modxcms
Fix Role Authority Editability
What does it do?
Add new listener routine to restrict editing based on whether a Role is assigned to an ACL entry. Also:
- Adds new UI feedback, both a lock icon (instead of pencil) on hover of authority as well as an alert dialog when double-clicking on locked authority
- Ensures authority cannot be deleted in grid editor
- Remove pencil icon for cells of non-editable Roles
Why is it needed?
The ability to edit an assigned Role's authority leads to orphaned ACL rules that not longer show up in the manager, yet remain in the database. See the referenced issue below.
How to test
- Rebuild template (grunt build) and clear manager and browser caches
- Create a few Roles under the Access Control Lists section
- Assign at least one Role to any ACL entry of your choice
- Verify that the assigned Roles' authority is locked in the Roles grid
- Verify that unassigned Roles remain fully editable in the Roles grid (authority is unlocked)
Note
The initial commit contains all substantive changes, while the follow up is just code-style/optimization oriented.
Related issue(s)/PR(s)
Resolves #16565
As mentioned out of context in #16469, I think we need to consider just letting authority be presented/editable directly as an integer authority value when editing ACLs. Or don't allow ACLs to be edited at all, only allowing them to be created (setting the authority from a role) and deleted.
Actually, if we make modUserGroupRole.authority a unique index, we can rely on the link between a role and an authority. If no one has objections, I'll make this change, add the appropriate upgrade scripts, and add an upgrade test to ensure there are not multiple modUserGroupRole objects with the same authority before the upgrade to 3.1 can be executed. Then this PR can stand as is.