media-manager-improvement icon indicating copy to clipboard operation
media-manager-improvement copied to clipboard

Published 20 hours ago verified publisher icon joomla-projects

ACL state in client

Open dneukirchen opened this issue 7 years ago • 4 comments

Imo it would be a good idea to have some kind of ACL state in the client. The client should know, if the user is allowed to edit,view,move,download,delete,whatever-action an item. This adds versatility and the option to improve the UI. This does not mean that ACL is done on the client-side (it will be handled on server side), but i dont want the client to send a request to the server and always get a NotAuthorized response. I want to hide/disable the action buttons, when the user is not allowed to do the particular action.

We could return item permissions along with the server response for each item and/or we can return a user object with the users permissions on a special request.

Item permissions would look something like this:

{
    name: "some-file",
    ...
    permissions: {
        can_edit: true,
        can_view: true,
        can_delete: true,
        ....
   }
}

dneukirchen avatar May 18 '17 19:05 dneukirchen

Do we allowed to change permissions of files also?

kasvith avatar May 19 '17 04:05 kasvith

Not on the feature list atm

dneukirchen avatar May 19 '17 04:05 dneukirchen

I'd do some experimentation on this first (e.g. how does acl work on already uploaded items, how does it scale given my experience is that Joomla's ACL is one of the least well scaling parts of the system)

wilsonge avatar May 19 '17 10:05 wilsonge

Agree. A good UI/UX is not worth a bad performance. if we go with the per-item approach, we definitely need performance testing.

dneukirchen avatar May 19 '17 17:05 dneukirchen