Sahana Eden configuration usability report ========================================== This document aims to provide comprehensive overview about status and usability of Sahana Eden configuration directives and modules, including the explanation of any deviation from the expected state, encountered errors and stack traces where applicable. Secondary function of this document is to provide a list of possible configuration directives and their expected types, values and effects. However the list is primarily collected using the directives present in *config.py* file in *default* template and is not exhaustive. The configuration has been tested on Sahana Eden version `56afb71 (2017-08-31 01:10:50) `_ using *default* template. Legend ------ Each configuration directive is prepended with a tag representing its usability and readiness. ========== ======= Tag Meaning ========== ======= **[O]** Works as advertised, does not require additional configuration **[+]** Works with additional configuration explained in the description **[!]** Does not work. Short analysis of the problem attached **[N/A]** Untested or missing data ========== ======= Pre-Populate settings --------------------- settings.base.guided_tour [!] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enables guided tours (hints about commonly used features) accessible from Help menu. Requires additional lines in *tasks.cfg* to populate with default *Welcome tour*. .. code-block:: text tour,config,guided_tour.csv,config.xsl tour,details,guided_tour_details.csv,details.xsl | **Problem:** The tour does not show in the Help menu for unauthenticated user (as it is supposed to - see https://vimeo.com/67000529) and fails with multiple errors for authenticated user. Authentication settings ----------------------- settings.security.self_registration [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``True`` | **Description:** Enables user self-registration via login form. settings.auth.registration_requires_verification [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enables requirement for e-mail verification while registering a new user. Requires additional settings for SMTP server via ``settings.mail.*`` directives. settings.auth.registration_requires_approval [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enables requirement for administrator approval while registering a new user. Requires additional settings for SMTP server and administrators e-mail address via ``settings.mail.*`` directives. settings.auth.registration_link_user_to [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Dictionary {String: String} | **Default:** ``None`` in code, .. code-block:: python {"staff": T("Staff"), "volunteer": T("Volunteer"), "member": T("Member")} | commented in default *config.py* | **Description:** Shows checkbox list on registration form and allows linking user to human resource type. The default keys ``staff``, ``volunteer`` and ``member`` are the only valid ones as they are hardcoded throughout the code (mostly in *s3aaa.py*). The linking only creates appropriate linked record between user and organisation but all specific values need to be populated manually. settings.auth.always_notify_approver [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``True`` | **Description:** Enables notification to administrator when ``settings.auth.registration_requires_approval = False`` and a new user registers and validates their account. Requires additional settings for SMTP server and administrators e-mail address via ``settings.mail.*`` directives. settings.auth.opt_in_team_list [!] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** List [String] | **Default:** ``[]`` | **Description:** Adds user to defined team(s) if they checked the *Receive updates* checkbox in registration form. The teams have to be created manually or imported during pre-population phase. | **Problem:** Enabling this option breaks user profile viewing on ``/eden/default/user/profile`` which fails with error 500 and stack trace .. code-block:: pytb Traceback (most recent call last): File "/srv/sahana/gluon/restricted.py", line 227, in restricted exec ccode in environment File "/srv/sahana/applications/eden/controllers/default.py", line 1547, in File "/srv/sahana/gluon/globals.py", line 417, in self._caller = lambda f: f() File "/srv/sahana/applications/eden/controllers/default.py", line 608, in user form = auth.profile() File "applications/eden/modules/s3/s3aaa.py", line 1566, in profile ptable = s3db.pr_person UnboundLocalError: local variable 's3db' referenced before assignment | The error can be corrected by initializing previously uninitialized variables via prepending line 1566 of *modules/s3/s3aaa.py* with .. code-block:: python db = current.db s3db = current.s3db settings.auth.opt_in_default [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays the checkbox for *Receive updates* as checked by default. settings.auth.registration_requests_home_phone [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a *Home Phone* input field in user registration form. Doesn't do full validation and doesn't enforce country code like the *Contact* tab does. settings.auth.registration_requests_mobile_phone [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a *Mobile Phone* input field in user registration form. Doesn't do full validation and doesn't enforce country code like the *Contact* tab does. settings.auth.registration_mobile_phone_mandatory [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enforces the *Mobile Phone* field to be mandatory. settings.auth.registration_requests_organisation [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays an *Organisation* dropdown in user registration form. The organizations have to be created manually, imported during pre-population phase or created via ``settings.auth.registration_organisation_default``. settings.auth.registration_organisation_required [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enforces the *Organisation* dropdown to be mandatory. settings.auth.registration_organisation_hidden [!] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Hides the *Organisation* dropdown (using JavaScript only) unless the user enters a non-whitelisted domain (i.e. domain not listed for any existing group or organisation). | **Problem:** The *Organisation* dropdown stays hidden at all times. Moreover there does not seem to be any way how to bind a domain name to organization other than manual insert into *auth_organisation* table (the *Website* field in organisation definition is not related to this setting). settings.auth.registration_organisation_default [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** String | **Default:** ``None`` | **Description:** Pre-populates the *Organisation* dropdown in user registration form with defined value. The organisation will be created automatically if it doesn't exist. settings.auth.registration_requests_organisation_group [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a *Coalition* dropdown in user registration form. Requires additional CSV with the values and additional line in *tasks.cfg* to import it. .. code-block:: text org,group,org_group.csv,group.xsl | See the template *CRMT* and its files *modules/templates/CRMT/org_group.csv*, *modules/templates/CRMT/org_group_membership_status.csv* and *modules/templates/CRMT/org_group_person_status.csv* for more details. settings.auth.registration_organisation_group_required [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enforces the *Coalition* dropdown to be mandatory. settings.auth.registration_requests_site [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a *Facility* dropdown in user registration form. settings.auth.admin_sees_organisation [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** The value of ``settings.auth.registration_requests_organisation`` (which is ``False`` by default) | **Description:** Displays an *Organisation* dropdown in user administration even when the organisation is not requested during registration via ``settings.auth.registration_organisation_required = True``. settings.auth.show_utc_offset [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``True`` | **Description:** Displays a *UTC offset* field (time zone) in user profile. Original comment in *config.py* suggests that the field should show up also in registration form but it doesn't. settings.auth.registration_roles [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Dictionary of Lists {Integer: [String]} | **Default:** ``[]`` in code, ``{0: ["STAFF", "PROJECT_EDIT"]}`` commented in default *config.py* | **Description:** Sets the default roles assigned to newly registered users. Dictionary key designates the realm that the list of roles applies to. ``0`` implies that the list is not realm restricted. List values are UUIDs stored in *auth_group* table. The roles have to exist before they can be referenced in this directive. settings.auth.org_admin_to_first [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Sets the organisation administrator role for the first user which registers for given organisation. The *Organisation* dropdown must be requested in registration form via ``settings.auth.registration_requests_organisation = True``. settings.auth.entity_role_manager [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enables entity role manager via *Roles* tab in *Staff* for organisation admins. Entity role manager allows for per-organization and per-module role management. settings.auth.realm_entity_types [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** List (String) | **Default:** .. code-block:: python ("org_group", "org_organisation", "org_office", "inv_warehouse", "pr_group") | in code, ``("org_organisation",)`` commented in default *config.py* | **Description:** Defines entity types to be used as realm entities for role management. Eg. user of one organisation won't have any rights in another organisation's records. settings.auth.role_modules [!] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Dictionary {string: string} | **Default:** .. code-block:: python OrderedDict([ ("staff", T("Staff")), ("vol", T("Volunteers")), ("member", T("Members")), ("inv", T("Warehouses")), ("asset", T("Assets")), ("project", T("Projects")), ("survey", T("Assessments")), ("irs", T("Incidents")) ]) | **Description:** Defines modules for entity role manager. | **Problem:** User still has full access regardless of assigned roles. | **TODO:** Check why everyone has admin roles to everything. settings.auth.access_levels [!] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Dictionary {string: string} | **Default:** .. code-block:: python OrderedDict([ ("reader", T("Reader")), ("data_entry", T("Data Entry")), ("editor", T("Editor")), ("super", T("Super Editor")) ]) | **Description:** Defines access levels for entity role manager. | **Problem:** User still has full access regardless of assigned roles. | **TODO:** Check why everyone has admin roles to everything. settings.auth.record_approval [N/A] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Enables record approval by administrator. | **TODO:** Which one? superadmin / org admin / entity manager? settings.auth.record_approval_required_for [N/A] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** List (String) | **Default:** ``[]`` in code, ``("org_organisation",)`` commented in default *config.py* | **Description:** List of tables for which record approval is required. | **TODO:** Seems that the approval is always automatically granted. Check why? settings.auth.registration_requests_image [O] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a file selection button in registration form through which a new user is able to upload avatar image. settings.auth.registration_volunteer [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Redirects newly-registered users to *Volunteers* page to be able to add extra details. Requires disabled new user verification and approval via ``settings.auth.registration_requires_verification = False`` and ``settings.auth.registration_requires_approval = False``. settings.auth.terms_of_service [+] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | **Type:** Boolean | **Default:** ``False`` | **Description:** Displays a *Terms of Service* link and agreement checkbox in registration form. The terms need to exist as separate HTML page *modules/templates/\