Search · Index


Showing 1 - 10 of 851 Postings (summary)


Created by Dave Bauer, last modified by Gustaf Neumann 02:56 PM, Monday

Release Status

See openacs-release-status

Development is taking place in the oacs-5.9 branch, will switch to HEAD soon

OpenACS Version 5.10.0 Agenda/wish list

  • registry for .js and .css libaries: allow besides classical urls symbolic names for loading external resources (e.g. jquery), this would make it easier to upgrade  libraries in multiple packages (without running into problems with duplicate versions) or switching between CDN and local paths
  • dynamic reloading reform, including support for scheduled procedures
  • say farewell to CVS
  • Data bloat hygiene:
    • rethink package parameter and portlet parameter data models
    • parameters: include "subsite-parameters" in parameter resolution (package->subsite->global)
  • require Tcl 8.6, XOTcl 2.1, PostgreSQL 9.2


OpenACS Version 5.9.1 Agenda

  • Refactoring of rich-text editor integration
    • Driving force: Debian packaging
    • we have now the new packages
      • richtext-xinha
      • richtext-tinymce
      • richtext-ckeditor4 (has ability to choose between CDN and local installation via GUI)
  • Theme manager:
    • Goals:
      • Make it easier to keep track of themes with local modifications
      • Make it easier to create local modification a new themes and to update these
      • Show differences between default theme parameter (in DB) and actual settings (in subsite parameters)
      • Allow to delete unused themes
      • Give site admin hints, which theme is used at which subsite
      • Ease theme switching
    • Added support for these features under subsite admin (/admin/)
  • SQL:
    • Further cleanup of .xql files (like what as done for acs-subsite in 5.9.0)
      • so far, 36 files deleted
      • removed more than 100 obsolete named queries
      • stripped misleading SQL statements
    • Mark redundant / uncalled sql functions as deprecated
    • Remove type discrepancy introduced in 2002:
      • acs_object_types.object_type has type varchar(1000), while
      • acs_object_types.supertype has type varchar(100)
      • ... several more data types are involved, using acs_object_types.object_type as foreign key
    • Replace usages of obsolete view "all_object_party_privilege_map" by "acs_object_party_privilege_map"
    • Simplify core sql functions by using defaults
      • Number of functions reduced by a factor of 2 compared to OpenACS 5.9.0 (while providing compatibility for clients using old versions),
      • reduced code redundancy
      • Affected functions:
        • reduced content_item__new from 12 versions to 6,
        • reduce content_revision__new from 7 to 4
        • similar in image__new, image__new_revision, content_item__copy, content_item__get_title, content_item__move
    • PG 9.5 supports named parameter in the same syntax as in Oracle. Further reduction of variants will be possible, once OpenACS requires at least pg 9.5
    • Modernize SQL
      • use real Boolean types instead of character(1)
        (done for new-portal, forums, faq, attachments, categories, dotlrn, dotlrn-forums, evaluation)
      • use real enumeration types rather than check constraints (done for storage type text/file/lob)
  • CR hygienics (reduce cr bloat)
    • Provide means to avoid insert/update/delete operations in the search queue: OpenACS adds for every new revision often multiple entries to the search_queue, without providing any means to prevent this. This requires for busy sites very short intervals between queue sweeps (otherwise too many entries pile up). Another consequence is that this behavior keeps the PostgreSQL auto-vacuum daemons permanently active. Many of these operations are useless in cases where the content repository is used for content that should not be provided via search. The changed behavior should honors a publish-date set to the future, since it will not add any content with future publish dates to the search-queue.
    • Insert into cr_child_rels just when needed. cr_child_rels provide only little benefit (allow to use roles in a child-rel), but the common operation is a well available in cr_items via the parent_id. cr_child_rels do not help for recursive queries either. One option would be to add an additional argument for content_item__new to omit child-rel creation (default is old behavior) and adapt the other cases.
  • Security improvements:
    • improve protection against XSS and SQL-injection
    • add support against CSRF (cross site request forgery)
      • make CSRF support optional for packages where CSRF is less dangerous (e.g. search and api-browser)
    • support for W3C "Upgrade-Insecure-Headers" (see
    • support for W3C "Subresource Integrity" (SRI; see
    • support for W3C "Content Security Policy" (CSP; see
      • remove "javascript:*" links (all such urls are removed from the 90 packages in oacs-5-9, excluding js libraries (ajaxhelper) and richtext code)
      • remove "onclick", "onfocus", "onblur", "onchange" handlers from all .adp and .tcl files in the 90 packages in oacs-5-9 (excluding js libraries (ajaxhelper) and richtext code)
      • added optional nonces to all <script> elements with literal JavaScript content
  • Improved Internationalization
    • Russian (thanks to v v)
    • Italian (thanks to Antonio Pisano)
    • Spanish (thanks to Héctor Romojaro)
    • German (thanks to Markus Moser)
  • Finalize cleanup of permissions:
    • Get rid of acs_object_context_index (and therefore on acs_object_party_privilege_map as well) on PostgreSQL
      • huge table,
      • expensive maintenance, used only in a few places,
      • don't damage Oracle


