rchain / bounties

RChain Bounty Program
MIT License
90 stars 62 forks source link

O> Usable Web app prototype for RAM distributed budgeting and reward system #260

Closed lapin7 closed 6 years ago

lapin7 commented 6 years ago

goal: Prototype budget and reward system as a usable web app

working prototype: http://rchain-dbr.nfshost.com/rchain-dbr-beta/ to log in, go to the issue thingy; use your github username for your password as well as your username.

Production aspects are deferred to other issues:

budget: $3000

time: 2 to 4 weeks

based on Initial Google-sheets based system: Pub Member Budget Allocation-Spending

dckc commented 6 years ago

I mocked something up real quick with xataface, a php+mysql toolkit: https://github.com/dckc/rchain-bees-ants 5d0db16 Darn... I can't use ngrok from here... I'll deploy it somewhere else for testing shortly.

dckc commented 6 years ago

demo: http://rchain-dbr.nfshost.com/rchain-bees-ants/ be gentle :)

Ojimadu commented 6 years ago

@dckc I really like the you work you did. IMO, interface and UI are part of the cause of problems we have on the Budget sheet with too many edits, the budget sheet does not look nice. On the demo,

I also read your 'todo' and I really like it especially the history logging, having users edit only columns with their names and everything else not including the ones that I don't understand :)

I really support development on this as it can really improve the way the budgeting and rewards work.

dckc commented 6 years ago

Amount effective is zero until there are three votes; then it is the same as amount average. Perhaps we can figure out a better name.

p.s. I changed them to budget and budget provisional (and likewise reward and reward provisional)

Ojimadu commented 6 years ago

I think the 'three vote' is limited to budgeting and not setting of rewards. Is that right @lapin7

9rb commented 6 years ago

When the system automatically reads data from github, can we make sure that it rewards github comments at .000001% or such negligible amount, so that there is less rework to be done in the budget spreadsheet? Currently it seems to assign 1% reward per comment or such, requiring one to go back zero those amounts out. By using a negligible amount, teams can focus on correctly rewarding the members that actually worked on an item? It's OK to have commenters in the reward list because presumably they're interested at some level, but the system should not auto-award 1% of the budget for that..

dckc commented 6 years ago

Where did anybody get the impression that the system rewards comments automatically? My understanding is the only thing the system does with comments is make the comment author eligible to give and receive rewards. To make a >$0 reward, three persons have to put in numbers.

dckc commented 6 years ago

@lapin7 I got a suggestion from @Ojimadu to make a new issue for my coding work in this area. As a developer, when I read "Assistance with X" I just assume that includes "write code to automate X". I'm well known for saying: The bane of my existence is doing things I know the computer could do for me.

Do you see automation as part of this issue or would you prefer that I make a separate issue?

dckc commented 6 years ago

An idea: the budget web service can do:

Bob, I see you gave Alice a thumbs-up in issue #25839 on Jan 23, but you have not voted to reward her

likewise with assignments.

_p.s. prototype in dbr_norm.py 33c9e57_

lapin7 commented 6 years ago

What's the UID and PW on this app? http://rchain-dbr.nfshost.com/rchain-bees-ants/

dckc commented 6 years ago

username is your github name

for now, your password is also your github name

lapin7 commented 6 years ago

AWESOME !!!! Let's elaborate on the needed functionality.

One thing: can the location be changed to a rough GPS-location? Like 000,000 (longitude, latitude) For example I don't where HanZhou is on the planet. 30,119

https://www.google.nl/maps/place/30%C2%B000'00.0%22N+119%C2%B000'00.0%22E/@30,101.0703122,4z/data=!4m5!3m4!1s0x0:0x0!8m2!3d30!4d119

tells me more when I live at 52,4

https://www.google.nl/maps/place/52%C2%B000'00.0%22N+4%C2%B000'00.0%22E/@52,2.8793945,8z/data=!4m5!3m4!1s0x0:0x0!8m2!3d52!4d4

-- Cheers, HJ

dckc commented 6 years ago

Use case: permissionless access

Alternatives considered and discarded:

TODO: Links to context

Use case: Syncs users, issues tables with github repo

Use case: Active Member Al logs in using his github credentials

See also #279 for thoughts on using the blockchain to certify coop membership.

