rattail/moin-archive-oldest
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Page: RattailBONE
Pages
Home RattailBONE RattailBONEInstallation RattailCore
1 RattailBONE
Lance Edgar edited this page 2025-10-06 16:57:39 -05:00
Table of Contents

Rattail BONE

Rattail's Back Office Network Environment (BONE) is a web application built on top of the Rattail framework and meant to provide full access to the organizational data. Read on for more about what it is and does.

There is also a live demo of BONE.

Access to Data

BONE's first objective is to provide ways to view and edit the underlying data held in a Rattail database. This includes ''everything'', from products and customers to system users and roles/permissions, etc.

Eventually reporting will become a big part of what BONE does, but none of that code has been written yet. For now it's just concerned with CRUD.

Web Environment

BONE is a Pylons-based web application, meant to be deployed to a server and accessed by any number of clients with a web browser. The web environment seemed a natural fit for the administrative pieces, since an organization could deploy once and then potentially use the software from anywhere in the world.

Pylons was chosen for its flexibility and because it is well-tested in conjunction with SQLAlchemy (on which Rattail depends).

It is more or less assumed that BONE will be installed and run on an "in-house" server, i.e. not on a typical third-party "web host." This is because the various technologies involved are not necessarily offered by some web hosts, but running on certain web hosts is probably still possible.

Security

The Rattail framework defines users and roles, and the permissions they may have. BONE provides a way to edit these things, and also consults this data when determining what is available within its own user interface. (Note that since security data is held in Rattail, most of the following statements apply to it more than BONE.)

There is a special "(Anybody)" role which can get permissions if you want to allow e.g. viewing product data by anonymous users. More typically though you would define roles for your users, e.g. "Manager" and "Cashier", and then define permissions on these roles.

User password hashing is provided by default, but since login data may need to come from another system besides Rattail, user authentication can be overridden if needed. The default authenticator uses the bcrypt library which in turn uses the Blowfish encryption algorithm.

There are still other security concerns which bear mentioning. Because of where BONE fits into the big technology picture, there are some things which it (gladly) cannot do, and these are left to the system administrator:

  1. SSL certificates should allow web browser traffic to/from the server to be encrypted.
  2. SSH tunneling should allow database connections between BONE servers (etc.) to be encrypted.

Extensibility

While Rattail provides an extensible data layer, BONE provides an extensible web application layer. Many things are possible when extending BONE, especially when creating BONE plugins which work in conjunction with custom extensions to Rattail. As with Rattail extensions, the purpose of BONE plugins and themes is to allow software to be written "in the proper context" ... so industry-specific plugins can exist, as can organization-specific plugins and themes.

Plugins

BONE plugins allow one to create entirely new Pylons controllers or subclass/override controllers provided by the BONE core. Basically this means that everything that BONE "does" (e.g. allowing a user to edit a product) can be supplemented or denied altogether, etc.

Some plugins are built specifically to provide administrative functionality for a certain Rattail extension. For example the "purchasing" BONE plugin provides a "vendors" controller which operates on the "Vendor" data class which is provided by the "purchasing" Rattail extension. (Both the extension and the plugin actually provide more then vendor stuff, but you get the point.)

The BONE demo is made possible via a special "demo" plugin. This plugin is responsible only for:

  1. The content of the home page.
  2. Preventing edits to the "Administrator" role.
  3. Preventing edits to the "admin" user.

Here is the list of plugins which have been started (some are more developed than others):

  • demo - Demonstration-specific customizations mentioned above.
  • purchasing - Exposes purchasing data (as mentioned above).
  • orders - Exposes customer order data.
  • timeclock Provides an employee time clock application.

Themes

And of course, themes allow an organization to add their own look and feel to BONE. Themes can override just about as many things as plugins can, but are different in that they should be concerned with visual-layer things like organizational branding, as opposed to operational-level things like customer data.