Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm curious how others have offered customizable forms to their website's users (who are primarily non-technical). It is possible that there is a library out there that achieves this, but I have not seen one.
Some of the concerns are:
Options for each form element
What kind of options to provide to the user, keeping in mind that all of these need to be persisted.
Layout Customization
Is it enough to just have a top to bottom sequential layout. Is it really necessary to offer different layouts? (For instance, a two column layout)
Database storage
Any efficient/relatively quick methods for storing the data entered in the form in a database. The issue here being that you don't know how many columns will be needed. And also, is it okay to store everything as a VARCHAR (losing some of the 'queryability' of dates/integer).
Validation
Should validation be built in (dependant on field type), or customizable?
There are a lot of possibilities, and I'm looking to see what others have used/offered and what they found to be effective. And any potential gotchas or whether it is not really worth it to offer this.
This is one of the holy grails of vertical market application software architecture. Many have tried, most have failed. See what Sharepoint does in this regard. You can't see the architecture, but you can see the user interface.
Beyond a fairly trite level of complexity you will need to add technically literate people into the process. For example, an insurance platform called ZygoWare was released under the premise that it could be customised directly by the business. In practice this tends not to work very well on something like an insurance policy administration system and the product has a reputation for being difficult to implement.
For something like salesforce.com or an online store builder the product is simpler, so it will be easier to achieve direct end-user customisation.
At one point I was involved in specifying an insurance underwriting product. Supporting customisation in such a product has several key aspects:
Database schema - allowing the system to be configured with custom attributes. In commercial insurance a contract record can have 200 fields and may also have several complex structures sitting below it.
User interface. The system will need to record these, so a means to custom fields on a form is necessary. You may also need to set up other screens and database tables.
Business rules. You may want to use a business rules engine to support configurable business logic. This gets quite complex in its own right and the analyst designing the rule sets needs to be deeply familiar with both the business domain and the system architecture.
Workflows. Workflows are de rigeur in volume business and making inroads into large commercial business as well. In subscription markets your workflows involve third parties that may or may not actually have the facilities to participate in the workflow.
Products. A platform may need to support multiple insurance products (e.g. commericial property, life/health, marine cargo, motor, offshore energy). In order to avoid having to deploy a different policy administration system for each department in your company (A typical Lloyds syndicate employs 50-200 people) your platform must support different product lines in some way, possibly involving custom screens, workflows and business rules for the different products.
This lives at the complex end of software customisation. In practice, software like this requires analyst and development skills to sucessfully implement a business solution. The domain and product are sufficiently complex that they are not feasible to implement without specialist skills.
On that basis, my approach to customising a system has a few key pillars:
Recognise who will actually be customising the system
Build it to suit them. In the case above the right level is a team of analysts and developers working for the vendor, in-house (contractors and permanent staff) or a third party consultancy. The appropriate level of abstraction is a scripting language that allows extension (on a per-product basis), a form building tool (such as QT designer or Visual Studio), a database schema management tool and possibly a rule engine such as Ilog. In the case of an on-line store builder a power user could reasonably figure out how to do it themselves.
Address what needs to be customised
In the case of an insurance platform you will have customisation at a level that you are rolling out a substantially bespoke system. The system architecture for this should allow extensions to be plugged in without having to regression test the whole system. In the case of an online store you are substantially customising the layout of the displays and configuring account information with payment providers.
Don't delude yourself about the complexity of the problem.
Don't try to dumb down a system beyond its natural level. History is littered with people who thought they could make a platform that end users could use to build and maintain a complex business application. The only commercially successful example of such a product is a spreadsheet. If you want to see how well this works in practice, try spending some time working in the back office of a large finance company.
Most regulatory authorities such as the FSA take a dim view of 'end-user computing' and the regulatory environments of such industries drive many FTEs worth of time-consuming CYA and manual controls over such processes. It is quite common to find the same computation done redundantly in multiple areas within the back office of such an organisation and the results reconciled against each other to provide a manual control so somebody can feel safe signing off the figures.
I would not try to build a system like that from scratch. Creating a generic form building application that would be able to edit data of any shape, as well as edit the layout, is indeed a holy grail.
Entire companies have been built around this; take a look at, for example: www.wufoo.com, or Microsoft Office InfoPath.
Simpler efforts include Google Spreadsheet (with its form editing / data entry piece), but it's a bit too simplistic for most scenarios.
Have you considered using MS Dynamics CRM? Similar in a lot of ways to Salesforce. It's very easily customisable from a user's perspective, so much so that we have to lock some users out from customising the UI.
