Joomla, Docman and Category Filtering
Tuesday night into Wednesday I finished the majority of the work on Docman and let me tell ya that is an adventure. Docman is currently setup so that you upload 1 file (pdf, doc, whatever) and then you create a document, which is only an entry in a database. That document can only have 1 category, so if you need it to belong to multiple categories you are screwed. Also Docman continues to list a document when it is ‘checked out’ which is not ideal in a lot of cases. For me checking out means checking out, like a library, that book is no longer available.
Our system needed to have documents belong to 3 ‘categories’, but only one is really a category. The other two are document type and relevance (state, federal, etc). We were using Docman Uploader or something instead of the stock upload functions, but the root docman upload functions are used within that component. The way the uploader is made it is pretty simple to add additional database fields, it does however take a lot of code reading to find that out. You can pretty much just add the fields you need to the database and then add the appropriate form elements with the same name as the field. I would make the fields allow for null unless you want to go through every previous entry and add numbers. For this project I setup categories so that in the root of the categories you had each main topic, Document Type, Relevance, Topics and then each subcategory was the actual information. That causes a problem if you use the stock code to give you drop down categories since it will list all of them and there is no filtering. This means that you must apply some filtering and I did that by specifying the categories to be left out in the main configuration and then do an in_array to check if that category was to be left out. That still leaves you with the name of the parent category so you need to do an array_shift to get rid of that. In the end I have 3 drop down boxes only showing the categories I want and they are entered into the database as I want them. That won’t make shit work though, since you have two new fields and they are based on category numbers you need to be able to find information on only that. For this I included the parent categories that house the other information, and if the GID matches you append tid or rid to the end of the url, this way when that person browses into that category the next url has the information you need. If rid or tid are found on the url it then searches rid or tid instead of catid and whala, you have your information.
It was nowhere as simple as that as Joomla uses about 500 steps to do one thing and everything has to be traced back to the origin. Getting the resources page to work was also a hassle. The built in functions for category listing will list everything, but I only needed parent and one level in, and editing the functions that come with the script wasn’t working so I had to write my own. Writing my own wasn’t a problem, but for some reason it wouldn’t work within joomla, I could get it to work outside as a standalone but not within. It appears I was having problems using global, the information just wasn’t being brought in the functions.
I will eventually post the link to the site when it is live so you can see what I did.
April 2nd, 2007 at 9:55 am
Hi,
I have a client who is looking for the similar functions in their Joomla site. about how long did it take you and would you be willing to share your process?
From what you have done so far with DocMan, do you think that one way PGP file encryption will be difficult to add?
Sincerely,
Mike
–
Mike Brandonisio
Tech One Illustration
http://www.jikometrix.net
April 2nd, 2007 at 11:06 am
Mike,
It’s hard for me to say how long it took because I did a lot of other stuff in the same phase and I did not keep my hours for just the Docman portion. The entire phase was about 85 hours, but like I said I had a lot of things going on in addition to just that functionality. It would also depend on how familiar you are with Joomla, I had never looked at its code before I took on this project so there was a lot of function/class tracing.
If you are digging in the Docman code pretty much anything can be done with it, it just depends on when you would like it done and if you are going to have it kick errors if it does not encrypt. Is the PGP encryption being done by a program or PHP code? I would like to see a class for PGP encryption, I assume there is one out there I have just never looked.
I would be willing to share my process, I had plans to make a tutorial on it, but that is going to have to wait for the time being. I currently don’t really have the time to do a line by line on it, but I can give a low level set of directions on what needs to be edited. Let me know so I can gather my thoughts. I think after this project I may make a Docman replacement because I found bugs and functionality I did not like.
April 5th, 2007 at 1:20 am
Hi Peter,
The one challenge that I’m having with using PGP with docman is that I can only use one key for all of the users. I’m trying to come up with a way to prevent users from seeing or using the files of other users if they happened to get their hands on the files. The data is sensitive in nature. And then I wanted to keep the keys off of the server where the files are stored. I still have some work to do to flesh this out. I may tap you later for some info. Thanks for sharing.
Sincerely,
Mike
–
Mike Brandonisio
Tech One Illustration
http://www.jikometrix.net
April 5th, 2007 at 4:21 am
Are you using a code based version of PGP encryption or using a class that integrates with GPG or something? Is this one key limitation because of DOCMan or because of an internal reason? If the data is sensitive I wouldn’t use one key unless none of the individuals reading documents have the private key. If the site is decrypting on the fly it would be easy to limit who can see what, but if they are downloading them and then decrypting it leaves a huge security hole.
Without knowing a lot about the project it sounds like if it is code based, you could store the public key of the user in a separate table and then pull that out when you are encrypting the file. If it is directly working with gpg, depending on how much usage it will be getting I would still store the key in the database and write to a temp file on the server when encrypting then destroy that temp file.
With this method you can use the AES algorithm built into MySQL for an added layer of encryption of the keys so that someone cannot just pull out a public or private key. If the files must be decrypted on the fly I would put private keys in a separate table with a algorithm to build the key you will use for AES so it will not be the same key for every user. You still have to worry about people sniffing the network if you are not using SSL on MySQL, but I think it is safer than going the route of having private keys stored as a file.
I havn’t done much with PGP or GPG in the backend so I guess I am sorta speaking out of turn on this, but it seems like a reasonable solution to resolve the problem of using just one key.
Everything with Joomla sorta seems like a pain because you have to go through 9 functions to do one thing so you do a lot of tracing to add additional functionality in existing components.
I recommend the DOCMan uploader component to help with uploading as it has multiple steps and each step is a separate function within the component making it is a lot easier to do things on each step.
April 5th, 2007 at 8:13 am
Hi Peter,
After I hit send I realized that the keys were just another programming exercise. With a bit more effort I could create the keys on the fly and store them in the separate table for each user. I’m looking to work with GPG over an SSL connection.
Sincerely,
Mike
–
Mike Brandonisio
Tech One Illustration
http://www.jikometrix.net