OpenACS Version 5.9.0 Agenda

  • Slimming pg SQL core:
    • Part 1: improve performance of object deletion
      • remove manual delete operations from acs_object__delete()
    • Part 2: content-repository - manual referential integrity management
      • handle referential integrity via pg's integrity constraints rather by functions cr_revision_del_ri_tr, cr_revision_ins_ri_tr, cr_revision_up_ri_tr, cr_revision_del_rev_ri_tr, and cr_revision_del_rev_ri_tr
      • fix broken/missing upgrade scripts from earlier updates
    • Part 3: content-repository - manual deletions and nulling
      • Removed manual nulling of live_revision and latest_revision
      • Removed manual deletion of old_revision and new_revision in cr_item_publish_audit
      • Removed manual deletion of item_id in cr_item_publish_audit, cr_release_periods, cr_item_template_map, and cr_item_keyword_map
      • Removed manual deletion of direct permissions
      • Added missing index for child_id to cr_child_rels.
    • Part 4: get rid of tree_sortkey in acs-objects
      • Check/fix dependencies in oacs-5-8 packages
      • Get rid of broken/uncalled functions using the column
      • Check/fix dependencies in other packages
      • Remove tree_sortkey and max_child_sortkey
  • Web interface:
    • Improve client performance
      • moving core.js from head to body
      • provide kernel parameter to control expiration date for /resources/
    • Protect against more XSS attacks
    • Improved HTML validity (see oacs-5-9-html-validity for the checklist)
    • Add lightweight support for ckeditor4 for templating::richtext widget (configurable via package parameter "RichTextEditor" of acs-templating. ckeditor4 supports mobile devices (such as iPad, ...).
    • New kernel parameter ResourcesExpireInterval to control expiration dates of resources
  • Templating:
    • Improve theme-ability
      • Move more information into theme packages in order to create responsive designs
      • Reduce hard-coding of paths, HTML etc.
    • Dimensional slider reform (ad_dimensional):
      • Remove hard-coded table layout from dimensional slider
      • Add backwards compatible templates
      • Move hard-coded styles into theme styling
      • Remove obsolete comments from ad_dimensional
    • Complete template variable controls (adding noi18n, addressing bug #2692):
      • @foo@: perform html quoting and internationalization
      • @foo;noquote@: perform internationalization
      • @foo;noi18n@: perform html quoting
      • @foo;literal@: perform neither html quoting nor internationalization
    • Improved Russian nationalization
    • Support of expiration dates and passwords for signed variables
  • Documentation:
    • Use ACS templating for the (static) OpenACS documentation to provide a more consistent layout and user experience.
    • Make pretty-naming of acs-core packages more consistent.
  • Misc improvements:
    • Mark unused functions of acs-tcl/tcl/table-display-procs.tcl as deprecated
    • Reduce number of muxtex locks by pre-request and per-thread caching
    • Improved development und debugging aids:
      • use "ad_log error|warning  .... " instead of "ns_log" to include information of request and callstack in error.log
      • ability to display ns_log entries caused by a request in ds-footer
      • ability to save delivered web pages in file-system for testing HTML validity (especially for admin pages, which are unaccessible for external validity testers)
    • More bug fixes
  • Version numbers:
    * require PG 9.0 (End Of Life of PostgreSQL 8.4 was July 2014)
    * require XOTcl 2.0 (presented at the Tcl conference in 2011).

OpenACS Version 5.8 Agenda

  • PostgreSQL 9.2+:
    • Get rid of nonstandard backslash escapes in function definitions
    • Change quote syntax in sql files (single quotes around the functions) to recommended PostgreSQL quoting using (recommended since pg8.0, jan 2005). li>Drop aliases in favor of named function arguments (recommended since pg8.0)
    • Fix wrong function_args, add missing function_args, align default semantics with the defaults in pg (providing "null" as default means the argument is optional)
    • Make OpenACS loadable without any tweaks in the pg config files
  • Use recursive queries for e.g. permission lookup to avoid performance problems in pg 8.4 and newer)
  • ADP: Use byte-compiled function wherever possible in compiled adp-code, support "@var;literal@" when neither quotes nor localization is needed in compiled adp-code
  • Improve support of NaviServer
  • Switch to Tcl 8.5 (TIP #143)
  • Improve scalability: Reduce mutex-stress on util-memoize cache and for cache maintenance in general
  • Code cleanup:
    • Get rid of calls to deprecated code (e.g. ad_tables, ad_parameter, ... in acs-core and main packages)
    • Improve awareness of usage of deprecated code (complain to error.log)
    • Use Tcl 8.5 idioms
    • cleanup of various http-client approaches and introduce a common implementation util::http::get and util::http::post; get rid of other usages, mark these as deprecated
    • page-contracts: Perform checking of all ids in acs-core and main packages to improve error messages and to improve security
  • OpenACS 5.8.1 should be released with main packages

