Flyspray - The bug killer!

I need metrics for flyspray projects about a rest api. For example the count of issues for status, priority. I want use this values for my code analysis system http://www.sonarqube.org/ and other internal tools. It is possible to create a rest api with user authorization and only for metrics data?

An assigned ticket can't be edited by a lower privileged user.

Please support Central Authentication Service, thank you.

It would be helpful to have communication with LDAP via TLS

Hi

Please advise if there are known issues when integrating Flyspray with Active Directory using LDAP.

I have been working with Eventum (http://www.mysql.org/downloads/other/eventum/) for quite sometime now and in contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define role-based state transition rules of the tasks reported in a particular project. For example, I should be able to implement the following scenario:

1. For a “Developer”, the subsequent tasks from various states. Likewise for other roles
2. “Developer” should not be able close out the bug reports. He/she can only flag them as implemented. The “Reporter” of the bugs or the “Manager” alone should be able to close out issues
3. ..
4. .. it will go on like that

This feature, in my opinion, is very crucial for corporate organizations to give a serious consideration to Flyspray.

In version 0.9.9.5.1 (unfortunately I couldn't select this version in the dropdown list on the left), reminders can only be created and edited by Admins and Project Managers. I recommend to give Assignees the permission to create reminders for themselves. To minimize any programming impact, his may be done as part of the "edit own tasks" permission.

This topic has been reported by Engie as part of Bug #713 for version 0.9.8 as well: "Also it would be useful if a user could create reminder for himself." Although that bug is already closed ("fixed in devel"), this part is not yet solved in the current version.

For example, say I no longer want 1.1, 0.9.9.8, 1.0.0, etc. So want to merge them all into one version 1.0. Same goes for OS, and others

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

• Deny deletion of version as long as tasks assigned to this project version.
  • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
  • add SQL foreign key constraints with ON DELETE RESTRICT
    • Pro: some business logic can be directly enforced by SQL.
    • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting

• Move the tasks of this version to a default fallback version before deleting the version tag.
  • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
  • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (https://github.com/Flyspray/flyspray/issues/130)

moved from FS#1697 into a separate task.

We have severity field.
We have priority field.
We have estimated effort field.

But we don't have a fíeld to see how hard a task is to solve. Something like in doom 3d shooter a face from normal/easy to angry/bloody/very hard.

Imaging you have some people in a company, some base educated, some high educated, some are experts in their field, some do repeating easy tasks.

By adding the ability to set a 'doom level' on tasks this can complete the view over a project in addition to severity,priority,effort.

On Mac OS Safari:

I just closed a task and wrote the following into the comment for closing:

"See also F.S.#.14" (of course without the points). When I then click the link in the comment box (below the task details) I'm redirected to:
"http:/flyspray.stefan-herz%0Aog.tld/index.php?do=details&task_id=%0A14". No matter if #14 is closed or not.
It worked with Firefox.

Any suggestions?

It's a little like "text version". So you could use this exported changelog within a new release.

I think good was:

• Only resolved tasks ordered by date (but of course without displaying the date) and only public accessible tasks
• Without task number ("FS#...")
• A download function via button

I find it irritating to have the oldest activity on the right side and newest activity on the left side of the small activity bars.

There is also no time scale description. This could be added by showin it on :hover to keep the simple appearance.

A complete new feature would be to replace the image generation by rendering the bars in the html in the same request, e.g by inline svg or canvas element. This would enable adding some interactivity with the activity bars..
A related feature request is FS#1991 (project progress)

This could be done by a textarea field (like comment text or task description) on the myprofile page and stored in a new field (of type text for instance) in the user table.

This allows the user to introduce himself to the other users.

Should be restrictive, for instance only simple text allowed, no html or tags.

Got "wrong token" on creating a task whose form were open for a while in browser tab.

That means probably the session timed out on bugs.flyspray.org, so the anti csrf token doesn't existed anymore on the webserver.

It would'nt be a big problem if the browser backbutton works showing the ready written form again, but it was empty.

One solution would be temporarly storing it offline in the browser storages which are available with html5. But open for other simpler solutions..

