the URL, the ID of the object it found, and the package and package instance the object belongs to into the environment of the connection. This environment can be queried using the ad_conn procedure, -which is described in detail in OpenACS 4 Request Processor Design. The page +which is described in detail in OpenACS 4 Request Processor Design. The page development tutorial shows you how to use this interface to make your pages aware of which instance was requested.
@@ -62,7 +62,7 @@ extracts or sets up new session tokens for the user.
Next, the Request Processor checks if the user has appropriate access -privileges to the requested part of the site. In OpenACS 4.5, access control +privileges to the requested part of the site. In OpenACS 4.6, access control is dictated by the permissions system. In this case, the RP checks if the user has "read" priviledges on the object in the site map specified by the URL. This object is typically @@ -148,6 +148,9 @@
If the URL refers to a package instance, this is the unique key name of the package. -
+In a .vuh file, path_info is the trailing part of the URL not matched +by the .vuh file. +
+
Briefly explain to the reader what this document is for, whether it records the requirements for a new system, a client application, a toolkit subsystem, etc. Remember your audience: fellow programmers, @@ -47,21 +47,21 @@ leave generous gaps on the first writing of requirements (e.g. 1, 10, 20, 30, 40, etc.) because you'll want to leave room for any missing key requirements that may arise. -
10.0 A Common Solution
+
10.0 A Common Solution
Programmers and designers should only have to learn a single system that serves as a UI substrate for all the functionally specific modules in the toolkit. -
10.0.1
+
10.0.1
The system should not make any assumptions about how pages should look or function. -
10.0.5
+
10.0.5
Publishers should be able to change the default presentation of any module using a single methodology with minimal exposure to code.
For guidelines writing requirements, take a look - at the quality standards, along with a good example, such as OpenACS 4.5 Package Manager Requirements. + at the quality standards, along with a good example, such as OpenACS 4.6 Package Manager Requirements.
Besides writing requirements in natural language, consider using the following techniques as needed: @@ -81,6 +81,4 @@ pre-existing system or prototype first, and thus you may want to write some thoughts on implementation, for aiding and guiding yourself or other programmers. -
+
-pageroot -- Any directory that contains scripts and/or +provides to the browser.
+pageroot -- Any directory that contains scripts and/or static files intended to be served in response to HTTP requests. A typical -OpenACS installation is required to serve files from multiple pageroots.
global pageroot -(/web/servicename/www) -- Files appearing under +OpenACS installation is required to serve files from multiple pageroots.
global pageroot +(/web/servicename/www) -- Files appearing under this pageroot will be served directly off the base url -http://www.servicename.com/
package root -(/web/servicename/packages) -- Each subdirectory of +http://www.servicename.com/
package root +(/web/servicename/packages) -- Each subdirectory of the package root is a package. A typical OpenACS installation will have several -packages.
package pageroot -(/web/servicename/packages/package_key/www) --- This is the pageroot for the package_key package.
request environment (ad_conn) -- This is +packages.
package pageroot +(/web/servicename/packages/package_key/www) +-- This is the pageroot for the package_key package.
request environment (ad_conn) -- This is a global namespace containing variables associated with the current -request.
abstract URL -- A URL with no extension that doesn't -directly correspond to a file in the filesystem.
abstract file or abstract path -- A URL +request.
abstract URL -- A URL with no extension that doesn't +directly correspond to a file in the filesystem.
abstract file or abstract path -- A URL that has been translated into a file system path (probably by prepending the appropriate pageroot), but still doesn't have any extension and so does -not directly correspond to a file in the filesystem.
concrete file or concrete path -- A file -or path that actually references something in the filesystem.
Package Lookup
One of the first things the request processor must do is to determine which package instance a given request references, and based on this information, which pageroot to use when searching for a file to serve. During this process the request processor divides the URL into two pieces. The first portion identifies the package instance. The rest identifies the path into the package pageroot. For example if the news package is mounted on /offices/boston/announcements/, then a request for /offices/boston/announcements/index would be split into the -package_url (/offices/boston/announcements/), and the +package_url (/offices/boston/announcements/), and the abstract (no extension info) file path (index). The request processor must be -able to figure out which package_id is associated with a +able to figure out which package_id is associated with a given package_url, and package mountings must be persistent across server restarts and users must be able to manipulate the mountings on a live site, -therefore this mapping is stored in the database.
Authentication and Authorization
Once the request processor has located both the package_id and concrete +therefore this mapping is stored in the database.
