Closed lapin7 closed 6 years ago
I mocked something up real quick with xataface, a php+mysql toolkit: https://github.com/dckc/rchain-bees-ants 5d0db16 Darn... I can't use ngrok from here... I'll deploy it somewhere else for testing shortly.
demo: http://rchain-dbr.nfshost.com/rchain-bees-ants/ be gentle :)
@dckc I really like the you work you did. IMO, interface and UI are part of the cause of problems we have on the Budget sheet with too many edits, the budget sheet does not look nice. On the demo,
I also read your 'todo' and I really like it especially the history logging, having users edit only columns with their names and everything else not including the ones that I don't understand :)
I really support development on this as it can really improve the way the budgeting and rewards work.
Amount effective is zero until there are three votes; then it is the same as amount average. Perhaps we can figure out a better name.
p.s. I changed them to budget and budget provisional (and likewise reward and reward provisional)
I think the 'three vote' is limited to budgeting and not setting of rewards. Is that right @lapin7
When the system automatically reads data from github, can we make sure that it rewards github comments at .000001% or such negligible amount, so that there is less rework to be done in the budget spreadsheet? Currently it seems to assign 1% reward per comment or such, requiring one to go back zero those amounts out. By using a negligible amount, teams can focus on correctly rewarding the members that actually worked on an item? It's OK to have commenters in the reward list because presumably they're interested at some level, but the system should not auto-award 1% of the budget for that..
Where did anybody get the impression that the system rewards comments automatically? My understanding is the only thing the system does with comments is make the comment author eligible to give and receive rewards. To make a >$0 reward, three persons have to put in numbers.
@lapin7 I got a suggestion from @Ojimadu to make a new issue for my coding work in this area. As a developer, when I read "Assistance with X" I just assume that includes "write code to automate X". I'm well known for saying: The bane of my existence is doing things I know the computer could do for me.
Do you see automation as part of this issue or would you prefer that I make a separate issue?
An idea: the budget web service can do:
Bob, I see you gave Alice a thumbs-up in issue #25839 on Jan 23, but you have not voted to reward her
likewise with assignments.
_p.s. prototype in dbr_norm.py 33c9e57_
What's the UID and PW on this app? http://rchain-dbr.nfshost.com/rchain-bees-ants/
username is your github name
for now, your password is also your github name
AWESOME !!!! Let's elaborate on the needed functionality.
One thing: can the location be changed to a rough GPS-location? Like 000,000 (longitude, latitude) For example I don't where HanZhou is on the planet. 30,119
tells me more when I live at 52,4
-- Cheers, HJ
Alternatives considered and discarded:
See also #279 for thoughts on using the blockchain to certify coop membership.
voter
field is automatically set to the logged in userSee #261 for discussion of what to do about users whose vote is not a good faith estimate of budget or reward.
See more suggestions in #261.
Use case: Ops manager prepares invoice for Charlene
- [x] Ops manager finds the page for Charlene's rewards as above
- [x] Ops manager exports reward data and imports into another system such as google spreadsheets
out of scope; see #548
@lapin7 writes:
can the location be changed to a rough GPS-location? For example I don't where HanZhou is on the planet.
How would you use that info if the system provided it? What is the use case?
If you're thinking of letting people edit location info in this system, I strongly prefer to leave that out of scope.
Design options:
It's not in e pluribus unum 2.0 after all. odd, that.
What time is the Governance meeting 2018-02-17? If it's during business hours Chicago time, I may need @TrenchFloat to cover it for me.
Oh... duh... Governance meeting 2018-02-17 is the one in Seattle. I'll be there. Never mind, @TrenchFloat
But I would like you to cover for me in Greg's Debrief 2018-02-07, @TrenchFloat
please excuse the email noise.
@lapin7 in the use case sketch above, please only check items that are done.
Sorry to confuse things by using checkboxes for design choices where I really meant something like a radio button.
@dckc I thought I could tick what kind of things I would like. Sorry. Nice overview. Are things like a linked Range of Gsheet cells in a Gdoc possible with your system? See doc
For location. In the User overview you have. How is location entered?
Login | Followers | Name | Location | Permission | CreatedAt |
---|
Google sheets IMPORTHTML could import stuff... if we allow completely permissionless access, then it's trivial. I'd have to think harder about how to mix it with limited access.
Location is entered in your github profile. Everything in the Users table (github_users
) is imported from github.
Access to Gsheets/Gdocs
Permissionless "VIEW" is no problem EDIT access must be only given to members of rchain@googlegroups.com
There's no personal data in the sheets. Only github names.
It's good that email and location is from Github profile.
The data to address info is somewhat hidden, but viewable for public eyes.
Address data is necessary for creating invoices.
There are also links to Gfolders that contain personal data like tax-forms, invoices and contracts. It would be nice if that could be stored in a DB.
It would be great if folks could create their own invoice and submit it to the payment process.
-- Cheers, HJ
On Fri, Feb 2, 2018 at 7:13 PM, Dan Connolly notifications@github.com wrote:
Google sheets IMPORTHTML could import stuff... if we allow completely permissionless access, then it's trivial. I'd have to think harder about how to mix it with limited access.
