Having stepped away from trying to get Documentum running on linux, I’ve been working on bringing the permissions through into our custom Lotus Notes/Documentum client. At the moment when a user imports a document to a given folder it does no permission checking before the fact, just errors nastily when it can’t write the document. A short stop by Prasad’s blog gave me a query to start from.

SELECT i_all_users_names as users FROM dm_group
WHERE group_name IN (SELECT r_accessor_name FROM dm_acl
WHERE object_name IN (SELECT acl_name FROM dm_sysobject
                       WHERE r_object_id = '0c0xxxxx80009e16'))
ORDER BY i_all_users_names

This is superb, but it doesn’t actually go far enough. If I was to attach it to my application and tell it not to let me import anything into the folder if my name wasn’t on the list I wouldn’t be able to copy anything into my home cabinet. It enumerates the members of any group within the ACL but doesn’t deal with named users & also the owner.

This will give me a chance to show off what you can do with my ActiveDocumentum project. ActiveDocumentum is a working name for a JRuby gem written to provide functionality similar to what can be found in ActiveRecord, with the addition of repeating attributes and other DQL specific items. While the final code for the below function may end up being in Java or .Net. Doing it using ruby allowed me to very quickly scope out the logic of what would need to be done to get the permission that a user had on an object (NB: If there is a way to do this simply with DQL I’m not aware of it):

require 'config/environment'

def get_effective_permission(r_object_id, user = nil)
  return 0 if user.nil?
  folder = DmFolder.find(:first, :columns => "owner_name, owner_permit, acl_name", :conditions => {:r_object_id => r_object_id})
  current_level = 0
  if folder.owner_name.eql? user
    current_level = folder.owner_permit
  end
    acls = DmAcl.find(:all, :columns => "r_accessor_name, r_accessor_permit, r_is_group", :conditions => "object_name = '#{folder.acl_name}' ENABLE(ROW_BASED)")
    acls.each do |acl|
      if acl.r_accessor_name.eql? user
        current_level = acl.r_accessor_permit if acl.r_accessor_permit > current_level
      elsif acl.r_is_group.to_s.eql?('1') and not acl.r_accessor_permit.nil?
        group = DmGroup.find(:first, :columns => 'r_object_id, i_all_users_names', :conditions => {:group_name => acl.r_accessor_name})
        current_level = acl.r_accessor_permit if acl.r_accessor_permit > current_level and group.i_all_users_names.include?(user)
      end
    end
  end
  return current_level
end

r_object_id = '0c0xxxxx80009e16'

user = 'John Doe'

puts get_effective_permission(r_object_id, user)

As you can see the above function takes a user and returns the highest permission that they have, by checking if they’re either directly listed on the ACL or in one of the groups on the ACL. The bottom line is that with ActiveDocumentum I can write less lines of code for one off scripts that I have to create, and include complicated logic that is lacking in straight DQL scripts. I will be posting more details on this in the near future.

Oracle Base has a fantastic article on how to get Oracle 11g Release 1 working on Red Hat Enterprise Linux. The fact that CentOS is a stripped version of RHEL is a good reason to be using it, because if there is one Linux that’s likely to be used in enterprise situations then it would be RHEL. All up I’m less than happy with Oracle and Documentum’s Linux installers. I know that they’re ports of what are essentially Windows products, but the fact is that if you’ve going to bother writing something in Java(Documentum) then you should at least make sure that it really is portable,  otherwise why not just use C/C++ and be done with it.

The main Oracle install I struggle to understand, since the Oracle XE install was so painless, zero to database in no time. It clearly doesn’t fit well into the Linux way of doing things though:

• It doesn’t install services/scripts  to /etc/init.d (or equiv).
• It doesn’t setup users for you, i.e. install as root, run as oracle (yet it requires root privileges to do two tasks).
• Requires SELINUX to be disabled.

Delving into changing memory limits and such is another matter, I think it may be better to leave those to the user,  just because they can fundamentally change/break the system. Ah, to go back to PostgreSQL, which I once thought difficult compared to MySQL.

If you’d said the word Zillow before lunch today I would have looked at you strangely. At lunch my iGoogle home page revealed a travesty taking place. A user of Hacker News was asking for advice regarding Zillow offering $250 for the his domain (and threatening to cut off API access).  It would seem from reading the thread, that Zillow (a real estate site),  had decided that Auston Brunson (and his domain iZillow.net) had out lived their usefulness.

iZillow has an iPhone app up on the app store that suddenly became a competitor to Zillow’s own newly released iPhone app. To make things worse there is clearly trademark issues, not to mention that Auston’s app relies on a public API supplied by Zillow. The advice from Hacker News users ranges from “time to play hardball” to “lets start a negative PR campaign on twitter (#zillowfail)”.

Why shouldn’t Zillow shutdown someone that is infringing on their trademark? After all, what right does iZillow.net have to use the name? If it was a clear cut case of trademark infringement, then I wouldn’t be posting this, I’ve had these kind of discussions with Etsy about my former site EtsyTools (the death of which had nothing to do with trademarks). Without going into to much detail, Etsy was outstandingly reasonable in the protection of their trademark, since it’s a case of protect their trademark or risk losing it (so fair enough).

It seems like from Zillow’s perspective at least it is a clear cut issue. A comment from Drew Meyers (representing Zillow) has suggested that this is indeed what the communication is about.

Drew Meyers on April 30, 2009 11:34 pm

I’ve been in contact with Mr Bunson about the issue being discussed on Hacker News. I don’t think it’s appropriate to discuss our conversation in public, however, I will say that what is described here is not a complete representation of the conversation. Mr Bunson is welcome to continue to use the API as long as he doesn’t infringe upon our trademark and use our brand name “Zillow” on his website.

I would agree with this except its taken them a whole year to get around to ‘protecting’  their trademark, and it comes suspiciously around when their releasing their own iPhone app. There is nothing stopping Zillow from using trademark and API access to effectively shutdown their competitor, that doesn’t make it right. Whether he’s right or wrong in his actions, Auston has built up a user base, and invested a large amount of effort into the site.

I can’t help but wonder if going to Hacker News will help or hinder. Certainly the wrath of an incensed mob is nothing to be ignored, but by bringing it out Auston Brunson may have aggravated Zillow. I certainly hope that Zillow will reconsider it’s initial position.

Update:

David and Drew (from Zillow) have been very agressive in maintaining that this is just a trademark issue. They also maintain (this has been confirmed by Auston) that the $250 figure was Auston’s number. According to Auston they offered “a couple of hundred bucks”.

It’s not, and it never will be just a trademark issue, not to Auston anyway. He’s been running iZillow.net since May last year (and all the sweat and blood that comes with that). Has built up a user base & links from the rest of the internet (NYTimes, blogs, etc). Claiming it’s just a trademark issue, will give little comfort to anyone else using Zillows API. The timing is just too close to the release of their own product.

Regardless of who put the figure on the table, I would like to see Zillow rise above and put a large figure on the table. They need to think about the impact that they’re having on an individual.