Authentication and Authorization
Once the request processor has located both the package_id and concrete file associated with the request, authentication is performed by the session security system. After authentication has been performed the user is authorized to have read access for the given package by the OpenACS 4 Permissions Design. If authorization succeeds then the request is served, otherwise it is -aborted.
Concrete File Search
To actually serve a file, the request processor generates an ordered list +aborted.
Concrete File Search
To actually serve a file, the request processor generates an ordered list of abstract paths and searches each path for a concrete file. The first path searched is composed of the package pageroot with the extra portion of the URL appended. The second abstract path consists of the global pageroot with @@ -60,16 +60,16 @@ directory. Files take precedence over directory listings, so an index file in the global pageroot will be served instead of a directory listing in the package pageroot, even though the global pageroot is searched later. If a -file is found at any of the searched locations then it is served.
Virtual URL Handlers
If no file is found during the concrete file search, then the request -processor searches the filesystem for a virtual url handler -(.vuh) file. This file contains normal tcl code, and is in +file is found at any of the searched locations then it is served.
Virtual URL Handlers
If no file is found during the concrete file search, then the request +processor searches the filesystem for a virtual url handler +(.vuh) file. This file contains normal tcl code, and is in fact handled by the same extension handling procedure that handles .tcl files. The only way this file is treated differently is in how the request processor searches for it. When a lookup fails, the request processor generates each valid prefix of all the abstract paths considered in the concrete file search, and searches these prefixes in order from most specific to least specific for a matching .vuh file. If a file is found then the -ad_conn variable path_info is set to the portion of the url +ad_conn variable path_info is set to the portion of the url not matched by the .vuh script, and the script is sourced. This facility is intended to replace the concept of registered procs, since no special distinction is required between sitewide procs and package specific @@ -89,16 +89,14 @@ off the rightmost path components until a match is reached. This way the time required to lookup a URL is proportional to the length of the URL, not to the number of entries in the mapping.
The request environment is managed by the procedure -ad_conn. Variables can be set and retrieved through use of +ad_conn. Variables can be set and retrieved through use of the ad_conn procedure. The following variables are available for public use. If the ad_conn procedure doesn't recognize a variable being passed to it for a lookup, it tries to get a value using ns_conn. This guarantees that -ad_conn subsumes the functionality of ns_conn.
| Request processor | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn urlv] | A list containing each element of the URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn url] | The URL associated with the request. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn file] | The filepath including filename of the file being served | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn request] | The number of requests since the server was last started | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn start_clicks] | The system time when the RP starts handling the request | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| � | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Session System Variables: set in
+ad_conn subsumes the functionality of ns_conn.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| � | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Documentation | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| [ad_conn api_page_documentation_mode_p] | � | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
The following is a requirements document for the OpenACS 4.0 request + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
The following is a requirements document for the OpenACS 4.0 request processor. The major enhancements in the 4.0 version include a more sophisticated directory mapping system that allows package pageroots to be mounted at arbitrary urls, and tighter integration with the database to allow @@ -19,11 +19,9 @@ for the connecting party. Eventually this may also require determining the capabilities of the connecting browser and choosing the most appropriate form for the delivered content.
It is essential that any errors that occur during the above steps be -reported to developers in an easily decipherable manner.
10.0 Multiple Pageroots
10.10 Pageroots may be combined into one URL space.
10.20 Pageroots may be mounted at more than one location in the URL -space.
20.0 Application Context
20.10 The request processor must be able to determine a primary context +reported to developers in an easily decipherable manner.
10.0 Multiple Pageroots
10.10 Pageroots may be combined into one URL space.
10.20 Pageroots may be mounted at more than one location in the URL +space.
20.0 Application Context
20.10 The request processor must be able to determine a primary context or state associated with a pageroot based on it's location within the URL -space.
30.0 Authentication
30.10 The request processor must be able to verify that the connecting -browser actually represents the party it claims to represent.
40.0 Authorization
40.10 The request processor must be able to verify that the party the -connecting browser represents is allowed to make the request.
50.0 Scalability
30.0 Authentication
30.10 The request processor must be able to verify that the connecting +browser actually represents the party it claims to represent.
40.0 Authorization
40.10 The request processor must be able to verify that the party the +connecting browser represents is allowed to make the request.
50.0 Scalability
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
This document explains security model design for OpenACS 4. The security system with the OpenACS core must authenticate users in both secure and insecure environments. In addition, this subsystem provides sessions on top of the @@ -43,10 +43,10 @@ for a secure authentication token. However, the basic architecture here lays the foundation for a secure system and can be easily adapted to a more secure authentication system by forcing all logins to occur over HTTPS.
