http://qs321.pair.com?node_id=15409

mtomkins has asked for the wisdom of the Perl Monks concerning the following question: (cgi programming)

My task is to develop and implement a system for bug reporting on our corporate website. I have been working with a simple text database, it adds/searches/modifies/deletes via a neat little HTML interface... my problem is that there needs to be two levels of security; user and admin. The user inputs the problem they encountered, it is automatically stamped with the date it was entered as well as a key number, a priority level of 0, an "assigned to:" of "nobody" and a "fix:" of "none". Now I need a way for an administrator to get in there and modify the priority, assignment, and fix of these problems. Any help would be appreciated.

Originally posted as a Categorized Question.

Replies are listed 'Best First'.
Re: Is it better to use off-the-shelf websites, or write my own?
by neshura (Chaplain) on May 30, 2000 at 21:53 UTC
    The general answer on this one is always "Don't write this one yourself". Having had more than my share of experience with this issue, I can say that this is not always the correct answer. I have written and currently am in the process of writing v2.0 of an equivalent application for work flow tracking and reporting. There are times to use an off-the-shelf product, and times when you really need to write your own (which is where these commercial packages originally come from anyway).

    First, there are number of really excellent applications out there for bug tracking, time tracking, work tracking. You can assume that an open source version is going to be much better than a shrink-wrap version, for one simple reason -- feature bloat. Because every company has different needs, the shrink wrap versions NEVER fit perfectly and almost always are impossible to tweak. I happen to really like Keystone, from Stonekeep Consulting, because it is free for small departments, it is easy to set up, and it is built on PHP with a mysql database. (I like PHP almost as much as perl, for different reasons)

    Second, if you test a couple of packages, and you find that they don't fit your needs, then by all means, write one yourself. This is the route I took, and my department could not be more delighted. I learned a couple of things though -- interview the users before you start writing the application, map the flows/processes out early on, work out the logic -- in short, design, design, design!! Then, make sure your boss is 100% behind you (we did our programming in secret as a surprise gift for our manager -- we're just lucky it worked out well). KISS and get yerself a frozen feature set, and your life will be made much easier.

    To answer your specific question, I have a set of named permissions in my database -- Administrator, Developer, Project Manager, Client, etc.
    Every time a ticket is retrieved from the database the current user's permission level is also available. If a field on the form is read-only at the user's level of permissions, then only the value in the database is printed. If the user has read-write permission (like the Administrator) then the equivalent popup box or text box or whatever is printed to the screen so that the user can modify it. The code is not the cleanest, but that's why I said design before code earlier :-) Lots of stuff got tacked on later.

    Hope this extensive ramble helps you out some.

Re: Is it better to use off-the-shelf websites, or write my own?
by mikfire (Deacon) on May 30, 2000 at 19:39 UTC
    Don't write this yourself. Please. There are many hidden issues in this problem - I speak from way too much experience. There are many more levels of authority than you think. There are the people authorized to enter problems, the people authorized to assign problems, the people authorized to answer them and the people authorized to close them. Of course, you also have the people authorized to authorize people.

    Having solved all of those, you then need to worry about database corruption which will happen when using flat files. After you have solved this, there are a hundred more hurdles to jump. And then, when you are all done, you will never escape it. It will hang about your neck like a dead albatross. You will be supporting this thing for years.

    Please, trust me. Find something else somebody has written and abuse that. DO NOT WRITE THIS FROM SCRATCH!

    In this light, I direct you to Freshmeat's development/bug tracking section. There are a few good choices in there, including several that have both web front ends and command line front ends. Many of them have been used and tested extensively. Several of them are free.

    Mik - who is still working off therapy dollars from a PTS
    mikfire

Re: Is it better to use off-the-shelf websites, or write my own?
by turnstep (Parson) on May 30, 2000 at 19:54 UTC

    Even though I am usually the last one to jump on the "don't re-invent the wheel" bandwagon, I feel that mikfire is correct - a good bug reporting system can get very complex very fast. At the very least, modify one of the existing ones heavily to your particular uses. A nice one to use is bugzilla:

    (it's number one in the list referenced above) It's almost free (uses the MPL, an ugly cousin of the GPL) and definitely has had lots of real-world testing. I also highly recommend GNATS, which is GPLed.

Re: Is it better to use off-the-shelf websites, or write my own?
by hacker (Priest) on Nov 18, 2001 at 03:13 UTC
    There's always Mantis.

    I've been using it on my sites for quite some time on SourceFubar, the public CVS hosting service I run and manage. Go ahead and log in as Guest and poke around.

    You can find the main site for Mantis on Sourceforge.