From a dev's perspective it has the following building blocks:
DB layer persistence (to SQL Server).
UI customisability
Form-level and field-level security profiles
Reporting (via SQL Server Reporting Services).
Customisable business processes, workflows and dialogs.
Extensible custom code injection points (through registering custom plugins)
We use it a lot to build solutions in the public-sector, health industry we're in. It's really quite good.
The bad about it, it requires a good network/infrastructure team...
Related
We are currently bringing an online business software to other EU markets, where not only language but also rules and regulations differ from country to country which made me wonder, what is the best way to implement such in a software?
The UI localization isn't really a problem - done that more times then I could care to count, but for example while invoicing countries tend to require different data (well not totally different, but different enough to make you think about it architecture wise) meaning different inputs, different validations and somewhat different handling of that data.
Which way can be considered better?
The standard way of localizing UI and adding the needed conditional statements for showing extra and hiding non-essential elements with similar conditionals in the Controller classes
Creating a copy of the app for the given country with slightly altered controllers and views (which will make the constant updates a nightmare, but the code much cleaner)
Trying to somehow create a Factory/Builder pattern around this?
While the last one sounds most reasonable to me, it frustrates me even more, as I have no clue on where to start yet. Any good pointers on that?
Language of the choice is PHP with Laravel
Definitely do not make different copies.
Have a look at your current database architecture and see how you can expand it to fulfill your requirements. Then rewrite or update the business-logic code layer of your application.
Then you will only need to make minor adjustments in the front-end.
This post is some kinda old, But the title is general and could be found by some others via search, so I wrote my answer in the following:
I think it's totally based on your architecture. In recent years, peoples are following different principles to break-down the whole application into meaningful microservices with specific tasks and boundaries. This mindset would help you to analyze the whole business process and the places that you may need to do some customization for each customer or country.
for example, for product catalog or inventory management, the processes between each country may not differ. but in the payment or order management, invoicing you need to do small modifications which would be quite easier while you are following a microservice pattern. Furthermore, you can have your own plugin loader structure which lets you modify, override and extend each instance by having a filter/hook feature in your application as you might have seen in WordPress and other opensource platforms.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am interested in performing advanced access control for users to access resources within software systems. I work in healthcare IT and a younger me has frequently underestimated the complexity of role-based access control in healthcare. But this question should apply to anyone with complex ACL requirements.
For quite some time php gacl has been my go-to library for the purposes of handling the very complex ACL control issues inside Health IT systems. But I am now working more with javascript in general and node specifically. I have searched npm for libraries to do Access Control in a generalizable way.
I would like to have support for defining actions rather than merely users and resources (3-tier instead of 2) and I would like to have user, action and resource groups, and by implication I would like to have ACL inheritance.
The classic examples from the Star Wars themed manual to that library are rules like:
All members of the crew have (visit, configure, and use) access to
the guns, engines, cockpit and lounge, expect for chewie.
All droids have (visit and use) access to the cockpit, but only R2D2 has
configure access to the engines.
Han has all types of access to all
types of resources.
The basic concepts here include the notion that you can make rules that apply to either groups of users(i.e. crew, passengers or droids) or individuals (Han, and Chewie), that you can have different types of access (visit, configure, use) or groups of access (maintence access = configure + repair + use) to different resources (engine and cockpit) which could also be grouped, (battle-stations = cockpit + guns).
This allows for the configuration of extraordinarily complex access control rules, with relatively simple group-based administration.
So far, I have seen nothing like this outside of php-gacl. I have taken a look at the wonderful javascript based ACL projects and all of them advertise simplicity and ease of use rather than comprehensiveness. This is also true of other typical php ACL libraries (i.e. Zend ACL)
Is someone working on an "advanced ACL" project for node? Is there perhaps a much better approach that I should be looking for somewhere?
php-gacl comes with three parts, one is a php-based admin GUI (that is admittedly over-complex), and an API for CRUD on the rules (that could be easily converted to a REST interface I think) and a very small file that provides ACL checking functionality.
Technically, only the last type would need to be fully ported over to node in order for that software model to work?
On a deeper level, I want to understand what approaches have been used successfully to handle this problem. How is this problem typically solved? Bonus points for those who effectively discuss this problem in terms of node/javascript and perhaps even a particular database approach (relational vs non-relational). I understand that there are lots of theoretical underpinnings for doing this right/wrong (i.e. lots of opinion over RBAC, vs ACL). What I want is something theoretically solid, or almost-solid that still "just works" from a library standpoint. I am focused on Javascript, but it would be nice to understand how other languages are practically solving this problem.