The authentication system issues up to four signed cookies (see below), -with each cookie serving a different purpose. These cookies are:
name value max-age secure? ad_session_id session_id,user_id SessionTimeout no ad_user_login user_id Infinity no ad_user_login_secure user_id,random Infinity yes ad_secure_token session_id,user_id,random SessionLifetime yes
ad_session_id
reissued on any hit separated by more than SessionRenew seconds from the -previous hit that received a cookie
is valid only for SessionTimeout seconds
is the canonical source for the session ID in ad_conn
ad_user_login
is used for permanent logins
ad_user_login_secure
is used for permanent secure logins
contains random garbage (ns_time) to prevent attack against the secure +with each cookie serving a different purpose. These cookies are:
name value max-age secure? ad_session_id session_id,user_id SessionTimeout no ad_user_login user_id Infinity no ad_user_login_secure user_id,random Infinity yes ad_secure_token session_id,user_id,random SessionLifetime yes
ad_session_id
reissued on any hit separated by more than SessionRenew seconds from the +previous hit that received a cookie
is valid only for SessionTimeout seconds
is the canonical source for the session ID in ad_conn
ad_user_login
is used for permanent logins
ad_user_login_secure
is used for permanent secure logins
contains random garbage (ns_time) to prevent attack against the secure hash
ad_secure_token -
is a session-level cookie from the browser's standpoint
its signature expires in SessionLifetime seconds
contains random garbage (ns_time) to prevent attack against the secure +
is a session-level cookie from the browser's standpoint
its signature expires in SessionLifetime seconds
contains random garbage (ns_time) to prevent attack against the secure hash
user_id is extraneous
The Tcl function (sec_handler) is called by the request processor to authenticate the user. It first checks the ad_session_id cookie. If there is no valid session in progress, @@ -86,7 +86,7 @@ immediately
nothing: if the cookie is present, it remains
The current state of the permanent login cookies is not taken into account when determining the appropriate action. -
previous login state permanent login requested secure connection action on insecure action on secure other y y set set same y y set set other y n set delete same y n set nothing same n y nothing delete other n y delete delete other n n delete delete same n n delete delete
ad_user_login +
previous login state permanent login requested secure connection action on insecure action on secure other y y set set same y y set set other y n set delete same y n set nothing same n y nothing delete other n y delete delete other n n delete delete same n n delete delete
ad_user_login callssec_setup_session which actually calls sec_generate_session_id_cookie to generate the new cookie with refer to the appropriate user_id. If the connection is secure @@ -206,13 +206,13 @@ token_id is returned out of the entire set of cached token_ids. In addition, a thread-persistent cache called tcl_secret_tokens is maintained on a per-thread basis.
Thus, the L2 ns_cache functions as a server-wide LRU cache that has a -minimum of 100 tokens in it. The cache has a dual purpose:
LRU cache Note that cache misses will only occur in the +minimum of 100 tokens in it. The cache has a dual purpose:
LRU cache Note that cache misses will only occur in the multiple server case, where a user agent may have a signature guaranteed by a -secret token issued by another server in the cluster.
signature cache Since the cache always maintains a +secret token issued by another server in the cluster.
signature cache Since the cache always maintains a minimum of 100 (set by a parameter) tokens populated at startup, it can be used to provide a random token for signature purposes.
The per-thread cache functions as an L1 cache that indiscriminately caches -all secret tokens. Note that this is not an LRU cache +all secret tokens. Note that this is not an LRU cache because there is no cache eviction policy per se -- the cache is cleared when the thread is destroyed by AOLserver.
-ad_user_login user_id Logs the user in as user +ad_user_login user_id Logs the user in as user user_id. Optional forever flag determines whether or not permanent cookies are issued. -
ad_user_logout Logs the user out.
ad_check_password user_id password -returns 0 or 1.
ad_change_password user_id new -password
-ad_sign value Returns the digital signature of this +
ad_user_logout Logs the user out.
ad_check_password user_id password +returns 0 or 1.
ad_change_password user_id new +password
+ad_sign value Returns the digital signature of this value. Optional parameters allow for the specification of the secret used, the token_id used and the max_age for the signature. -ad_verify_signature value signatureReturns +ad_verify_signature value signatureReturns 1 or 0 indicating whether or not the signature matches the value specified. The secret parameter allows for specification of a different secret token to be used.