OpenACS Version 5.7 Agenda

  • Support for object management in core 
  • Postgresql 9.0
  • TinyMCE update (fix for random JS injection issue, affecting Safari)
  • Fix for "remember me" issue
  • WCAG2-AA

OpenACS Version 5.6 Agenda

  • global parameters
  • package "embeds" 
  • fix search by package_id
  • core works on Postgresql 8.4

OpenACS Version 5.5 Agenda

  • DONE: Postgresql 8.3 support: especially regarding tsearch2
  • DONE: acs-authentication:
    • fix upgrade, add conditional logic into site wide tcl library so that you can login to perform the rest of the upgrade
  • DONE: tinymce:
    • upgrade to 3.1.1 + language packs
    • HTML Strict cleanup
    • create appropriate parameters for its config in acs-templating
  • acs-mail-lite:
    • DONE: cleanup duplicated procs (bounce)
    • review the parsing of bouncing messages (case user_id 0)
    • DONE: rollout support
  • Documentation improvements as discussed at the Guatemala conference:
    • Make current source for static files included in the release and provide ease means to achieve this for the release manager
      • DONE (CVS HEAD): Provide in XoWiki an alternative table of contents by nested UL/LI (without JavaScript) for static output
      • DONE (CVS HEAD): Provide in XoWiki a prototype page similar to "book" without edit-buttons etc., using the new table of contents
    • Update where necessary (incomplete list):
      • DONE: Fix the page ordering for the higher chapters (the original document  had no 3rd. level numbering)
      • update pages in /test-doc which are more recent in openacs/xowiki
      • bump version numbers of OpenACS, where appropriate (some places talk about openacs-5-0, others about openacs-5-1, oacs-5-2-3rc1 or 5-3) 
      • some version numbers of the required components are quite a mess. e.g. some parts say that Postgres 7.3 is required,  some examples talks about postgres 7.4.7 and 8.2.4 in the same listing.
      • also the dotlrn version numbers are old dotrln-2.0
      • Tcl version numbers should be 8.4.19
      • The install section for XOTcl is missing in II.3.4
      • remove ChangeLog from documentation
      • find some other prominent place for the ChangeLog
      • Fix indenting in examples  (e.g. in Rocael's robust web    development framework)
      • overthink Win2000 guidelines.  There are the native compiled packages from Maurizio, including everything from postgres, xotcl ....
    • It is desired to find a single person responsible for overworking the documentation, however, funding is unclear.

OpenACS Version 5.4 Agenda

  • DONE: HTML Strict (openacs core)
  • DONE: finish template::head (daveb)
  • DONE: test acs-mail-lite (complex send)
  • DONE: test notifications (complex send)
  • DONE: new XinHA release, get rid of RTE & HTMLarea, test on Safari
  • DONE: Form builder: add the ID attribute  to the form tag
  • DONE: acs-lang - keepLocalTranslationP to be removed
  • DONE search and intermedia-driver: move intermedia specific stuff to its package
  • DONE: acs-mail-lite - patch for mime::qp_encode bug


  • Split Xinha and TinyMCE into seperate packages see:
  • Usability ("my account" page)
  • XHTML ?
  • Testing and documentation for recording automated tests using the firefox plugin and the upload feature for it new in automated testing. Probably needs some polishing and should be talked to with Quest who are getting into this.
  • Parameter Scope Patch 
  • Remove obsolete master template stuff (default and site master template in openacs-4/www, acs-subsite's group-master, and related CSS and images).  Probably in the version which follows 5.5 (probably 5.6).  Also remove the compat master stuff at the same time.

Things to merge into this page

Old 5.0 Roadmap  discussion 

Roadmap discussion 1 

 [Ideas for Boston 2006 Future of OpenACS discussion]

My previous attempt at collaborative roadmap 

A .LRN Roadmap 

Another .LRN Roadmap discussion 


What's on this page?

This page should include work that is planned on and has someone comitted to working on it.


Created by Maurizio Martignano, last modified by Maurizio Martignano 09 Mar 2017, at 04:08 PM

Windows-OpenACS (vers. 3.1.23 - March 2017) is a  Windows 64 port of OpenACS 5.9.0 and the latest snapshot of NaviServer and is available here.

This port installs and runs on the following systems:

  • Windows 8.1,
  • Windows 10,
  • Windows Server 2012 R2, and
  • Windows Server 2016 TP.


Get the Code!

Created by roc@, last modified by Gustaf Neumann 22 Feb 2017, at 09:16 AM

This are instructions to obtain OpenACS, either as a released distribution (a .tar.gz file) or from CVS.