Location is entered in your github profile.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/Members/issues/260#issuecomment-362662129, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x9xivvuPjQjzGopGLT-W2c-BEVWLeks5tQ1BbgaJpZM4RyM8o .
OK, that answers one of my design questions... you do want to go ahead and decentralize invoice preparation. note we changed our minds Apr 2
Here's a design sketch:
See also #279 for thoughts on using the blockchain to certify coop membership.
@lapin7 writes:
EDIT access must be only given to members of rchain@googlegroups.com
The current design, as noted above, is:
- [x] only collaborators in this repo get edit rights
I hope that's close enough. Integrating with google groups would complicate matters significantly.
Well Gents,
This issue was intentionally completely different. It was just meant to get some help with the production of prepared invoices. Basically a lot of clicks in a spreadsheet. Any way I will create a new issue just for that specific goal, because I don't want to disturb this useful thread.
See #305
H J, I got a bunch done today (532b8f6 https://github.com/dckc/rchain-dbr )
For example:
$ git log --pretty='format: - %ad
%h%d %s' --date=short
532b8f6
(HEAD -> master, origin/master, origin/HEAD) Merge branch 'dev-desktop'3c5e20a
(dev-desktop) invoice_info table and invoice_formatted viewa073070
(nfs/master, dev-hosted) exportable invoices397a8f7
link user locations to wikipediae671a5c
delete votes too36c1a7a
constrain voter, pay period33c9e57
(origin/dev-desktop) vote suggestions based on reactions: prototyped4436ae
sidebar: links to context12b57a7
use dashboard by default80fd721
basic permissions724bf27
style tweaks: avatar, logo size8b13a89
person -> github_users etc.fc16119
dbr_norm: ad-hoc migration/import12da107
pay periods, github_users, moneyb3b0090
(origin/dev-hosted) permissions, logo, users fields@flowpoint wrote:
have you looked at http://elm-lang.org/ for webapps?
Yes; the elm functional reactive programming architecture looks wonderful. I haven't actually used elm, but I am using Bacon.js in finquick.
Unfortunately, the functionality of elm or Bacon.js is a small part of what xataface provides. Basically, I create some SQL tables, and I write:
[tables]
github_users=Users
issue=Issue
...
and voila, xataface makes a full CRUD application. Customizing field widgets, relationships, permissions, and templates is a little extra work, but it's all quite straightforward. For this (and because I have years of experience using it in hh-office), I am willing to hold my nose and use PHP.
But if there's an equivalent in a nicer language, I would certainly like to try it!
I think FRP is particularly suited to keeping things in sync between github and this app and perhaps for implementing triggers.
It's bad enough that I have to use PHP for the OAuth stuff; I dread porting my fetch-from-github python prototypes to PHP. And mysql triggers are hardly a wonderful programming language.
In finquick, I also discovered that mysql support in node.js is really wonderful; you can even subscribe to events as they happen in real-time.
I'm not excited about managing node.js crashes; that's nicely Somebody Else's Problem with typical PHP hosting arrangements.
Pre-P.S.: X-posted from #135
A week ago @traviagio and I made an analysis of the "attack vectors" that we currently see exposed (or can easily imagine) in the Coop governance structure.
Based on this analysis, I have worked with @dckc to resolve as many attack vectors as possible within this new setup.
The document can be found here:
Analysis of attack vectors: https://docs.google.com/document/d/1qHQIuzj83VeZjusy6AvK7PAoKrg0CKP2SQTtNYv_3GI/edit?usp=sharing
Main findings:
Whether intentional or not, we can already look back through our history and see "attacks". (notice that attacks don't necessarily constitute bad intentions, but rather hint at exposed attack vectors)
Many attacks are much simpler than previously thought
In the document, we outline 6 of the most common attack vectors
We also provide suggested improvements
I collaborated with @dckc to integrate our findings into a new 'spreadsheet-killer' tool that he's building that will replace the current spreadsheet. In the document I reflected our main conclusions and ideas.
@lapin7 how is evaluation of fairness of his work in scope here? It could lead to a lot of discussion with very little relevance to design and implementation of this web app.
@dckc thanks for moving my comment to #306 You're right it had nothing to do with the web app
@dckc sweet Invoice # 2018-01-lapin7
Shows also the amount of RHOC. This can be very confusing, because the invoices from February onwards will have a price based on a moving average rate of the RHOC-USD. The moving average is picked at the day of payment.
So it's better to remove the amount of RHOC.
@dckc I agree that using Discord's OAuth server would be fast to implement. In the future it would be nice to host an OAuth server on member.rchain.coop
Check out this php OAuth client for Discord https://github.com/teamreflex/oauth2-discord
Discord's email
OAuth scope returns both the Discord User Object and the email address that the user registered with when joining Discord. We also need a little BOT to check if the User Object contains the Member
Role ID. It makes sense to stick with PHP for all the pieces.
