Flyspray

Since PHP7.2 shows a warning in admin area ?do=admin&area=users&user_id=1234567890, when user_id is set, but no alternative user_name parameter.

Probably related to scripts/admin.php

$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
  $id = Req::val('user_id');
}

Rethink the current sets of buttons and their functionality.

Maybe a mousover hint/cheatsheet of available dokuwiki syntax is more helpful in writing fast and efficient.

• buttongroup links http,email,ftp
• buttongroup code, code php: why a single button for php? maybe a cheatsheet or subselect for choosing a language (read directory plugins/dokuwiki/inc/geshi for that). Or even better: Let the project administrator define what source code languages are used/popular in a software project and dependend of that setting prefer/promote that languages
• I miss a blockquote- or cite-tag for citation, which is more semantic than bold, italic, underline buttons. Update: It is the > character followed by text!
• Show a cheatsheet (by mouseover?) of dokuwiki smileys as defined at plugins/dokuwiki/conf , update to current config of dokuwiki, facepalm for instance is missing

8-) 8-O 8-o :-( :-) =) :-/ :-\ :-? :-D :-P :-o :-O :-x :-X :-| ;-) ^_^ :?: :!: LOL FIXME DELETEME

icon_cool.gif icon_eek.gif icon_eek.gif icon_sad.gif icon_smile.gif icon_smile2.gif icon_doubt.gif icon_doubt2.gif icon_confused.gif icon_biggrin.gif icon_razz.gif icon_surprised.gif icon_surprised.gif icon_silenced.gif icon_silenced.gif icon_neutral.gif icon_wink.gif icon_fun.gif (not working as first character on a line, bug?) icon_question.gif icon_exclaim.gif icon_lol.gif fixme.gif delete.gif

Currently it seems a user needs two accounts
to login by normal user-password and oauth2 login with facebook,g+ etc.

Better would be if a normal username-password registered user could connect a oauth2-login with his existing login.

This is a parent task for all small helping or explaining tooltips that can be maybe added where approriate.

Many people don't like reading external documentations, which sometimes often is also not up to date with the current used version.

If you are doing something in Flyspray and you don't know exactly how it works or have to be done rigth and you must look at documentation, it breaks your workflow.

The best case is if its all perfect intuitive and you don't have to read any help texts. But in the case of more complex operations or things that do many things behind the scene a helping tooltip or explanation can give you a mental map and more trust into what the tool is doing.

RC9 running on CentOS LAMP stack

Steps done to create the problem:
Set up google as an oauth provider.
Have a user click “Sign in with Google” in the login box.
User connects their account with Flyspray.
Google redirects the user back to Flyspray
The return screen (on flyspray) asks for a username.

Expected behavior:
No warning about duplicate username should be shown on initial page load since no username was entered yet

Experienced behavior:
A warning about the username being already taken is shown.

It appears there is no logic for showing or hiding that warning in register.oauth.tpl

(It would be great if flyspray was able to just use the email as a username to make the UX even better/simpler.)

Notice: Only variables should be assigned by reference in /*/setup/index.php on line 883 
Notice: Only variables should be assigned by reference in /*/setup/index.php on line 949

On flyspray/index.php?do=admin&area=newuser I sucessfuly register user with email ;

I don’t recieve popup with message ‘You did’nt enter valid e-mail address’

After that on new page i receive error:

Completely unexpected exception: Address in mailbox given [;] does not comply with RFC 2822, 3.6.2.
This should never happend, please inform Flyspray Developers

need add option for can set default Severity and Priority of new creating tasks

• On the myprofile page have a section to show all my votes I put on tasks. done!
• Add the possibility to remove own votes from tasks. done!

• Implement a limitation of the amount of votes a user can put on tasks for a project. Can be enabled/disabled and amount configured. Done!
• project based vote limitation

• When a task is finished/closed, remove the user votes from the task and make that vote again available to the user. Maybe safe the existing historic voting count in an extra field of the task as the votes would drop to 0 on closing the task. removed.

We keep the votes, because a task can be reopened everytime and then the old voters and votes should be visible again. In this case the amount of votes on active task could be a bit greater than allowed, but thats no real problem.
The calculation of done votes and available votes based only on open task and project voting limit.

For example on uservoice.com you have 10 voting points. So you as user has to decide where your priorities are to put your votes.

So all users have more or less the same power to vote for tasks.

That way you can just protect the setup routes after installation, etc.

And have a much less cumbersome .htaccess file.

And take sensitive files outside of the server path and not risk letting them get out in the public

For users with administrative permissions, a moderation UI for spam tasks could be useful.

For other normal users a “mark as spam”-button (similiar to voting for a task) could help moderators to identify spam tasks.