Obtain a released version of OpenACS via .tar file:

Download from //projects/openacs/download/?versions=all 

Unpack the OpenACS tarball. Usually something like this works:

tar zxvf openacs-5.9.0.tgz

Obtain OpenACS from CVS (a certain release with potential patches, or the HEAD version):

If you want to track fresh code developments between releases, or you are an OpenACS core developer, you may want to install from CVS. This is identical to downloading a distribution, except that you get the files from CVS instead of the tarball. The following commands are used to obtain the newest version of the OpenACS 5.9 branch from CVS:

cvs login
# press enter for password
cvs checkout -r oacs-5-9 acs-core 

The command above checks out the core packages of OpenACS in a directory named openacs-4. For  the entire OpenACS version 5.9 branch you can use the following commands (adjust as required going forward):

cvs checkout -r oacs-5-9 openacs-4

If the the branch name (like oacs-5-9) is omitted, the the leading edge developer version (the HEAD release) is obtained

cvs checkout openacs-4

In order to check out a single package (e.g. the package cronjob) from  e.g. the leading edge developer version (HEAD), use 

cvs checkout openacs-4/packages/cronjob

For most OpenACS packages, CVS aliases are defined. In order to checkout e.g. the forums package from OpenACS 5.5, just use:

cvs checkout -r oacs-5-9 forums

Depending, from which directory you are performing the checkout, you might have to move the checked-out package directory to the main "packages" directory of your installation.

More info here:

Looking for README instructions or installers? View the OpenACS Installation instructions: en:openacs-system-install, otherwise continue by setting up the OpenACS distribution:

Set up the file system for one or more OpenACS sites

For Linux Standard Base compliance and ease of backup, all of the files in each OpenACS site are stored in a subdirectory of /var/lib/aolserver, one subdirectory (SERVERROOT) per site (see: en:openacs-reference-platform). The first time you install an OpenACS site on a server, you must create the parent directory and set its permissions:

While logged in as root:

mkdir -p /var/lib/aolserver
chgrp web /var/lib/aolserver
chmod 770 /var/lib/aolserver

Move the uncompressed code to SERVERROOT and rename the directory to $OPENACS_SERVICE_NAME:

mv openacs-4 /var/lib/aolserver/$OPENACS_SERVICE_NAME

Ecommerce G2

Created by OpenACS community and package contributors, last modified by Benjamin Brink 15 Feb 2017, at 10:55 AM


ecommerce-g2 is an initiative to adapt OpenACS's heritage of en:ecommerce and related packages to meet newer ecommerce related objectives and values.

ecommerce-g2 packages use a blend of current OpenACS coding, ecommerce and security standards, and are built to offer low overall cost for code maintenance. 

Project is currently led by Benjamin Brink in the open and cooperative spirit of the OpenACS community.

Stable versions are available at:

All are welcome to participate.

page information

  • Last modified: 2017-02-15 10:55:33.681706+01

Cross Site Request Forgery (CSRF)

Created by Gustaf Neumann, last modified by Gustaf Neumann 05 Feb 2017, at 12:44 PM

Starting with OpenACS 5.9.1, OpenACS offers support for protecting against Cross Site Request Forgery (CSRF). In essence, this attack can cause a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The user gets a page presented, which looks harmless, but contains links or images that perform actions with the users credentials without the users consent. Note that the CSP does not protect a user against clicks on a malicious link.

CSRF protection works by ensuring that values for an action (e.g. by from a HTML form) are only accepted from a user that has received the form before. OpenACS generates by its security-procs a secure CSRF token value and provides it to a developer it in a global variable ::__csp_nonce. When requests secured with the CSRF token are received, it can be validated on the server side. Note, that this mechanism is similar to "signing" values in OpenACS.

CSRF protection concerns of two parts: add the CSRF token to the form (POST requests) or to the href, and checking the received in the queries expecting input from CSRF protected resources. The first part works technically quite similar as securing CSP via nonces. Add code to the Tcl or ADP page that outputs the global variable (the test for the token is mostly for backwards compatibility)

    <form ...>
        <if @::__csrf_token@ defined>
           <input type="hidden" name="__csrf_token" value="@::__csrf_token;literal@">

Secondly, the page contract on the receiving side has to validate the csrf token. This can be achieved by adding a call to csrf::validate to the validation part of a page contract.

ad_page_contract {
    @author ...
    @creation-date ...
} -query {
} -validate {
   csrf { csrf::validate }

In the code base of OpenACS, CSRF protection was added on several places (e.g. public pages, the list template, etc.) such the checks of OpenACS sites on vulnerability scanners improve. Technically, it would be desirable to secure more places against CSRF attacks in the future. However, it depends on the requirements of a site whether or not e.g. the API browser or search should be CSRF protected. Withe protection turned on, one cannot share e.g. a link to a search with some other user (or a search engine). A site admin has to decide, how protected/public such links should be.