-ad_set_signed_cookie name data Sets a -signed cookie name with value data.
ad_get_signed_cookie name Gets the signed cookie +ad_set_signed_cookie name data Sets a +signed cookie name with value data.
ad_get_signed_cookie name Gets the signed cookie name. It raises an error if the cookie has been tampered with, or if -its expiration time has passed.
ad_set_client_property module name -data Sets a session property with name to value +its expiration time has passed.
ad_set_client_property module name +data Sets a session property with name to value data for the module module. The optional secure flag specifies the property should only be set if the client is authorized for secure access (ad_secure_conn_p is true). There is also an optional -session_id flag to access data from sessions other than the current one.
ad_get_client_property module name -data Gets a session property with name to for the +session_id flag to access data from sessions other than the current one.
ad_get_client_property module name +data Gets a session property with name to for the module module. The optional secure flag specifies the property should only be retrieved if the client is authorized for secure access (ad_secure_conn_p is true). There is also an optional session_id flag to access data from sessions other than the current one.
-SessionTimeout the maximum time in seconds (default 1200) -between requests that are part of the same session
SessionRenew the time in seconds (default 300) between +SessionTimeout the maximum time in seconds (default 1200) +between requests that are part of the same session
SessionRenew the time in seconds (default 300) between reissue of the session cookie. The minimum time that can pass after a session cookie is issued and before it is rejected is (SessionTimeout - SessionRenew). This parameter is used so that only one session_id cookie is set on a single page even if there are multiple images that are being -downloaded.
SessionLifetime the maximum possible lifetime of a -session in seconds (default 604800 = 7 days)
NumberOfCachedSecretTokens the number of secret tokens to +downloaded.
SessionLifetime the maximum possible lifetime of a +session in seconds (default 604800 = 7 days)
NumberOfCachedSecretTokens the number of secret tokens to cache. (default 100)
The pseudorandom number generator used in the OpenACS is cryptographically weak, and depends primarily on the randomness of the ns_rand function @@ -339,17 +339,15 @@ points for the system; these vulnerabilities are currently theoretical in nature. The major cryptographic vulnerability of the system stems from the pseudorandom nature of the random number generators used in the system. -
Cryptographically weak PRNG see -above.
Dependence on sample -SQL command The list of random token that are placed in the secret +
Cryptographically weak PRNG see +above.
Dependence on sample +SQL command The list of random token that are placed in the secret tokens cache is randomly chosen by the Oracle sample command. This command may not be entirely random, so predicting the contents of the secret tokens cache may not -be as difficult as someone may anticipate.
Dependence on -ns_rand The actual token that is +be as difficult as someone may anticipate.
Dependence on +ns_rand The actual token that is chosen from the cache to be used is chosen by a call to -ns_rand.
ad_secure_conn_p +ns_rand.
ad_secure_conn_p As discussed above, the security of the secure sessions authentication system is -dependent upon this function.
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
The security system was designed for security. Thus, decisions requiring trade-offs between ease-of-use and security tend to result in a system that may not be as easy to use but is more secure. @@ -56,6 +56,4 @@ The set of string match expressions in the procedure above should be extended appropriately for other registration pages. This procedure does not use ad_parameter or regular expressions for performance reasons, as -it is called by the request processor.
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Virtually all web sites support personalized content based on user identity. @@ -15,36 +15,34 @@ vendors require that the user identity be securely validated.
The security system consists of a number of subsystems. -
Signed Cookies
+
Signed Cookies
Cookies play a key role in storing user information. However, since they are stored in plaintext on a user's system, the validity of cookies is an important issue in trusting cookie information. Thus, we want to be able to validate a cookie, but we also want to validate the cookie without a database hit. -
10.0 Guaranteed Tamper Detection Any tampering of cookie -data should be easily detectable by the web server.
10.1 Performance and Scalability Validation and +
10.0 Guaranteed Tamper Detection Any tampering of cookie +data should be easily detectable by the web server.
10.1 Performance and Scalability Validation and verification of the cookie should be easily scalable and should not require a -database query on every hit.
Session Properties
+database query on every hit.
Session Properties
Applications should be able to store session-level properties in a database table. -
11.0 Storage API Session-level data should be accessible -via an API.
11.1 Purge Mechanism An efficient pruning mechanism +
11.0 Storage API Session-level data should be accessible +via an API.
11.1 Purge Mechanism An efficient pruning mechanism should be used to prevent old session level properties from filling up the -table.
Login
+table.
Login
The security system should support the concept of persistent user logins. This persistence takes several forms. -
12.0 Permanent Login Users should be able to maintain a -permanent user login so that they never need to type their password.
