Jeremy Knope dot com

So I setup Buttered Cat Software with a free design so I can start getting stuff out there, one of them being a simple utility I whipped together after a quick discussion about not wanting to hold option with someone. QuickBoot lets you choose another system to boot to, but only temporarily, rebooting after using that system will bring you back to your default system. The main purpose is just avoiding the need to hold option, including the possibility of restarting your mac and actually missing your chance to hold option.

Check out QuickBoot

Technorati Tags: mac, software

So I’m currently working on a new site for hosting my mac software projects and wanted to include support for some popular things used by mac programs. For example many programs use Sparkle for doing automatic updates, or even Sparkle+ for tracking system information from the updating applications. So I wanted to go about making a site that would let me manage programs, their downloads, and possibly auto-generate appcasts for use by Sparkle updaters.

So I currently have quite a bit of the front-end going, no administration yet. I have a system that has products, product releases (downloads), download stats, sparkle profile tracking and appcast generation, and download stats integration for sparkle downloads. A lot of this is or will be configurable if this proves to be useful for other people to use.

It’s using a PHP MVC framework also, providing nice URls for everything, some examples:

• example.com/products/view/MetaGrowler
• example.com/downloads/get/6
• example.com/downloads/product/MetaGrowler
• example.com/downloads/get/6/fromsparkle/MetaGrowler_0.1.1.zip
• example.com/appcast/MetaGrowler
• example.com/sparkleProfile/MetaGrowler?profilerArgsHere

That’s just some of the basic stuff I’ve got so far, I mostly wanted a nice way of managing various products and their downloads, I’d want purchase ability eventually too. I’ve heard there’s someone that might be working on a similar project too, mentioned on the macsb yahoo group but that’s currently not searchable due to some error.

I’d like to hear any feedback, and also see what the other projects are (only know of PotionStore as a similar rails-based project.) I’m mostly geared to build my own site right now but trying to keep in mind it might be useful for others, so any input is helpful. I hope I’m not duplicating someone else’s work, but maybe can work together if there’s similar goals, if anybody knows the post, or maybe if yahoo starts working again soon can see what’s up.

Email me at jerome AT jeremyknope DOT com to talk about it if interested or if you’re working on something similar and want to discuss it.

Technorati Tags: framework, mac, php, software

So I decided to write a bit about my experience and implementation of the Zend_Acl component, it’s a bit rough but I hope it gives an idea of how to possibly implement Zend_Acl. Let me know if there’s anything not very clear, I’m no english major so there’s bound to be some awful sections.



Background

So where I work, at RainStorm Consulting, we have a large web application system that drives parts of client’s websites. It currently does not have a public facing site that I could provide for more information, but it’s something that’s evolved over time to facilitate common needs among clients, eventually turning into a central service-providing administration site that clients can go to one place for to administer various dynamic content. It’s also a multi-tenant system, currently only with basic privileges, super administrator, site administrator, and a basic user that can only edit their ‘profile’ for a couple applications. There’s now a client with desire for more fine-grained permissions so Zend_Acl fit the bill.

Implementation

After brainstorming a bit, what exactly we needed for permission control and much frustration wrapping my head around the idea of ACL, taking it’s full capabilities into my head and getting confused. I basically ended up at the end with an ACL implementation that is similar to Drupal’s. I didn’t go into a full implementation of the hierarchy that Zend_Acl offers for both resources and roles. Our system has modules(separate applications) which will map directly to a resource, so say NewsStorm will have a resource by the same name. A role will then have various resource & permission words mapped to it, with a flag for allow or deny. The basic schema is sketched out roughly in this diagram:

I still haven’t finalized the best way for providing possible permissions from a module, but possibly a central module file that al modules will have, possibly containing a class. Currently it’s stored in the modules table in the database, modules create a record there on installation. A simple field right now has a csv of permissions, for example NewsStorm might have “manage categories, new post, edit post, delete post, publish post” which are provided in the permission management, which is modeled after drupal’s.

Shot of the client’s version of this permission management tool:

The actual setup so permissions can be checked happens in the core class in setupAcl(), it pulls everything from the database and builds the ACL tree. We have 2 core roles, Administrator which is just hard-coded and Site Administrator which exists in the database and is meant for almost full control over every module for a site. We fetch all the roles and add them, along with resources.