If you can avoid using any kind of ACL, you are usually better off. They are complex to administer. You would be better off modeling three levels of security checks:
URL/IP Address/or other accesspoint security check
Method upon resources check. Whatever entities you want to modify or manipulate you put permission checks on that. I.E. Business rules type of access.
Entity Resource check. If a user/API/OAuth token has access AT ALL to an entity
This can be accomplished using an RBAC. The roles for your organization/site each are assigned a set of access/modification/manipulation permissions. Users are assigned a role(s), but the three levels of checks check the PERMISSIONS, not the role.
I would look at Spring Security and RBAC as a google search, and model on that. Here are a few links that I have found useful:
http://www.xaprb.com/blog/2006/08/16/how-to-build-role-based-access-control-in-sql/
http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/
(because all the 'primitive' examples and crazily named checks in Spring Security, you will be advised to read articles that offer the use of alternative names and uses for the Spring permission 'hasRole()' checks. The following article discusses this in the design of an RBAC)
http://springinpractice.com/2010/10/27/quick-tip-spring-security-role-based-authorization-and-permissions/
(A good presentation on flexible uses of Spring Security, including RBAC)
http://www.infoq.com/presentations/Spring-Security-3
(The following gives a GOOD description of the RBAC problem and solutions, and is designed for PHP)
http://www.tonymarston.net/php-mysql/role-based-access-control.html
A PHP framework with a RBAC implementation:
http://trac.symfony-project.org/wiki/UserRbac
And finally, the class diagram for Spring Security. You will notice that it allows putting security information in a PARALLEL table to the entities being protected. This is by design, so that Spring Security can be added later, or taken out, or replaced easily. But it also means more tables.
http://code.google.com/p/uclm-esi-alarcos/source/browse/trunk/documentation/memoria-pfc/Figuras/Cap5/spring-security-class-diagram.png?r=295
Can reputation scoring system be implemented using business rule management system (BRMS), such as OpenL Tablets, in PHP? From reputation scoring system I mean the reputation systems as in StackOverflow.
I recently come across Business Rules Management Systems (BRMS). OpenL Tablets looks promising, though at the onset it seems to be created with the use in insurance sector in mind.
I looked at SO and found this Best Open Source Business Rule Management System but it does not answer the question.
Another post Is using Rule Engine to implement chain of rules [complex business logic] overkill? but still couldn't figure out.
There are bunch of different product suggestions here but still doesn't answer if it will be worth the effort PHP Business Rule Engine
I will highly appreciate your answer.
Note: This is a yes/no question, and not an open ended question. Please give it a chance.
Regarding OpenL Tablets
1) It is a general-purpose business rules management system, though you are right in the sense, that many customers happen to be in the insurance sector :)
2) It is a pure java application, so you will have to call it from your PHP module, there could be a performance overhead because of JVM startup cost. There is an option of deploying OpenL Tablets as a web service and calling the service, this approach will have better performance
3) Yes, you can implement scoring system using OpenL tablets. You can use decision tables, lookup tables and calculation spreadsheets to develop a fast calculation engine, i do recommend to give it a try and post your feedback.
Overflow reputation system looks like a simple table-driven calculation. The algorithm should just run all stored events for a particular user through these tables and accumulate the score.
I am building a website with individual user customization in mind. So for instance, client #1 may say i want this feature to be designed for my account and then user #2 may say i want this added to my account. I was thinking of implementing a php if code where upon authentication those features will be loaded each time they login. But i have hundreds of thousands of customizations that i will be doing, to add each php code for each client will be terrible, is there a way i can do it more easily and with less stress?
Added from comments to particular answer:
"Basically i am running the technical side of a business intelligence company. We offer various reports and information along with a dozen analytic tools. So one user might say i want all that you offer plus a custom feature where a particular area of the business is being analyzed and then upload to their account. As you can imagine there can be hundreds of such requests for a lot of accounts."
Your best bet is to either design yourself a framework, or find an existing one that supports this level of customization. Either way, it's not a small job, and launching code for each user leaves you prone to security issues and bugs arising from out-of-date methods as time goes on.
Ask yourself what kind of customizations you're doing, and if they can be abstracted away from the code level by (for example) a templating system.
Designs can fit in certain generic requirements. So until and unless you have some generic requirements, you can not do the design. For example, if requirement is for different look and feel for each client, you might go for dynamic theming. Similarly, for positional changes for different users, you can think of user profiling. For language, also you can keep the user language as part of the profile. Study different approaches for user profile management and then take a step ahead.
