modxcms
Editor grids permissions refactor, enhancements, and fixes
Related PR
See also #15919. This is a re-packaging of that PR; this new PR seeks to cover all editor grids across the application and separates out some work (for a future PR) that had been begun around internationalizing core names and descriptions within some of the grids.
Related Issues
#14929, #16507
@opengeek Yes, very close - been hammering away at it. It should be ready for review by early next week.
Codecov Report
:x: Patch coverage is 12.85266% with 556 lines in your changes missing coverage. Please review.
:white_check_mark: Project coverage is 21.49%. Comparing base (b1a02c3) to head (c7a0d69).
:warning: Report is 50 commits behind head on 3.x.
Additional details and impacted files
@@ Coverage Diff @@
## 3.x #16653 +/- ##
============================================
- Coverage 21.53% 21.49% -0.04%
- Complexity 10734 10775 +41
============================================
Files 565 566 +1
Lines 32540 32915 +375
============================================
+ Hits 7007 7075 +68
- Misses 25533 25840 +307
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@opengeek @theboxer @Mark-H - Alright, I believe this is finally ready. Hope folks can carve out some time to go through it all ;-) !
@smg6511 this is a big one—kudos on getting it to this stage! Since it's fresh on your mind and touches so many areas, it will take a while to fully review I suspect (was just discussing this with @jaygilmore and @opengeek).
Any suggestions or checklists of all the various nooks and crannies that should be tested to get this one merged?
Any suggestions or checklists of all the various nooks and crannies that should be tested to get this one merged?
Ok, here's generally how I'd suggest going through this:
Initial Runthrough
I overhauled the base grids classes (in modx.grid.js) to remove duplication of existing methods that could be shared and provide access to the new methods introduced from a new central base class; the original Grid, LocalGrid, and JsonGrid extend from this new base. As such, every grid across the app should be interacted with to ensure all works as expected.
Grids with New "Creator" Column and Protected Records
These are the grids where MODX provides built-in records to start with and/or where an Extra installs a record (which usually should only be removed by un-installing the Extra [such as in Namespaces]):
- Namespaces
- Roles
- Contexts
- Media Sources
- Dashboards
- Content Types
- ACL Policies
- ACL Policy Templates
A few notable details:
- Although System Settings type grids would qualify for the same treatment as the above grids, implementation of it is really not feasible at this juncture due to the current data design. The identification of any given record's creator is largely derived or based on some hard-coded value (in the db or in php), as opposed to there being explicit flags in the db (columns where this type of info is persisted).
- For the most part, I've set most built-in items to be fully protected (i.e., in addition to being non-removable, certain fields are also set immutable [
nameand sometimesdescription, or in Content Types themime type]). What will be carried through separately (in a follow-up PR) is to implement translation on these immutables fields. - Following from the above point, matching field behavior has been implemented for a protected record's editing page (i.e., any field that was immutable on the grid is also immutable in the editing page [e.g., see Media Sources and Contexts]). Additionally, a new note is shown at the top of the panel alerting users re the item being protected and that some built-in fields may not be changed.
All Editor Grids
- Buttons and button menu items are either hidden or set to disabled when permissions for their action is not granted.
- Bulk Actions button menu items should, additionally, only be active when selections have been made (this is regardless of permissions on their respective actions).
- Some grids depend on the permissions of related objects when rendering certain items. A prime example is the Template Variables grid in a Template's editing panel: it renders a link on each TV name leading to that TV's editing page (but now, only if permission to edit & save TVs is granted). The various Access Permissions grids also cross link in this way. Pay attention to these direct-linked items as you review each area.
- Pencil icon should only show for editable fields (based on permissions)
- Gear menu should only show when there is at least one action on a row that the user has permission to take; otherwise it is hidden
General Strategy
As I was working through this PR, I kept one browser open with an Admin user with full permissions and another with an alternate user with permissions I'd vary to check my work. I basically systematically went through each nav menu item and completed updates to all relevant grids for one area at a time. I'd suggest the same for reviewing. Remember there are some grids that are a couple hops away, and can be easy to miss:
- TVs: There are multiple grids within this editing page to review (primarily the links to related objects [Contexts, Templates, User Groups] is what you'll want to pay attention to)
- Trash Manager
- User Group > Access Permissions (5 grids with various cross-linked objects)
@smg6511 — I am trying to get a collaborative review session together for this PR so we can get it integrated sooner than later. If possible, could you resolve the current small conflict in modx.grid.js?
@opengeek - I fixed the conflict but, dagonit, unintentionally ended up merging instead of force pushing because I was trying to fix a minor format error at the same time as resolving the conflict ... grrr. Hopefully this'll be ok.
@opengeek - I fixed the conflict but, dagonit, unintentionally ended up merging not force pushing because I was trying to fix a minor format error at the same time as resolving the conflict ... grrr. Hopefully this'll be ok.
Unfortunately, that merge commit is problematic as it now shows completely unrelated changes in the diff.
How to back out of that is the question then :-/ Maybe I can revert the merge?
I think you should be able to go back to 8c6a110 and then rebase the the work on the latest 3.x. I'm not sure exactly the situation, but maybe you could git reset --hard HEAD~2 as it is two commits back?
@opengeek Ok, I think I got it squared away (I hope). Don't know why the compile assets step is choking.
This pull request has been mentioned on MODX Community. There might be relevant details there:
https://community.modx.com/t/help-wanted-testing-a-pr-for-upcoming-revo-release/8528/1
i did some testing as proposed in #15919. i tested with individual permissions the the Roles grid (ACLs/Roles ) the Contexts grid and the Media Sources grid and also some cross checkings from TVs and corresponding grids. Permissions have been correctly taken into account for what I have seen.
i did some testing as proposed in #15919. i tested with individual permissions the the Roles grid (ACLs/Roles ) the Contexts grid and the Media Sources grid and also some cross checkings from TVs and corresponding grids. Permissions have been correctly taken into account for what I have seen.
Thanks for taking a look at this @raffy99. It's a fairly comprehensive PR and it's really challenging to test to avoid major issues across installs.