$acl = new Zend_Acl();

$roles = Siteturbine_Acl_Role::find('all', array('parent_id is null'));
foreach($roles as $role) {
	$acl->addRole($role);
}
$resources = Siteturbine_Acl_Resource::find('all', array('parent_id is null'));
foreach($resources as $resource) {
	$acl->add($resource);
}
$acl->allow('Administrator', null, null);

foreach($roles as $role) {
	$query = "SELECT ro.name as role,re.name as resource,GROUP_CONCAT(rr.permission SEPARATOR ',') as perm
  FROM acl_roles ro
  LEFT OUTER JOIN acl_resources_roles rr ON rr.role_id = ro.id
  LEFT OUTER JOIN acl_resources re ON re.id = rr.resource_id
  WHERE ro.id = ? AND rr.allow = 1
  GROUP BY rr.resource_id";
	$allows = Siteturbine_Acl_Resource::findBySql(array($query, $role->id));
	$has_allow = false;
	foreach($allows as $a) {
		$has_allow = true;
		$acl->allow($role, $a->resource, explode(',', $a->perm));
	}
	if($has_allow) {
		$acl->allow($role, $a->resource, null);
		$acl->allow($role, $a->resource, 'view');
	}

	$query = "SELECT ro.name as role,re.name as resource,GROUP_CONCAT(rr.permission SEPARATOR ',') as perm
  FROM acl_roles ro
  LEFT OUTER JOIN acl_resources_roles rr ON rr.role_id = ro.id
  LEFT OUTER JOIN acl_resources re ON re.id = rr.resource_id
  WHERE ro.id = ? AND rr.deny = 1
  GROUP BY rr.resource_id";
	$allows = Siteturbine_Acl_Resource::findBySql(array($query, $role->id));
	foreach($allows as $a) {
		$acl->deny($role, $a->resource, explode(',', $a->perm));
	}
}

So tons of stuff going on in here I suppose, basically I query out the resource-permission maps into separate rows that I can loop through and call $acl->allow() or $acl->deny() as appropriate. If a role has any allow permission at all, I also set a hard-coded allow to the ‘view’ permission, which I use as a way to see if someone has ANY module permission at all, used in navigation.

After all that, I can call a helper type function I have for checking if the current user has permission for a specific area or task. This function takes care of automatically getting the current user and also the module if one isn’t specified.

	function isAllowed($permission, $module=null)

so $this->isAllowed(’new post’) might return true if the current user has a role that allows the ‘new post’ permission on the current module.

This was a pretty rough post, but I’m not so great at writing but I hope it might be useful. Let me know if it could use more clarification, I probably glossed over a lot.

Technorati Tags: php, framework, zend

So I decided to do a simple performance test after a friend linked me to this blog post of someone doing a comparison against a PostgreSQL database. I use MySQL at work so I wondered if there was much difference with the mysql drivers for these various APIs. The results actually seem to show PDO to be the winner when querying a MySQL database.

Here’s the results:

This test was run on a Ubuntu PC, an AMD 1800+ (1.53Ghz) PHP 5.2.2 machine. A simple query was run 250 times returned about 270 rows, similar to the blog post I mentioned. The 250 query iterations were also run 10 times per API and the average of that is taken. The results fluctuate a little but are usually pretty close to the same. So it seems like for MySQL PDO does a pretty good job.

Edit: Added Zend_Db results, which uses PDO behind the scenes

Technorati Tags: database, mysql, performance, php, programming

So Zend Core recently released an update which has the PDO extension so I can now use it since all my applications run off of PDO for data access. Problem is I’m trying this on Mac OS X which currently has a problem with building PDO separately for PHP. So I had to wait for Zend Core to integrate the core PDO extension to even use it.

Zend Core offers a simple installation and management suite for a PHP installation. It installs PHP and it’s components along with some optional components (like phpMyAdmin and the likes and even Apache 2) and gives you a web interface for managing your php configuration, seeing general status of Apache, benchmark (ap), and grab updates automatically or manually for Zend Core. It’s also free to use it seems, you pay if you want support.

My favorite part of this is probably the offline searchable PHP manual it also includes and the easy to use php.ini editor that lets you edit settings & load extensions easily. Check out some screenshots.

