Anonymous users

[pond]

Here's something I didn't consider in the TracRecord spec... in one project, we have an anonymous team of engineers in India doing work for us and their hours get reported to me as a lump. In a given week, this could concievably be more than the maximum possible number of hours for a single person.

I don't want to have to go through the hassle of creating lots of dummy OpenID accounts and TracRecord users just so that I can record these hours in the system (without doing so, generating reports means doing one in TracRecord and remembering to add all the India hours manually).

What I need to be able to do is record their hours in the system easily.
Maybe a special Project Manager feature that says I can input more hours than 24 in a given day (not my favourite idea) or a special flag for a Task in a project to say "ignore semantic checking of number of hours per day for this task"? I could then set that flag for any Genisys tasks in the project and add their hours myself.

The only problem with that is it distorts my own statistics of the hours
I've worked, unless I take the trouble of ignoring all of those magic tasks from any reports I generate for myself. Maybe the report generator can be made to optionally ignore them?

It's all a bit cludgy - so I'm throwing this open for ideas/suggestions.

And unfortunately, I don't think it's practical to get organisations like the one in India to tell their engineers to use our timesheet system (create their own users, enter their own hours, etc). That would be too easy (for us).

[pond]

Response from Andrew:

> Would it be possible to make that type of user not need the OpenID stuff?
> I'd quickly get pretty fed up of creating bogus email accounts, so I can
> register an OpenID, so I can create a TrackRecord multiuser, so I can enter
> some hours...

The problem is that the identity URL is the only way you get recognised
at login. There's no other way to tell the system who you are.

> Or would doing that mean that user would be completely unsecure and open to
> having random edits made to their timesheets?

I suppose I could add in a second-tier access system that didn't need Open ID, but had a more conventional user name / password approach. This is tedious because it's extra work setting up all the stuff that Open ID lets me omit (forgotten password reset, all that kind of garbage), but my present insistence on Open ID, despite its security advantages in the context of Track Record, doesn't seem to be winning me any friends!

Note: If you have your own domain you can set up as many identity URLs as you like, which all just redirect to whichever behind-the-scenes on you really use. So you could have several apparent personalities all handled by the same actual Open ID provider and account. In LigHTTPd's configuration file I do:

# OpenID application subdomain

else $HTTP["host"] == "openid.pond.org.uk" {
   server.document-root = "/home/adh/www_openid"
}
else $HTTP["host"] == "openid2.pond.org.uk" {
   server.document-root = "/home/adh/www_openid"
}
else $HTTP["host"] == "openid3.pond.org.uk" {
   server.document-root = "/home/adh/www_openid"
}
else $HTTP["host"] == "openid4.pond.org.uk" {
   server.document-root = "/home/adh/www_openid"
}

...which directs each one to the same page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
                      "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
   <head>
     <title>openid.pond.org.uk</title>

     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
     <link rel="Shortcut icon" type="image/x-icon" href="favicon.ico">

     <link rel="openid.server" href="http://www.myopenid.com/server">
     <link rel="openid.delegate" href="http://adh1003.myopenid.com/">
   </head>

   <body>
     <h1>Placeholder</h1>

     <p>
     This page acts as a proxy for my OpenID details.
   </body>
</html>

The "link rel" stuff for OpenID is the important part. The idea here is that if MyOpenID goes bust, I can change provider but still log in as "openid.pond.org.uk". Conversely, I can log in as openid2.pond.org.uk" and appear to be a different person. I used this for test accounts when testing the role / permissions system.

Currently IIRC TrackRecord also insists on a unique e-mail address but that's not internally required and could be relaxed. If you are able to set up an open ID proxy, then you could use this for your guest accounts. An identity URL of "othercompanyname.yourdomain.co.uk" is a bit verbose but it ought to work with the right Apache configuration (may be wise to use some kind of prefix on the subdomain though, e.g. "openid_othercompanyname", in case you ever wanted "othercompanyname.yourdomain.co.uk" to be used as a real web site).

[pond]

I note having moved this request to GitHub that the suggestion about combining open IDs doesn't solve the issue of then needing to book more than 24 hours in a day; your "this user is allowed to enter more hours in a day" option may be the lowest impact approach for all its ugliness.