@patrick727 The following could be a separate, but related issue: WordPress is written in PHP. Jeremy & I both feel that self-hosted WordPress would be a good fit for the member web site. This thing that Dan is working on (#260) could allow Members to log in to the (WP) member site through Discord so that the member site would automatically know which users are Verified Members! Setting up a WP-Discord Oauth Client could likely be done quickly by a Dev who knows PHP/WP.
btw... I realized recently that mixing in the trust metric should wait. The first thing is to model the current system. A few features should be added to the stuff above:
is the app available to demo?
yes. see pointers in the first few comments.
@hyperevo IOU specifics on discord OAuth integration; here's hoping for a bit of time to make a specific issue for it.
I will start work on the Discord Oauth
So I managed to get php working, communicating, and authenticating with Discord's Oauth. I am able to grab a list of guilds that the user belongs to. However, it doesnt allow me to see the user's roles within the guild. Since we are currently identifying coop members by their roles within the guild, this specific method doesn't seem like it will work.
It looks like I can set up a discord bot, give that bot access to the guild, and get a list of users and roles for the guild. So the authentication will work in 2 parts: 1) Authenticate the user with OAuth and find their unique username, 2) Ask the bot for a list of users with roles in the guild, check to see if the authorized user has the coop member role.
@hyperevo good to see progress. Let's use #413 for this oauth stuff going forward, OK?
Sounds good
I'm reducing the scope to what's getting done in the 201802 pay period: a useful prototype, but not deployment. I made a milestone for the deployment.
In a comment on the monster spreadsheet, @lapin7 asked:
Can we do a try out for your system?
Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.
You can see all my budget votes at a glance, in fact. And all my reward votes.
I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.
The biggest issues I see are:
Great I have some time today, to try it. We could do a mixture for Feb. Entry by sql and entry by Gsheet. For March only sql
Sent from my iPhone
On 26 Feb 2018, at 04:24, Dan Connolly notifications@github.com wrote:
In a comment on the monster spreadsheet, @lapin7 asked:
Can we do a try out for your system?
Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.
You can see all my budget votes at a glance, in fact. And all my reward votes.
I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.
The biggest issues I see are:
old budgets don't carry over authentication is weak; it's too easy to log in as someone else. But at least the votes are timestamped and logged. And @hyperevo doing #414 pretty quickly; it could be ready any day. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
I’m wondering if old budgets have to carry over anyway. I don’t see a need.
Authentication can be done through google groups?
Sent from my iPhone
On 26 Feb 2018, at 04:24, Dan Connolly notifications@github.com wrote:
In a comment on the monster spreadsheet, @lapin7 asked:
Can we do a try out for your system?
Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.
You can see all my budget votes at a glance, in fact. And all my reward votes.
I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.
The biggest issues I see are:
old budgets don't carry over authentication is weak; it's too easy to log in as someone else. But at least the votes are timestamped and logged. And @hyperevo doing #414 pretty quickly; it could be ready any day. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
Authentication through google groups would only complicate things.
OK. Do you have a moment today to go through your system? And to see if we can implement it already?
-- Cheers, HJ
On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:
Authentication through google groups would only complicate things.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368480331, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .
As I said, I tried it out and found it's already quite usable.
What other evaluation would you like?
On Feb 26, 2018 6:56 AM, "HJ Hilbolling" notifications@github.com wrote:
OK. Do you have a moment today to go through your system? And to see if we can implement it already?
-- Cheers, HJ
On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:
Authentication through google groups would only complicate things.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368480331, or mute the thread https://github.com/notifications/unsubscribe-auth/ AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368493085, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJNyiyQbBAv41rrs0IsOa6OvDR7u_gyks5tYqn_gaJpZM4RyM8o .
Yeah, Your evaluation is fine. But please walk me through today, so that I can point other collaborators to this application instead of the spreadsheet.
-- Cheers, HJ
On Mon, Feb 26, 2018 at 3:56 PM, Dan Connolly notifications@github.com wrote:
As I said, I tried it out and found it's already quite usable.
What other evaluation would you like?
On Feb 26, 2018 6:56 AM, "HJ Hilbolling" notifications@github.com wrote:
OK. Do you have a moment today to go through your system? And to see if we can implement it already?
-- Cheers, HJ
On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:
Authentication through google groups would only complicate things.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://github.com/rchain/bounties/issues/260#issuecomment-368480331 , or mute the thread https://github.com/notifications/unsubscribe-auth/ AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368493085, or mute the thread https://github.com/notifications/unsubscribe-auth/ AAJNyiyQbBAv41rrs0IsOa6OvDR7u_gyks5tYqn_gaJpZM4RyM8o
.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368529468, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x93JGm3uuGJox8wNEhDRY_o8ck4Ajks5tYsYtgaJpZM4RyM8o .
@dckc We could do a zoom https://zoom.us/j/4991184673 And you explain how collaborators can enter data in http://rchain-dbr.nfshost.com/rchain-bees-ants/
I don't see any time today when I can do this. Do you, @TrenchFloat ?
goal: Prototype budget and reward system as a usable web app
working prototype: http://rchain-dbr.nfshost.com/rchain-dbr-beta/ to log in, go to the issue thingy; use your github username for your password as well as your username.
Production aspects are deferred to other issues:
budget: $3000
time: 2 to 4 weeks
based on Initial Google-sheets based system: Pub Member Budget Allocation-Spending