Technorati Tags:
php, programming, zend, review

So I decided to splurge and throw down $30 for Mint since seemed like a lot of people love it, and it looks pretty awesome. Currently my blog is driven by Typo which is Ruby on Rails based. This means that my web folder has rewrite rules to push pretty much any path that isn’t a specific file into the rails app. So putting mint in there at /mint/ would mean it 404s when expecting to fetch index.php. So I just gave mint it’s own htaccess file that rewrites URLs to mint without filename to index.php.

RewriteRule ^mint/$ index.php [QSA]

RewriteRule ^([^.]+)$ $1.php [QSA]

RewriteCond %{REQUEST_FILENAME} !-f

I’m really not that sure if the last 2 lines were at all necessary, I’m thinking no due to the nature of mint, which pushes everything through index.php it looks like.

EDIT: Better yet, google first before just doing it myself and find out that this: Mint Stats for Your Ruby on Rails App has a lot more information and a better solution, not sure why I didn’t bother looking first.

Technorati Tags: mint, rails, stats, typo

So I tried Google Desktop for Mac that was just recently released, beta of course. It’s not too bad, didn’t take seriously long to index either. Not sure it’s any faster than Spotlight. I didn’t really like the lack of grouping that I like in Spotlight results, mail messages grouped together etc. The double-tap-command shortcut is an interesting idea too, and it worked quite well and was kinda cool to browse results in the web page view with pagination. Though when in that view it would open various things within the browser it seems, or at least mail messages, actually not sure about other files. Of course not surprising since the browser probably will open whatever it deems appropriate since it’s just another web page really. I ended up uninstalling it just because it didn’t quite jive with me, I’m not a huge Spotlight use but I still prefer it.

I don’t know if the cause of this extreme increase in memory consumption is from trying out Google Desktop for Mac or not, but I’ve never seen mds at the top of the list of memory usage before, usually it’s OmniWeb after a few days. Anyway, I only made the connection to Google Desktop due to the fact that it uses some spotlight related stuff, like the privacy list and the importers I believe. So since I recently was playing with it I thought there might be a connection. I found one other person noticed same exact thing and they had installed Google Desktop.



This is easy to fix though, and unfortunately I already uninstalled Google Desktop to verify if it climbs up from use at all, just choosing quit process in Activity Monitor does the trick, no need to choose Force Quit. It will come back right after with consumption of probably < 5MB.

I’d recommend trying it out for anybody interested, you might want to check your mds process after though and give it a swift quit to get it’s memory usage down again though after. That is if you notice this happen at all and if it’s at all connected to Google Desktop.

Technorati Tags: google, mac, software

So I signed up for Tour de Cure finally, joining friends in the 25k portion if I can get the $150 in donations. I’ll be on the Woodman’s Bar & Grill team with a bunch of other people that frequent the bar, or of course run it. It’ll be a good time, so help me out and donate!

My personal Tour page where you can donate

Technorati Tags: biking, charity, race

I whipped together a simple PHP script for automating the build process of installing a new PHP version. It’s designed for people like me who do installs of PHP that use extensions instead of building everything in. It automatically tries to figure out what extensions you got loaded that aren’t typically built-in and builds & installs those after building & installing PHP.

Basic usage:

1. Edit the file to reflect any configure options, and if desired manually specify extensions you want which will disable the automatic detection
2. $ php build_php.php /Users/jerome/php-5.2.1

Get it here

Technorati Tags: development, php, tool, script

So today I was able to successfully send an encrypted email from a PHP application of mine. This isn’t too hard to do with basic plain emails and using say GPG with the PHP GPG extension. I played with this first but came to choose S/MIME based encryption method instead since it’s actually supported by nearly every email client without plugins/addons. This seems way more ideal, you can even get a free certificate from thawte for email use. I was able to find out how to do this in PHP via the openssl extension’s openssl_pkcs7_encrypt function. So today I finished up the encryption support in the web application I was working on by getting html emails to encrypt & send and then show up right on the other end. Was pretty excited to get that working, was just a matter of putting the mime/html related headers into the message data to be encrypted.

Small annoying part is the openssl_pkcs7_encrypt function takes file paths for arguments, not variables with data. So you have to save stuff to say /tmp then delete. Kinda stinks.

Technorati Tags: development, php, encryption