12.1 Session Login The security system should support +
12.0 Permanent Login Users should be able to maintain a +permanent user login so that they never need to type their password.
12.1 Session Login The security system should support the concept of a session, with authentication tokens that become invalid -after a certain period of time.
12.2 Session Definition A session is a sequence of +after a certain period of time.
12.2 Session Definition A session is a sequence of clicks by one user from one browser in which no two clicks are separated by -more than some constant (the session timeout).
12.3 Stateless The security system should not require +more than some constant (the session timeout).
12.3 Stateless The security system should not require state that is stored in the server. Required state may reside only in the user request (including cookies), and in the database. A single user should be able to log in to the system even if the user is sent to a different -AOLserver for each step of the login process (e.g., by a load balancer).
12.4 Secure The security system should not store -passwords in clear text in the database.
13.0 SSL Hardware The system must work when the SSL +AOLserver for each step of the login process (e.g., by a load balancer).
12.4 Secure The security system should not store +passwords in clear text in the database.
13.0 SSL Hardware The system must work when the SSL processing occurs outside of the web server (in specialized hardware, in a -firewall, etc.).
+
*Note* This document has not gone through the any of the + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
*Note* This document has not gone through the any of the required QA process yet. It is being tagged as stable due to high demand.
An OpenACS 4 subsite is a managed suite of applications that work together for a particular user community. This definition covers a very broad range of @@ -41,7 +41,7 @@ URLs to operate together. This requirement would cause some packages to have more configuration options than normal since hard-coding the URLs would not be feasible anymore.
This section will cover all the APIs relevant to subsites, and so will -consist of portions of the APIs of several systems.
Packages
The following package is provided for instantiation of packages. The +consist of portions of the APIs of several systems.
Packages
The following package is provided for instantiation of packages. The apm_package.new function can be used to create a package of any type known to the system. The apm_package_types table can be queried for a list of installed packages. (See APM docs for more detail XXX: insert link here)
@@ -101,7 +101,7 @@ show errors -
Site Nodes
This data model keeps track of what packages are being served from what +
Site Nodes
This data model keeps track of what packages are being served from what URLs. You can think of this as a kind of rp_register_directory_map on drugs. This table represents a fully hierarchical site map. The directory_p column indicates whether or not the node is a leaf node. The pattern_p column @@ -182,7 +182,7 @@ show errors -
Request Processor
Once the above APIs are used to create packages and mount them on a +
Request Processor
Once the above APIs are used to create packages and mount them on a specific site node, the following request processor APIs can be used to allow the package to serve content appropriate to the package instance.
@@ -210,6 +210,4 @@ a particular configuration of site nodes/packages. As we build more fundamental applications that can be applied in more general areas, this feature will become more and more in demand since more problems will be -solvable by configuration instead of coding.
+
The following is a requirements document for OpenACS 4 Subsites, part of the + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
The following is a requirements document for OpenACS 4 Subsites, part of the OpenACS 4 Kernel. The Subsites system allows one OpenACS server instance to serve multiple user communities, by enabling the suite of available OpenACS applications to be customized for defined user communities.
Many online communities are also collections of discrete subcommunities, @@ -42,19 +42,17 @@ office. At this point, the Boston and Austin office admins can customize the configurations for each of their bboards, or they can just use the defaults.
Test plan (Not available yet)
A subsite API is required for programmers to ensure their packages are -subsite-aware. The following functions should be sufficient for this:
10.10.0 Package creation
The system must provide an API call to create a package, and it must be -possible for the context (to which the package belongs) to be specified.
10.20.0 Package deletion
The system must provide an API call to delete a package and all related -objects in the subsite's context.
10.30.0 Object's package information
Given an object ID, the system must provide an API call to determine the -package (ID) to which the object belongs.
10.40.0 URL from package
Given a package (ID), the system must provide an API call to return the -canonical URL for that package.
10.50.0 Main subsite's package_id
The system must provide an API call to return a package ID corresponding -to the main subsite's package ID (the degenerate subsite).
The Programmer's User Interface
There is no programmer's UI, other than the API described above.
The Administrator's User Interface
The UI for administrators is a set of HTML pages that are used to drive +subsite-aware. The following functions should be sufficient for this:
10.10.0 Package creation
The system must provide an API call to create a package, and it must be +possible for the context (to which the package belongs) to be specified.
10.20.0 Package deletion
The system must provide an API call to delete a package and all related +objects in the subsite's context.