Use case: Al browses current rewards for himself or anyone else

Use case: Al browses current budget for one or more issues

Use case: Active Member Al proposes a budget of $200 for issue 101

Use case: Al, Bill, and Charlene agree on a budget

Design issue: fraudulent votes

See #261 for discussion of what to do about users whose vote is not a good faith estimate of budget or reward.

Use case: Bill votes to reward Charlene

Use case: browsing for suspicious activity

See more suggestions in #261.

Use case: Ops manager prepares invoice for Charlene

  • [x] Ops manager finds the page for Charlene's rewards as above
  • [x] Ops manager exports reward data and imports into another system such as google spreadsheets

Use case: Ops manager prepares a draft of Charlene's invoice

out of scope; see #548

Use case: Ops Manager initiates the next pay period

dckc commented 6 years ago

@lapin7 writes:

can the location be changed to a rough GPS-location? For example I don't where HanZhou is on the planet.

How would you use that info if the system provided it? What is the use case?

If you're thinking of letting people edit location info in this system, I strongly prefer to leave that out of scope.

Design options:

It's not in e pluribus unum 2.0 after all. odd, that.

dckc commented 6 years ago

What time is the Governance meeting 2018-02-17? If it's during business hours Chicago time, I may need @TrenchFloat to cover it for me.

dckc commented 6 years ago

Oh... duh... Governance meeting 2018-02-17 is the one in Seattle. I'll be there. Never mind, @TrenchFloat

dckc commented 6 years ago

But I would like you to cover for me in Greg's Debrief 2018-02-07, @TrenchFloat

please excuse the email noise.

dckc commented 6 years ago

@lapin7 in the use case sketch above, please only check items that are done.

Sorry to confuse things by using checkboxes for design choices where I really meant something like a radio button.

lapin7 commented 6 years ago

@dckc I thought I could tick what kind of things I would like. Sorry. Nice overview. Are things like a linked Range of Gsheet cells in a Gdoc possible with your system? See doc

For location. In the User overview you have. How is location entered?

Login Followers Name Location Email Permission CreatedAt
dckc commented 6 years ago

Google sheets IMPORTHTML could import stuff... if we allow completely permissionless access, then it's trivial. I'd have to think harder about how to mix it with limited access.

Location is entered in your github profile. Everything in the Users table (github_users) is imported from github.

lapin7 commented 6 years ago

Access to Gsheets/Gdocs

Permissionless "VIEW" is no problem EDIT access must be only given to members of rchain@googlegroups.com

There's no personal data in the sheets. Only github names.

It's good that email and location is from Github profile.

The data to address info is somewhat hidden, but viewable for public eyes.

Address data is necessary for creating invoices.

There are also links to Gfolders that contain personal data like tax-forms, invoices and contracts. It would be nice if that could be stored in a DB.

It would be great if folks could create their own invoice and submit it to the payment process.

-- Cheers, HJ

On Fri, Feb 2, 2018 at 7:13 PM, Dan Connolly notifications@github.com wrote:

Google sheets IMPORTHTML could import stuff... if we allow completely permissionless access, then it's trivial. I'd have to think harder about how to mix it with limited access.

Location is entered in your github profile.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/Members/issues/260#issuecomment-362662129, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x9xivvuPjQjzGopGLT-W2c-BEVWLeks5tQ1BbgaJpZM4RyM8o .

dckc commented 6 years ago

OK, that answers one of my design questions... you do want to go ahead and decentralize invoice preparation. note we changed our minds Apr 2

Here's a design sketch:

Use case: Charlene prepares her own invoice

See also #279 for thoughts on using the blockchain to certify coop membership.

dckc commented 6 years ago

@lapin7 writes:

EDIT access must be only given to members of rchain@googlegroups.com

The current design, as noted above, is:

  • [x] only collaborators in this repo get edit rights

I hope that's close enough. Integrating with google groups would complicate matters significantly.

lapin7 commented 6 years ago

Well Gents,

This issue was intentionally completely different. It was just meant to get some help with the production of prepared invoices. Basically a lot of clicks in a spreadsheet. Any way I will create a new issue just for that specific goal, because I don't want to disturb this useful thread.

See #305

dckc commented 6 years ago

H J, I got a bunch done today (532b8f6 https://github.com/dckc/rchain-dbr )

For example:

$ git log --pretty='format: - %ad%h%d %s' --date=short

dckc commented 6 years ago

@flowpoint wrote:

have you looked at http://elm-lang.org/ for webapps?

Yes; the elm functional reactive programming architecture looks wonderful. I haven't actually used elm, but I am using Bacon.js in finquick.