Content Security Policy (CSP)

Created by Gustaf Neumann, last modified by Gustaf Neumann 05 Feb 2017, at 12:42 PM

Starting with version 5.9.1, OpenACS supports Content Security Policies (CSP), which is a means to secure websites against a range of Cross Side Scripting (XSS) attacks. In short, a CSP allows a developer to deactivate unneeded features in the browser of the client to provide there a sandbox with the minimum required capabilities. It can allow e.g. just to retrieve .js files just form certain sites, or it can disallow script tags within the page, which might be injected by an attacker (for a more detailed introduction and tutorial, see CSP Reference , Google Developer Guide for CSP ).

In general, a CSP defines the rules what should be allowed in a page. This could be done static for the whole page, but this means that the CSP rules must allow everything which is needed on a page with the highest requirements (e.g. a page with a richtext editor needs probably a script-src 'unsafe-eval' directive). This could render CSP pretty useless.

Therefore, OpenACS supports a CSP generator, which generates a CSP rule-set for every page dynamically based on the requirements of the page. A web developer can specify the requirements of a page/proc with the command security::csp::require . For example, the current OpenACS theme uses in its plain-master the following directives.

security::csp::require img-src

security::csp::require style-src
security::csp::require script-src

security::csp::require font-src 'self'
security::csp::require font-src

Based on the directives of the pages and the directives of the master templates, the security policy of the pages is built (typically in the blank-master). For example, the content security policy of the start page of OpenACS is

default-src 'self';
font-src 'self' data:;
img-src 'self';
report-uri /SYSTEM/csp-collector.tcl;
script-src 'self' 'nonce-49DBB4A924EA648C3025F7DD8C2553DC0EC700D1';
style-src 'self' 'unsafe-inline';

With this CSP, gets an A+ rating from .

Per default, the content security policies are turned on. All packages of the oacs-5-9 branch can be used with the enabled content security policies. However, when a website contains legacy code using JavaScript, for which no content security policies are defined, this will result into non-functioning pages. Therefore, a website administrator can set the package parameter CSPEnabledP (in the package parameters of ACS Kernel in "security" section) to "0" to deactivate the CSP.

For Developers

In order to make old packages (not included in the oacs-5-9 branch) or newly developed packages CSP compliant, one should be aware that all inline code is considered harmful. This includes <script> elements, but also "javascript:" URIs or on* event handlers.

<script> Elements

The CSP guidelines recommend to replace the such elements in favor of JavaScript files obtained from the same source as the page itself. However, this is not always practical, especially, when JavaScript is generated dynamically. In such cases, two approaches are possible to make the script tag acceptable (without allowing all scripts on the page). CSP 2 offers the ability to add nonces or cryptographic hashes to secure this elements. OpenACS supports the first approach.

A nonce value is essentially a one-time value which can't be predicted by an attacker. OpenACS generates by its security-procs such as value and saves it in a global variable ::__csp_nonce. This can be used in the Tcl code or in an ADP page like in the following example:

<script language="JavaScript" 
   <if @::__csp_nonce@ not nil> nonce="@::__csp_nonce;literal@"</if>

Event handlers and "javascript:" URI

Most work are probably changes concerning event handlers (e.g. onclick, onblur, ...) and "javascript:" URIs (having "javascript" in the protocol part of the URI). In general, such code pieces must be refactored (see e.g. 1  or 2  for examples).

OpenACS 5.9.2 offers to ease this process the function template::add_event_listener , which can be used to register event handlers in a compliant fashion either per HTML ID or per CSS class (see cal-item-new.tcl  or in forums/lib/message/row2.tcl  for examples, how add_event_listener can be used).




OpenACS Object Types

Created by Lee Denison, last modified by Gustaf Neumann 16 Jan 2017, at 08:27 AM

OpenACS object types are the basic building block of the OpenACS psuedo object oriented datamodel.  They are largely analogous to Classes in OO languages such as C++ and Java.

 An object type typically has a set of static metadata and a set of object data for the actual instances.

Static Metadata

Mainly found in the acs_object_types table and the acs_attributes table. 

Instance Data

The instance data of a type is typically spread over several tables, each of which represents a level in the inheritance hierarchy.  acs-object is the most fundamental supertype from which all types inherit.

Dynamic Object Type

Created by Lee Denison, last modified by Gustaf Neumann 16 Jan 2017, at 08:24 AM

Package specification Summary for package dynamic-types

Summary: Dynamic Object Type management API
Description: Allows creation, manipulation and ui generation of dynamically generated object types.
Maturity: New Submission or Maturity Unknown
This package depends on: acs-kernel acs-content-repository acs-translations
Packages that depend on dynamic-types: project-manager

Bug Tracker Summary for package dynamic-types

There is no package with the name "dynamic-types" known to bug-tracker.

Code Metrics Summary for package dynamic-types

# Tcl Procs 60
# Tcl Lines 2371
# Automated Tests 0
# Stored Procedures PG: 0 ORA: 0
# SQL Lines PG: 0 ORA: 0
# ADP pages 9
# ADP lines 59
# Include pages (dynamic-types/lib/) 1
# Documentation pages 0
# Documentation lines 0
Source Not installed


cvs head version of project-manager requires dynamic-types

What does dynamic-types do?
Dynamic types allows you to create new OpenACS Object Types and add attributes to them through a Tcl API.