10.30.0 Object's package information
Given an object ID, the system must provide an API call to determine the +package (ID) to which the object belongs.
10.40.0 URL from package
Given a package (ID), the system must provide an API call to return the +canonical URL for that package.
10.50.0 Main subsite's package_id
The system must provide an API call to return a package ID corresponding +to the main subsite's package ID (the degenerate subsite).
The Programmer's User Interface
There is no programmer's UI, other than the API described above.
The Administrator's User Interface
The UI for administrators is a set of HTML pages that are used to drive the underlying API for package instance management (i.e. adding, removing, or altering packages). It is restricted to administrators of the current subsite such that administrators can only manage their own subsites. Of course, -Site-Wide Administrators can manage all subsites.
20.10.0 Package creation
20.10.1 The administrator should be able to create a -package and make it available at a URL underneath the subsite.
20.20.0 Package deactivation
20.20.1 The administrator should be able to deactivate -any package, causing it to be inaccessible to users.
20.20.5 Deactivating a package makes the package no +Site-Wide Administrators can manage all subsites.
20.10.0 Package creation
20.10.1 The administrator should be able to create a +package and make it available at a URL underneath the subsite.
20.20.0 Package deactivation
20.20.1 The administrator should be able to deactivate +any package, causing it to be inaccessible to users.
20.20.5 Deactivating a package makes the package no longer accessible, but it does not remove data created within the context of -that package.
+
+ OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
In this document, we'll examine the user interface pages of the Notes application in more detail, covering two separate aspects of page -development in OpenACS 4.5. First, we'll talk about the code needed to make +development in OpenACS 4.6. First, we'll talk about the code needed to make your pages aware of which application instance they are running in. Second, we'll talk about using the form builder to develop -form-based user interfaces in OpenACS 4.5. While these seem like unrelated +form-based user interfaces in OpenACS 4.6. While these seem like unrelated topics, they both come up in the example page that we are going to look at, so it makes sense to address them at the same time.
-As you will recall from the packages tutorial, the Request -Processor (RP) and Package Manager (APM) in OpenACS 4.5 allow site +As you will recall from the packages tutorial, the Request +Processor (RP) and Package Manager (APM) in OpenACS 4.6 allow site administrators to define an arbitrary mapping from URLs in the site to objects representing content. These objects may represent single files, or entire applications. The APM uses the site map to map @@ -70,7 +70,7 @@
In the Notes example, we are particularly interested in the package_id field. If you study the data model and code, -you'll see why. As we said before in the data modeling tutorial, the Notes application points the +you'll see why. As we said before in the data modeling tutorial, the Notes application points the context_id of each Note object that it creates to the package instance that created it. That is, the context_id corresponds exactly to the package_id that comes in from @@ -257,15 +257,15 @@ visible to that user. The end result is a site where users can come and write notes to themselves.
-This is a good example of the leverage available in the OpenACS 4.5 +This is a good example of the leverage available in the OpenACS 4.6 system. The code that we have written for Notes is not at all more complex than a similar application without access control or site map awareness. By adding a small amount of code, we have taken a small, simple, and special purpose application to something that has the potential to be a very useful, general-purpose tool, complete with multi-user features, access control, and centralized administration.
-In OpenACS 4.5, application pages and scripts can be aware of the package +In OpenACS 4.6, application pages and scripts can be aware of the package instance, or subsite in which they are executing. This is a powerful general purpose mechanism that can be used to structure web services in very flexible ways. @@ -277,6 +277,4 @@
We also saw how to use the templating system's forms API in a simple way, to create forms based pages with minimal duplication of code. -
+
Tcl procedures: /packages/acs-kernel/tcl-documentation-procs.tcl
In versions of the OpenACS prior to 3.4, the standard + OpenACS docs are written by the named authors, but may be edited + by OpenACS documentation staff. +
Tcl procedures: /packages/acs-kernel/tcl-documentation-procs.tcl
In versions of the OpenACS prior to 3.4, the standard place to document Tcl files (both Tcl pages and Tcl library files) was in a comment at the top of the file:
# @@ -23,12 +23,12 @@The problem with these practices is that the documentation is only accessible by reading the source file itself. For this reason, ACS 3.4 introduces a new API for documenting Tcl files and, on top of that, a -web-based user interface for browsing the documentation:
ad_page_contract: Every Tcl page -has a contract that explicitly defines what inputs the page +web-based user interface for browsing the documentation:
ad_page_contract: Every Tcl page +has a contract that explicitly defines what inputs the page expects (with more precision than ad_page_variables) and incorporates metadata about the page (what used to live in the top-of-page comment). Like ad_page_variables, ad_page_contract -also sets the specified variables in the context of the Tcl page.
ad_library: To be +also sets the specified variables in the context of the Tcl page.
ad_library: To be called at the top of every library file (i.e., all files in the /tcl/ directory under the server root and *-procs.tcl files under /packages/).
