core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon dotCMS

Front-end Error Handling: user interface to provide clear feedback when permissions errors occur.

Open sfreudenthaler opened this issue 8 months ago • 0 comments

Parent Issue

https://github.com/dotCMS/private-issues/issues/31

Problem Statement

https://github.com/dotCMS/private-issues/issues/31#issuecomment-2174437753

We need some work here:

Users

We are currently unable to see user information from the Users portlet, but I can navigate within the portlet. I'm not sure if this is expected. When you click on an admin user to get the info, we receive a permissions error at the log level, but this is not indicated to the end-user on the front end. Instead, it just shows a loading image that never ends. image

Roles and tools

As a limited user with access to the config tool group, I am able to change the access for the CMS Administrator role, which doesn’t make sense as I should not be able to limit access for admins.

Maintenance Tools

As a limited user, I have access to the portlet and can click on the regular buttons. In the end, we get a message about permissions. I'm not sure if this is the best way to handle it, or if we should disable the buttons to avoid unnecessary clicks before showing the error. The same issue occurs with logs.

Additionally, we need to validate whether limited users should be able to perform licensing operations or if we should restrict that.

Steps to Reproduce

should be contained in https://github.com/dotCMS/private-issues/issues/31

Acceptance Criteria

https://github.com/dotCMS/private-issues/issues/31#issuecomment-2176581397

Action Plan

  1. Front-end Error Handling: Enhance the user interface to provide clear feedback when permissions errors occur.
  2. Permission Hierarchy Review: Audit and adjust role permissions to ensure limited users cannot alter higher-level roles or access restricted tools.
  3. Disable Restricted Actions: Disable or hide actions for which users do not have permissions and provide clear indications of these restrictions.
  4. User Access Validation: Regularly review and validate user access levels, particularly for sensitive operations like licensing.

Implementation Steps

  1. Develop and Test Front-End Messaging: Ensure clear, user-friendly error messages are displayed when permissions issues occur.
  2. Audit and Adjust Roles: Review the current permissions settings and adjust as necessary to prevent unauthorized access or changes.
  3. Update Maintenance Tools UI: Modify the interface to disable or hide buttons that limited users should not access.
  4. Restrict Licensing Operations: Implement stricter access controls for licensing-related actions.

dotCMS Version

patch merged with: https://github.com/dotCMS/core/pull/27912

Proposed Objective

User Experience

Proposed Priority

Priority 2 - Important

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

The issue was part of the discussion related to https://github.com/dotCMS/private-issues/issues/31 & #27912

The issue referenced as the parent is a duplicate of #27909. We were starting to codify the Vulnerability Management process at that time so duplicates got created.

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response

sfreudenthaler avatar Jun 26 '24 18:06 sfreudenthaler