As others have said, its impossible to give a specific answer without knowing a lot more about what you mean by "Customization". The only sensible answer is the one you've already provided - i.e. to implement as much as possible of the variable behaviour in data.
This in itself may not be a trivial exercise - on one application I worked on, I designed a heuristic artificial intelligence engine (in PHP) which was hugely successful - but this was a fairly complex exercise in software engineering, and one I'd be hesitant to recommend to anyone who needs to ask the question.
Assuming that pushing all the application logic into data is not practical, then there are some other approaches you might consider, e.g. splitting the customizations into seperate php files (or templates if its just a display thing):
<?php
session_start();
/* do authentication checks...*/
$app=$_SESSION['user_profile'] . '/' . dirname($_SERVER['SCRIPT_NAME'] . '/inc.php');
if (! include_once($app)) {
include_once('default/'.dirname($_SERVER['SCRIPT_NAME'].'/inc.php');
}
...
Although it would be posible to store php code in a database and eval it at runtime - I'd not recommend this as it opens the door to code injection attacks. OTOH, it may prove easier to implement the customizations in a different language and call that from PHP e.g. prolog.
C.
I have been tasked by a client to rebuild an E-Commerce platform. The goal is an online shop on which vehicles are sold. The specialty is that it's supposed to be multi-supplier capable, i.e. external suppliers will have their own login back-end where they can manage their listings, add new ones, view their sales, etc.
The shop shows all the suppliers' products in one big catalogue that should ideally support some options like sorting and filtering, but they are not a requirement. Orders are transmitted to each relevant supplier, and the administrator, by E-Mail.
The ordering process is very simple - it's essentially just taking the ordered item out of the catalogue, and informing the supplier (and the administrator) that the item has been ordered. No online check-out / payments are required, although they are nice to have as an option.
All the on-line shopping systems I know are targeted at one single administrator.
Are there shop systems out there that can handle what I need?
Requirements:
Top priority: Quality code. Preferably PHP 5 and object oriented. I don't care about the exact feature set of the product as long as the existing code is nice and neat to work with.
Access control: Suppliers can log in and add and manage own products; have no access to the rest of the system. Administrators can manage listings and configure the shop. Administrators create supplier accounts
Must be multi-language or localized to German
The sales process is very simple: An E-Mail to the supplier and to the administrator, containing the buyer's data, is enough.
No need for on-line payment/checkout, although it is a welcome extension
Open Source is preferred, but a commercial solution is not out of the question if the product is really, really good and well documented
As long as the basic product is fine and supports the basic catalogue and user management necessary for this, all further features are negotiable (i.e. I'll add them myself if necessary.)
If no payment methods and checkout is involved, it is surely better to write from scratch. With any of the existing systems, you will just have the overhead of code that is not actually used. Also, not so many systems support searching and filtering by parameters and this seems to be a core feature for such a large project.
Magento ! You have to use it, its the best thing since sliced bread.
I've created a multi agent e-commerce system that had reps login and add sales, credit notes and so on. The system had a standard catalogue setup. It could even be customised so that supplier A could have their own shop, supplier B have their own. They could both skin them and so on.
We have different languages. It has a massive developer community so anything we didn't have I just bought and integrated (My time is expensive, this gave the customers real return). There is an open source version, which is what I used, there is also a pay version. I really cannot recommend it enough.
I'm currently working on a similar project.
I'm trying things out with magento to begin with. There's an add-on module for advanced permissions aitoc_magentomods_advanced_permissions which might help you.
The first problem you're going to have in getting a multi-supplier type system is that it will never meet your needs.
If you really wish to have the right system then you should create your own from a decent framework.
if you still wish to use a pre designed system that meets the needs you specified i would go with Magento
Magento is one of the most advanced E-Commerce system I have ever worked with.
The code itself is not so much easy to work with at the start but you get used to it after a few days/weeks.
In regards to the "Access control", im not 100% weather this is supported but the Magento system is very abstract and im 80% positive that this can be done.
"Must be multi-language or localized to German", Every language you need.
"The sales process is very simple: An E-Mail to the supplier and to the administrator, containing the buyer's data, is enough."
instead of me going on about the features i advise you to check it out.
http://www.magentocommerce.com/
But I still would prefer to develop my own framework and build from that.
Regards.
If you're going to build from scratch, do it in Seaside. You're likely to find available solutions don't meet enough of your needs. The quality of code is going to be much better in Seaside. Real reuse, no templates.
Talk to Norbert Hartl