When should I use dynamic-types?
Dynamic types supports several use cases:

  • [Container Applications] - meta-applications which define the necessary data model and code to perform a useful function but the extended data is decided by the administrator.
  • Extending existing packages with dynamic data. As an example project manager has dynamic types support which allow third packages to add attributes to projects and tasks which can be edited using the standard interface for project manager.

Creating a Dynamic Type (Declaration)
There are three main ways to create dynamic types:

  • As a user, through an application user interface.
  • As a system administrator, through install.xml actions.
  • As a programmer, through the Tcl API.


a 2005 implementation example

Running Applications built on dynamic-types

The project manager package (latest version in HEAD) relies on dynamic types to allow custom applications and other packages (like invoices, logger) to extend the basic attributes of a project and a task. This is in use by three clients of cognovís.

Solution Grove has been exploring helping clients build dynamic data models with dynamic types.

Two examples we have are about bulk data collection, aggregation, and analysis. In both cases, data is uploaded to the system, where a web user interface is providing for viewing and aggregating the data.

In the first case, there is an administrative user interface to define a new type, and arbitrarily many types can be created. Each new type of data collection gets a different table/dynamic type in the database. Here we are mainly using the dynamic type system to programatically build new tables for collection. We also use the dynamic type definitions to build the user interface to explore the data after it has been uploaded. Storing all the data in a specific table, instead of generic storage, makes the reporting and dynamic analysis of the data much easier to code for. Doing sum, average, etc calculations on the data is greatly simplified. In this case we are collection many different types of data, and doing unique analysis on each type, so the ability to create the types, and build a user interface to it, on the fly is very helpful. The data collection is done through transfer of XML files with an external application. Using the dynamic-type attribute info we are able to map the XML structure to the various dynamic data collection types.

For another client, we are using dynamic types to give the site administrators more flexibility in developing their application. The client wants to allow users to upload specialized data files, but then to organize these files in ways that make sense to the client and their users. So, we developed 4 dynamic-type objects (institution, ward, glucose_file and glucose). An institution can have multiple wards, which can have multiple glucose_files which can have multiple glucoses. The attributes of each object is set by the site-administrator, and the plan is to adjust them over time as the site's needs change. Because everything is done with the Web UI, the administrator can make changes as they need to. The add-edit pages respond automatically to any changes in the attributes - there's no need to recode them when you add an attribute to an object.

A third application we have developed is a generic resource database, where a form can be generated to collect information such as a list of businesses, or other resources. The dynamic UI here can be integrated with categories to build a dynamic form for data entry. We also built a dynamic UI to view lists and individual entries.


Xarg Examples 

Xarg have developed two 'products' which are installed for multiple clients. In each case we used dynamic types to handle sections of data which are expected to be different for each client installation. Dynamic types allowed the system to handle the different data sets without needing to modify the code for each client.

dotCommunity: In our dotCommunity product users are able to create community websites by filling in an application form.  The system supports multiple community 'types'.  Dynamic types allows each clients to collect and display different data for each community type on a per installation basis.

dotConsult: This is our e-consultation product which uses dynamic types to store a flexible set of demographics information for the users taking part in the consultation.

Future Directions

The current APIs of dynamic-types are under revision, a much more consistent, and less abstract API is under development. It does not appear an upgrade from the older API will be easy to write.  In the long run support for "lists" as AMS has them would be a nice feature in addition to the option to store the additional types and attributes in a meta database (as AMS does) or in the primary tables (as dynamic types does currently). Dynfield (an application from Project Open) supposedly does exactly that, but for reasons unknown to me (MS) it has never made it into proper OpenACS and therefore any of it's packages.


Difference to AMS


The AMS package allows you to extend any object_type with additional attributes. These attributes are stored in a meta table, allowing you to quickly change the makeup of you objects without the need to change anything in the database. Additionally, through the support of "lists" for object_types, you can compose the entry forms for objects in multiple different ways, thereby allowing many different views on the same object_type.

WCAG 1.0 Checkpoints

Created by Emmanuelle Raffenne, last modified by Gustaf Neumann 12 Jan 2017, at 08:30 AM

Status at 21 october 2008 (OpenACS 5.4.3 and .LRN 2.4.1)

A summary for US Section 508 is available at LINK_TO_WIKIPAGE 

See Checklist of Checkpoints for Web Content Accessibility Guidelines 1.0 for details

How to read this document

Accessibility Compliance Level

  • Level A means that all the priority 1 checkpoints are in state "Y" or "n/a".
  • Level AA means that level A has been reached + all the priority 2 checkpoints are in state "Y" or "n/a"
  • Level AAA means that level AA has been reached + all the priority 3 checkpoints are in state "Y" or "n/a"

Checkpoint Status

  • Y: 100% of the pages comply with the checkpoint or the exceptions are clearly identified and listed in the accessibility statement.
  • N: NOT 100% of the pages comply with the checkpoint, exceptions are NOT identified.
  • n/a: the situation described in the checkpoint is not applicable in ANY of the pages

OpenACS-specific Techniques for Checkpoints

Each checkpoint is identified with a number which links to the OpenACS-specific techniques to apply it.