1. Modify the spam task: Move to a hidden “Trash” project, replace summary and description with a default spam summary text end empty description.
2. The decision which kind of punishment of the account who created the spam depends on several things:
   • Is it a previously normal used account who got captured by a bad guy and suddenly started spamming?
   • Is it a fresh bot created account who tried creating many spam task to promote bad websites or do search ranking manipulation?
   • Is it a sneaky smart account who waits for the opportunity to offload spam in a subtile manner?

I think this is not so easy to automate without producing false positives, especially for a project without commercial interest and funding and no huge meta informations like Google or similiar data collecting corporation who have the ability to identify spam waves across the internet.

Just moved issue #110 from https://github.com/Flyspray/flyspray/issues/110 to here for centralized task tracking.

Maybe just needs testing with current github master.

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

There are 5 possible cases that IMHO should be handled more user friendly:

1. There is no cronjob for the reminder (schedule.php) setup → Reminders are never sent
2. Reminding is disabled in the global settings → Reminders are never sent
3. Reminder setting 'email' only → Reminders are only sent to users who set their notification setting to 'email' or 'both' and setup an email address
4. Reminder setting 'jabber' only → Reminders are only sent to users who set their notification setting to 'jabber' or 'both' and setup a jabber address
5. Project notification setting not set → ??? (research...)

• If notification is disabled (1. or 2.), the notification tab on 'task details page' should adapt to that I think. (by css style or message or tooltip)
• If notification is restricted to only one notification channel, the current user should be informed on notification tab on 'task details page' if he would receive notifications with his current notification settings.

Then you can gracefully drop support of old MySQL extension AND drop the need for password compat, since BCRYPT and password_hash are built into PHP from version 5.5 onwards

The user preferences and the add new user screens both allow you to set the timezone offset of the user, however, we are only provided with whole hour offsets from GMT. This makes it impossible to select our timezone here in India, which is GMT+5:30 - IST(Indian Standard Time - Asia/Kolkata as per TZ Zoneinfo). In addition, there are also timezones in the GMT+x:45, which wouild also require to be handled. Note, this is totally independent of DST Changes, since some of the countries use DST(Like in Australia) and others do not(Like India).

Here is a link with more details of the same - http://www.timeanddate.com/time/time-zones-interesting.html

I will be trying to identify and fix the codebase to resolve this, and will hopefully have a patch to submit soon.

Regards
R. K. Rajeev

Integrate the selectpure javascript to the new task and edit task form.

By default there is a text field where tag names are separated by ‘;’ character.

Selectpure could instead show the tags with their visual layout with a little ‘x’ inside on the right side for removing a tag and autocomplete when typing a tag name to show existing tags from the flyspray_list_tag-table as possible selections.

Instead implemented a CSS and raw javascript solution with a single taghelper.js without any dependancies.

A button beside the tag input text field toggles a list of available tags for the current task, depending on the project and settings.

Still TODO

We should change the document logic a bit here. For public projects search engines like well structured pages more then others. And we get a consistent structure too in future for Flyspray.

This I have in mind

Project area name ("All Projects" or "Project name")

Admin setting / Project setting pages, title of the sub pages

Section names in these pages

Task view page

Toplevel project overview /dashboard

New Task page

Reports page

Roadmap page

MyProfile page

Need add view of grouping in Task List by Category

When a user has project manager permissions, but not admin permissions, then on the ‘edit group’ pages like index.php?do=pm&area=editgroup&id=8
the links in the list of users of that group are

index.php?do=admin&area=users&user_id=12345

instead of linking to the users page

index.php?do=user&area=users&id=12345

and a redirect follows with Error #4: You don’t have administrative rights.

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see http://php.net/manual/en/migration52.new-extensions.php but not “always”, see https://groups.google.com/forum/?hl=de#!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/fix.inc.php
This is the commit https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9

How do we solve it? Several possibilities:

• Do we really need this calls here? What “bad input” is filtered here?
• Test if the extension is enabled at install/update tests/screens.
• use function_exists() test at every request ( similiar to the source code before https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9 )

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

• l (current SHIFT+ALT+l Firefox) login dialog / logout
• a (current SHIFT+ALT+a Firefox) add new task
• m (current SHIFT+ALT+m Firefox) my searches
• t (current SHIFT+ALT+t Firefox) focus taskid search
• e (current SHIFT+ALT+e + Enter Firefox) edit task
• x or y? (current SHIFT+ALT+y Firefox) close task
• s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

It's a little like "text version". So you could use this exported changelog within a new release.

I think good was:

• Only resolved tasks ordered by date (but of course without displaying the date) and only public accessible tasks
• Without task number ("FS#...")
• A download function via button