It's old. There has been a newer version 2.0. Even that one is not supported anymore, although some documents still remain available. The calendar component relies on its language translations files to be complete, or it breaks. Unfortunately, as I found out a few weeks ago, they are not, after switching the default language from english to my native one. Without having a good replacement for it, some of the translations for flyspray itself we've been getting lately are half-way unusable. Not for an ordinary user, but for anyone actually having to edit a task and its due date.

public static function absoluteURI($url = null, $protocol = null, $port = null)
in
class Flyspray

not using basedir and force_basedir from configuration file

its problem because my web-server inside have port 7777 and outside 80 (nginx and PHP-FPM)

please fix it

this one is somehow tricky, it doesn't happens always but sometimes when fields or filenames contain national characters (I'm in Spain) flyspray returns an error looking like this one:

Query {INSERT INTO `flyspray_attachments` ( task_id, comment_id, file_name, file_type, file_size, orig_name, added_by, date_added) VALUES (?, ?, ?, ?, ?, ?, ?, ?)} with params {189,711,189_9c5d837bb10b7e0989a3c8be8d,application/pdf; charset=binary,736986,Guia de aplicación medidas difusicón y publicidad.pdf,4,1441827828} Failed! (Incorrect string value: '\xCC\x81n me...' for column 'orig_name' at row 1)

here we have a pdf named "Guia de aplicación medidas difusicón y publicidad.pdf" but I had this error also with titles or descriptions containing spanish letters...

Currently, if there are no public project, the anonymous users gets a blank page not very useful. It will be a good idea to have a global configuration parameter to display some customizable-page or maybe the login form instead.

On some forms, when the user presses the reload button of this browser, the POST submit can be resubmitted.

Browsers can warn about this (Chromium, Firefox, Konqueror tested and they show a warning dialog) before executing the second POST.
But people on Flyspray mailing list wrote they experienced double comments.

Simple solution is just HTTP GET redirects after a successful POST. (HTTP 303 or HTTP 302)
But maybe there is a better method than a second roundtrip always needed?

Success, Error, or Warn-messages to the user are stored in the $_SESSION variable for displaying on the second GET request.
But I think that this is a bit ... mmh... not perfect.

For example, I would like to have in the direct response at which position in a form an input error is, not just the message bar in the top center as it is currently that just dissappear after a few seconds.

Also take care the browser back button still works as expected for the user.

As discussed with the team some time ago, a consolidation of places where issues are discussed is wanted.

One of the results was, that we do not want people post issues to github.com Issues and instead use our own bugs.flyspray.org
and to prefer "to eat our own dogfood" and a have central place to handle tasks.

As a result we tried to reduce the open issueas on github.com. I was in the process of moving 2 of still 7 open issues there to bugs.flyspray.org when suddenly the Issues on github.com were closed. Now the last 5 issues there are lost at the moment for me and the audience, which where mostly informations to interested users, not bugs.

I think just closing it without an easy accessible alternative is not the best solution.

At least we should wait until the oauth2 authentication for github users should be implemented and setup on bugs.flyspray.org , so people browsing github.com, finding Flyspray project just can
"Login with github"-feature on bugs.flyspray.org.

The blocker to do this: Currently there is missing an option to "connect" an oauth "Login with github"- Login with an existend flyspray userlogin.

So that one userid in flyspray can:

• login with username and password
• login with one or more of his social accounts (github, facebook, microsoft, g+) if they are enabled (would it restrict to github.com accounts for bugs.flyspray.org)

We have no API yet for Flyspray.

But someone could write a simple php-file that can be called by a github.com auto notification, whenever:

• a commit on github.com for Flyspray/flyspray is made

Github.com provides the configuration of such notification for a possible target like

https://bugs.flyspray.org/api/github.php

or

https://bugs.flyspray.org/api/github.php?project=1

in the settings of a project.

What the file needs:

• import some of the existing Flyspray classes from includes/
• config or load the secrets that are provided by github.com in the setup for the automatic notification
• check that secrets and more for authentication and authorization of requests coming from github.com
• parse the messages for Flyspray identifiers like ' FS#1234 ' or 'fix  FS#1234 ' or 'related to  FS#1234 '
• take actions on the results of that message parsing like making adding comment or modifying a task status

Currently on

• do=pm&area=version
• do=pm&area=os
• do=pm&area=resolution
• do=pm&area=status
• do=pm&area=tags
• do=pm&area=tasktype

a count of usage in tasks is shown for every property.

Interesting would be if the counter shows the count for open/closed tasks on each row.