Note: the  links are dead right now, but will point to OpenACS-specific techniques to implement them.

Priority 1 checkpoints

In General (Priority 1) Yes No N/A
1.1 Provide a text equivalent for every non-text element (e.g., via "alt", "longdesc", or in element content). This includes: images, graphical representations of text (including symbols), image map regions, animations (e.g., animated GIFs), applets and programmatic objects, ascii art, frames, scripts, images used as list bullets, spacers, graphical buttons, sounds (played with or without user interaction), stand-alone audio files, audio tracks of video, and video.  Y    
2.1 Ensure that all information conveyed with color is also available without color, for example from context or markup.  Y    
4.1 Clearly identify changes in the natural language of a document's text and any text equivalents (e.g., captions).  Y    
6.1 Organize documents so they may be read without style sheets. For example, when an HTML document is rendered without associated style sheets, it must still be possible to read the document.  Y    
6.2 Ensure that equivalents for dynamic content are updated when the dynamic content changes.      n/a
7.1 Until user agents allow users to control flickering, avoid causing the screen to flicker.  Y    
14.1 Use the clearest and simplest language appropriate for a site's content.  


e.g.: portlet

And if you use images and image maps (Priority 1) Yes No N/A
1.2 Provide redundant text links for each active region of a server-side image map.      n/a
9.1 Provide client-side image maps instead of server-side image maps except where the regions cannot be defined with an available geometric shape.      n/a
And if you use tables (Priority 1) Yes No N/A
5.1 For data tables, identify row and column headers. Y     
5.2 For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells.  Y    
And if you use frames (Priority 1) Yes No N/A
12.1 Title each frame to facilitate frame identification and navigation.  Y    
And if you use applets and scripts (Priority 1) Yes No N/A
6.3 Ensure that pages are usable when scripts, applets, or other programmatic objects are turned off or not supported. If this is not possible, provide equivalent information on an alternative accessible page.  



And if you use multimedia (Priority 1) Yes No N/A
1.3 Until user agents can automatically read aloud the text equivalent of a visual track, provide an auditory description of the important information of the visual track of a multimedia presentation.      n/a
1.4 For any time-based multimedia presentation (e.g., a movie or animation), synchronize equivalent alternatives (e.g., captions or auditory descriptions of the visual track) with the presentation.      n/a
And if all else fails (Priority 1) Yes No N/A
11.4 If, after best efforts, you cannot create an accessible page, provide a link to an alternative page that uses W3C technologies, is accessible, has equivalent information (or functionality), and is updated as often as the inaccessible (original) page.  




Priority 2 checkpoints

In General (Priority 2) Yes No N/A
2.2 Ensure that foreground and background color combinations provide sufficient contrast when viewed by someone having color deficits or when viewed on a black and white screen. [Priority 2 for images, Priority 3 for text].  Y    
3.1 When an appropriate markup language exists, use markup rather than images to convey information.  Y    
3.2 Create documents that validate to published formal grammars.  Y    
3.3 Use style sheets to control layout and presentation.  Y    
3.4 Use relative rather than absolute units in markup language attribute values and style sheet property values.  