@@ -73,38 +73,38 @@
Note that: -
By convention, ad_page_contract should be preceded -by a comment line containing the file's path. The comment is on +
By convention, ad_page_contract should be preceded +by a comment line containing the file's path. The comment is on line 1, and the contract starts on line 2. -
ad_page_contract's first argument is +
ad_page_contract's first argument is the list of expected arguments from the HTTP query (version_id, public_p, kind, and format). Like ad_page_variables, ad_page_contract sets the corresponding Tcl variables when the page is executed. -
Arguments can have defaults, specified using the same +
Arguments can have defaults, specified using the same syntax as in the Tcl proc (a two-element list where the first element is the parameter name and the second argument is the default value). -
Arguments can have flags, specified by following the +
Arguments can have flags, specified by following the name of the query argument with a colon and one or more of the following -strings (separated by commas):
optional: the query argument doesn't +strings (separated by commas):
optional: the query argument doesn't need to be provided; if it's not, the variable for that argument simply won't be set. For instance, if I call the script above without a public_p in the query, then in the page body [info exists public_p] will return 0. -
integer: the argument must be an integer +
integer: the argument must be an integer (ad_page_contract will fail and display and error if not). This flag, like the next, is intended to prevent clients from fudging query arguments to trick scripts into executing arbitrary SQL. -
sql_identifier: the argument must be a SQL +
sql_identifier: the argument must be a SQL identifier (i.e., [string is wordchar $the_query_var] must return true). -
trim: the argument will be [string +
trim: the argument will be [string trim]'ed. -
multiple: the argument may be specified +
multiple: the argument may be specified arbitrarily many times in the query string, and the variable will be set to a list of all those values (or an empty list if it's unspecified). This is analogous to the -multiple-list flag to @@ -118,7 +118,7 @@ then $dest_user_id is set to [list 913 891 9]. -
array: the argument may be specified +
array: the argument may be specified arbitrarily many times in the query string, with parameter names with suffixes like _1, _2, _3, etc. The variable is set to a list of all those values (or an empty list if none are @@ -128,23 +128,23 @@ ?dest_user_id_0=913&dest_user_id_1=891&dest_user_id_2=9
-then $dest_user_id is set to [list 913 891 9].
You can provide structured, HTML-formatted documentation for your -contract. Note that format is derived heavily from Javadoc: a +then $dest_user_id is set to [list 913 891 9].
You can provide structured, HTML-formatted documentation for your +contract. Note that format is derived heavily from Javadoc: a general description of the script's functionality, followed optionally by a series of named attributes tagged by at symbols (@). You are encouraged to provide: -
+substitute an appropriate string when you check the file in.
A description of the functionality of the page. If the description +
A description of the functionality of the page. If the description contains more than one sentence, the first sentence should be a brief summary. -
A @param tag for each allowable query +
A @param tag for each allowable query argument. The format is
@param parameter-name description... -An @author tag for each author. Specify the -author's name, followed his or her email address in parentheses.
A @creation-date tag indicating when the -script was first created.
A @cvs-id tag containing the page's CVS +
An @author tag for each author. Specify the +author's name, followed his or her email address in parentheses.
A @creation-date tag indicating when the +script was first created.
A @cvs-id tag containing the page's CVS identification string. Just use $Id: tcl-documentation.html,v 1.2 2000/09/19 07:22:35 ron Exp $ when creating the file, and CVS will substitute an appropriate string when you check the file in.
@@ -182,11 +182,9 @@ the script's functionality, followed optionally by a series of named attributes tagged by at symbols (@). HTML formatting is allowed. You are encouraged to provide: -
An @author tag for each author. Specify the -author's name, followed his or her email address in parentheses.
A @creation-date tag indicating when the -script was first created.
A @cvs-id tag containing the page's CVS +
An @author tag for each author. Specify the +author's name, followed his or her email address in parentheses.
A @creation-date tag indicating when the +script was first created.
A @cvs-id tag containing the page's CVS identification string. Just use $Id: tcl-documentation.html,v 1.2 2000/09/19 07:22:35 ron Exp $ when creating the file, and CVS will -substitute an appropriate string when you check the file in.