Unfortunately, the functionality of elm or Bacon.js is a small part of what xataface provides. Basically, I create some SQL tables, and I write:

[tables]
github_users=Users
issue=Issue
...

and voila, xataface makes a full CRUD application. Customizing field widgets, relationships, permissions, and templates is a little extra work, but it's all quite straightforward. For this (and because I have years of experience using it in hh-office), I am willing to hold my nose and use PHP.

But if there's an equivalent in a nicer language, I would certainly like to try it!

dckc commented 6 years ago

I think FRP is particularly suited to keeping things in sync between github and this app and perhaps for implementing triggers.

It's bad enough that I have to use PHP for the OAuth stuff; I dread porting my fetch-from-github python prototypes to PHP. And mysql triggers are hardly a wonderful programming language.

In finquick, I also discovered that mysql support in node.js is really wonderful; you can even subscribe to events as they happen in real-time.

I'm not excited about managing node.js crashes; that's nicely Somebody Else's Problem with typical PHP hosting arrangements.

pmoorman commented 6 years ago

Pre-P.S.: X-posted from #135


A week ago @traviagio and I made an analysis of the "attack vectors" that we currently see exposed (or can easily imagine) in the Coop governance structure.

Based on this analysis, I have worked with @dckc to resolve as many attack vectors as possible within this new setup.

The document can be found here:

Analysis of attack vectors: https://docs.google.com/document/d/1qHQIuzj83VeZjusy6AvK7PAoKrg0CKP2SQTtNYv_3GI/edit?usp=sharing

Main findings:

dckc commented 6 years ago

@lapin7 how is evaluation of fairness of his work in scope here? It could lead to a lot of discussion with very little relevance to design and implementation of this web app.

lapin7 commented 6 years ago

@dckc thanks for moving my comment to #306 You're right it had nothing to do with the web app

lapin7 commented 6 years ago

@dckc sweet Invoice # 2018-01-lapin7

Shows also the amount of RHOC. This can be very confusing, because the invoices from February onwards will have a price based on a moving average rate of the RHOC-USD. The moving average is picked at the day of payment.

So it's better to remove the amount of RHOC.

ian-bloom commented 6 years ago

@dckc I agree that using Discord's OAuth server would be fast to implement. In the future it would be nice to host an OAuth server on member.rchain.coop

Check out this php OAuth client for Discord https://github.com/teamreflex/oauth2-discord

Discord's email OAuth scope returns both the Discord User Object and the email address that the user registered with when joining Discord. We also need a little BOT to check if the User Object contains the Member Role ID. It makes sense to stick with PHP for all the pieces.

@patrick727 The following could be a separate, but related issue: WordPress is written in PHP. Jeremy & I both feel that self-hosted WordPress would be a good fit for the member web site. This thing that Dan is working on (#260) could allow Members to log in to the (WP) member site through Discord so that the member site would automatically know which users are Verified Members! Setting up a WP-Discord Oauth Client could likely be done quickly by a Dev who knows PHP/WP.

dckc commented 6 years ago

btw... I realized recently that mixing in the trust metric should wait. The first thing is to model the current system. A few features should be added to the stuff above:

patrick727 commented 6 years ago

is the app available to demo?

dckc commented 6 years ago

yes. see pointers in the first few comments.

dckc commented 6 years ago

@hyperevo IOU specifics on discord OAuth integration; here's hoping for a bit of time to make a specific issue for it.

hyperevo commented 6 years ago

I will start work on the Discord Oauth

hyperevo commented 6 years ago

So I managed to get php working, communicating, and authenticating with Discord's Oauth. I am able to grab a list of guilds that the user belongs to. However, it doesnt allow me to see the user's roles within the guild. Since we are currently identifying coop members by their roles within the guild, this specific method doesn't seem like it will work.

It looks like I can set up a discord bot, give that bot access to the guild, and get a list of users and roles for the guild. So the authentication will work in 2 parts: 1) Authenticate the user with OAuth and find their unique username, 2) Ask the bot for a list of users with roles in the guild, check to see if the authorized user has the coop member role.

dckc commented 6 years ago

@hyperevo good to see progress. Let's use #413 for this oauth stuff going forward, OK?

hyperevo commented 6 years ago

Sounds good

dckc commented 6 years ago

I'm reducing the scope to what's getting done in the 201802 pay period: a useful prototype, but not deployment. I made a milestone for the deployment.

dckc commented 6 years ago

In a comment on the monster spreadsheet, @lapin7 asked:

Can we do a try out for your system?

Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.

You can see all my budget votes at a glance, in fact. And all my reward votes.

I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.

The biggest issues I see are:

lapin7 commented 6 years ago

Great I have some time today, to try it. We could do a mixture for Feb. Entry by sql and entry by Gsheet. For March only sql

Sent from my iPhone

On 26 Feb 2018, at 04:24, Dan Connolly notifications@github.com wrote:

In a comment on the monster spreadsheet, @lapin7 asked:

Can we do a try out for your system?

Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.

You can see all my budget votes at a glance, in fact. And all my reward votes.

I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.

The biggest issues I see are:

old budgets don't carry over authentication is weak; it's too easy to log in as someone else. But at least the votes are timestamped and logged. And @hyperevo doing #414 pretty quickly; it could be ready any day. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

lapin7 commented 6 years ago

I’m wondering if old budgets have to carry over anyway. I don’t see a need.

Authentication can be done through google groups?

Sent from my iPhone

On 26 Feb 2018, at 04:24, Dan Connolly notifications@github.com wrote:

In a comment on the monster spreadsheet, @lapin7 asked:

Can we do a try out for your system?

Very timely! I was having so much trouble with the gsheet that I used the web app to enter my votes, with an expectation of manually transcribing them afterward. It was quite pleasant.

You can see all my budget votes at a glance, in fact. And all my reward votes.

I wonder if this week's meeting is too late for people to try it out and see if it's good enough for this month. If there are any Feb votes in the spreadsheet, I have code to migrate them to the SQL system.

The biggest issues I see are:

old budgets don't carry over authentication is weak; it's too easy to log in as someone else. But at least the votes are timestamped and logged. And @hyperevo doing #414 pretty quickly; it could be ready any day. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

dckc commented 6 years ago

Authentication through google groups would only complicate things.

lapin7 commented 6 years ago

OK. Do you have a moment today to go through your system? And to see if we can implement it already?

-- Cheers, HJ

On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:

Authentication through google groups would only complicate things.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368480331, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .

dckc commented 6 years ago

As I said, I tried it out and found it's already quite usable.

What other evaluation would you like?

On Feb 26, 2018 6:56 AM, "HJ Hilbolling" notifications@github.com wrote:

OK. Do you have a moment today to go through your system? And to see if we can implement it already?

-- Cheers, HJ

On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:

Authentication through google groups would only complicate things.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368480331, or mute the thread https://github.com/notifications/unsubscribe-auth/ AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368493085, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJNyiyQbBAv41rrs0IsOa6OvDR7u_gyks5tYqn_gaJpZM4RyM8o .

lapin7 commented 6 years ago

Yeah, Your evaluation is fine. But please walk me through today, so that I can point other collaborators to this application instead of the spreadsheet.

-- Cheers, HJ

On Mon, Feb 26, 2018 at 3:56 PM, Dan Connolly notifications@github.com wrote:

As I said, I tried it out and found it's already quite usable.

What other evaluation would you like?

On Feb 26, 2018 6:56 AM, "HJ Hilbolling" notifications@github.com wrote:

OK. Do you have a moment today to go through your system? And to see if we can implement it already?

-- Cheers, HJ

On Mon, Feb 26, 2018 at 1:09 PM, Dan Connolly notifications@github.com wrote:

Authentication through google groups would only complicate things.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://github.com/rchain/bounties/issues/260#issuecomment-368480331 , or mute the thread https://github.com/notifications/unsubscribe-auth/ AB0x92FsU2JlyF9zTEuTMhOdWTijDqoYks5tYp7ngaJpZM4RyM8o .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368493085, or mute the thread https://github.com/notifications/unsubscribe-auth/ AAJNyiyQbBAv41rrs0IsOa6OvDR7u_gyks5tYqn_gaJpZM4RyM8o

.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rchain/bounties/issues/260#issuecomment-368529468, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0x93JGm3uuGJox8wNEhDRY_o8ck4Ajks5tYsYtgaJpZM4RyM8o .

lapin7 commented 6 years ago

@dckc We could do a zoom https://zoom.us/j/4991184673 And you explain how collaborators can enter data in http://rchain-dbr.nfshost.com/rchain-bees-ants/

dckc commented 6 years ago

I don't see any time today when I can do this. Do you, @TrenchFloat ?