3.5 Use header elements to convey document structure and use them according to specification.  Y    
3.6 Mark up lists and list items properly.  Y    
3.7 Mark up quotations. Do not use quotation markup for formatting effects such as indentation.  Y    
6.5 Ensure that dynamic content is accessible or provide an alternative presentation or page.      n/a
7.2 Until user agents allow users to control blinking, avoid causing content to blink (i.e., change presentation at a regular rate, such as turning on and off).  Y    
7.4 Until user agents provide the ability to stop the refresh, do not create periodically auto-refreshing pages.  Y    
7.5 Until user agents provide the ability to stop auto-redirect, do not use markup to redirect pages automatically. Instead, configure the server to perform redirects.  Y    
10.1 Until user agents allow users to turn off spawned windows, do not cause pop-ups or other windows to appear and do not change the current window without informing the user.  Y    
11.1 Use W3C technologies when they are available and appropriate for a task and use the latest versions when supported.  Y    
11.2 Avoid deprecated features of W3C technologies.  Y    
12.3 Divide large blocks of information into more manageable groups where natural and appropriate.      n/a
13.1 Clearly identify the target of each link.  Y    
13.2 Provide metadata to add semantic information to pages and sites.  Y    
13.3 Provide information about the general layout of a site (e.g., a site map or table of contents). Y    
13.4 Use navigation mechanisms in a consistent manner.  Y    
And if you use tables (Priority 2) Yes No N/A
5.3 Do not use tables for layout unless the table makes sense when linearized. Otherwise, if the table does not make sense, provide an alternative equivalent (which may be a linearized version).  Y    
5.4 If a table is used for layout, do not use any structural markup for the purpose of visual formatting.  Y    
And if you use frames (Priority 2) Yes No N/A
12.2 Describe the purpose of frames and how frames relate to each other if it is not obvious by frame titles alone.  Y    
And if you use forms (Priority 2) Yes No N/A
10.2 Until user agents support explicit associations between labels and form controls, for all form controls with implicitly associated labels, ensure that the label is properly positioned.   Y    
12.4 Associate labels explicitly with their controls.  Y    
And if you use applets and scripts (Priority 2) Yes No N/A
6.4 For scripts and applets, ensure that event handlers are input device-independent.   Y    
7.3 Until user agents allow users to freeze moving content, avoid movement in pages.      n/a
8.1 Make programmatic elements such as scripts and applets directly accessible or compatible with assistive technologies [Priority 1 if functionality is important and not presented elsewhere, otherwise Priority 2.]   Y    
9.2 Ensure that any element that has its own interface can be operated in a device-independent manner.      n/a
9.3 For scripts, specify logical event handlers rather than device-dependent event handlers.   Y    

Priority 3 checkpoints

In General (Priority 3) Yes No N/A
4.2 Specify the expansion of each abbreviation or acronym in a document where it first occurs.    N  
4.3 Identify the primary natural language of a document.  Y    
9.4 Create a logical tab order through links, form controls, and objects.    N   
9.5 Provide keyboard shortcuts to important links (including those in client-side image maps), form controls, and groups of form controls.    N   
10.5 Until user agents (including assistive technologies) render adjacent links distinctly, include non-link, printable characters (surrounded by spaces) between adjacent links.  Y    
11.3 Provide information so that users may receive documents according to their preferences (e.g., language, content type, etc.)  Y    
13.5 Provide navigation bars to highlight and give access to the navigation mechanism.  Y    
13.6 Group related links, identify the group (for user agents), and, until user agents do so, provide a way to bypass the group.    N    
13.7 If search functions are provided, enable different types of searches for different skill levels and preferences.    N   
13.8 Place distinguishing information at the beginning of headings, paragraphs, lists, etc.      n/a
13.9 Provide information about document collections (i.e., documents comprising multiple pages.).  Y    
13.10 Provide a means to skip over multi-line ASCII art.      n/a
14.2 Supplement text with graphic or auditory presentations where they will facilitate comprehension of the page.      n/a
14.3 Create a style of presentation that is consistent across pages.    N  
And if you use images and image maps (Priority 3) Yes No N/A
1.5 Until user agents render text equivalents for client-side image map links, provide redundant text links for each active region of a client-side image map.      n/a
And if you use tables (Priority 3) Yes No N/A
5.5 Provide summaries for tables.    N   
5.6 Provide abbreviations for header labels.    N   
10.3 Until user agents (including assistive technologies) render side-by-side text correctly, provide a linear text alternative (on the current page or some other) for all tables that lay out text in parallel, word-wrapped columns.    N   
And if you use forms (Priority 3) Yes No N/A
10.4 Until user agents handle empty controls correctly, include default, place-holding characters in edit boxes and text areas.    N   


Created by Gustaf Neumann, last modified by Gustaf Neumann 04 Jan 2017, at 10:22 AM

Package specification Summary for package mailing-lists

Description: This package is unknown (not installed at this site)
Maturity: 0
This package depends on: None
Packages that depend on mailing-lists: None

Bug Tracker Summary for package mailing-lists

There is no package with the name "mailing-lists" known to bug-tracker.

Code Metrics Summary for package mailing-lists

# Tcl Procs 0
# Tcl Lines 0
# Automated Tests 0
# Stored Procedures PG: 0 ORA: 0
# SQL Lines PG: 0 ORA: 0
# ADP pages 0
# ADP lines 0
# Include pages (mailing-lists/lib/) 0
# Documentation pages 0
# Documentation lines 0
Source Not installed


Next Page
Previous Month March 2017
Sun Mon Tue Wed Thu Fri Sat
26 27 28 1 2 3 4
5 6 7 8 (1) 9 10 11
12 13 14 15 16 17 18
19 (1) 20 21 22 23 24 25
26 27 28 29 30 31 1

Popular tags

17 , 5.9.0 , 5.9.1 , ad_form , ADP , ajax , aolserver , asynchronous , bgdelivery , bootstrap , bugtracker , CentOS , COMET , CSP , CSRF , cvs , debian , emacs , fedora , FreeBSD , hstore , includelets , install , installation , installers , install-ns , javascript , libthread , linux , monitoring
No registered users in community xowiki
in last 30 minutes