($Id$)($Id$)View comments on this page at openacs.org Index: openacs-4/packages/acs-core-docs/www/templates.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/templates.html,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-core-docs/www/templates.html 10 Aug 2002 20:07:21 -0000 1.8 +++ openacs-4/packages/acs-core-docs/www/templates.html 24 Nov 2002 21:29:18 -0000 1.8.2.1 @@ -1,9 +1,9 @@ -Using Templates in OpenACS 4.5 -The OpenACS 4.5 Template System (ATS) is designed to allow developers to +
Using Templates in OpenACS 4.6 ++The OpenACS 4.6 Template System (ATS) is designed to allow developers to cleanly separate application logic from display logic. The intent is to have all of the logic related to manipulating the database and other application state data in one @@ -16,7 +16,7 @@ system. One is a plain .tcl file and the other is a special .adp file. The .tcl file runs a script that sets up a set of name/value bindings that we call data -sources. These data sources are generally the results of Tcl and/or database queries +sources. These data sources are generally the results of Tcl and/or database queries or some combination thereof. The template system automatically makes them available to the .adp file, or the display part of the template, which is written in a combination of HTML, special @@ -160,14 +160,12 @@
Templates separate application logic from display logic by requiring the developer to write pages in two stages, one file for database -queries and application logic, and another for display. In OpenACS 4.5, the +queries and application logic, and another for display. In OpenACS 4.6, the logic part of the page is just a .tcl that sets up data sources that are used by the display part of the page. The display part of the page is an .adp file with some special tags and notations for dealing with display logic and inserting properties into the text of the page. Later on we'll get into templates more deeply, and show how to use database queries as data sources. -
($Id$)($Id$)View comments on this page at openacs.org Index: openacs-4/packages/acs-core-docs/www/unix-install.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/Attic/unix-install.html,v diff -u -r1.6 -r1.6.2.1 --- openacs-4/packages/acs-core-docs/www/unix-install.html 10 Aug 2002 20:07:21 -0000 1.6 +++ openacs-4/packages/acs-core-docs/www/unix-install.html 24 Nov 2002 21:29:18 -0000 1.6.2.1 @@ -1,4 +1,2 @@ -Chapter 2. Installing on Unix/Linux +Chapter�2.�Installing on Unix/Linux View comments on this page at openacs.org Index: openacs-4/packages/acs-core-docs/www/win-install.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/Attic/win-install.html,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-core-docs/www/win-install.html 10 Aug 2002 20:07:21 -0000 1.8 +++ openacs-4/packages/acs-core-docs/www/win-install.html 24 Nov 2002 21:29:18 -0000 1.8.2.1 @@ -1,4 +1,2 @@ -Chapter 3. Installing on Windows +Table of Contents
Chapter�3.�Installing on Windows Table of Contents
View comments on this page at openacs.org Index: openacs-4/packages/acs-core-docs/www/win-overview.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/Attic/win-overview.html,v diff -u -r1.4 -r1.4.2.1 --- openacs-4/packages/acs-core-docs/www/win-overview.html 10 Aug 2002 20:07:21 -0000 1.4 +++ openacs-4/packages/acs-core-docs/www/win-overview.html 24 Nov 2002 21:29:18 -0000 1.4.2.1 @@ -1,4 +1,2 @@ -Overview +Overview View comments on this page at openacs.org Index: openacs-4/packages/acs-core-docs/www/win2k-installation.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/win2k-installation.html,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-core-docs/www/win2k-installation.html 10 Aug 2002 20:07:21 -0000 1.8 +++ openacs-4/packages/acs-core-docs/www/win2k-installation.html 24 Nov 2002 21:29:18 -0000 1.8.2.1 @@ -1,13 +1,13 @@ -OpenACS Installation Guide for Windows2000 NOTE: These instructions were - valid for ACS v4, but have not been tested with OpenACS. Currently - (8/2002), the best option to get OpenACS 4.5 running on Windows - is to use VMware and John - Sequeira's Oasis VM - distribution +
OpenACS Installation Guide for Windows2000 +NOTE: These instructions were + valid for ACS v4, but have not been tested with OpenACS. Currently + (8/2002), the best option to get OpenACS 4.6 running on Windows + is to use VMware and John + Sequeira's Oasis VM + distribution
Bug reports: acs-bugs@arsdigita.com
Philosophy: http://photo.net/wtr/thebook/community (the community chapter of Philip and Alex's Guide to Web Publishing)
Technical background: http://photo.net/wtr/thebook/
($Id$)
-
-
+
+
