openwisp-controller icon indicating copy to clipboard operation
openwisp-controller copied to clipboard
verified publisher icon openwisp

[fix:ux] Read only view for JSON/dict fields in admin is not user friendly

Open pandafy opened this issue 1 year ago • 5 comments

The JSONSchema editor is not shown when the user only has view permission. This also hides the configuration of the device. Moreover, the configuration variables are shown as string representation of Python object:

Screenshot from 2024-04-02 00-47-09

This is not good for UX. We shall show the value of these fields as indented JSON in the UI when the user has read-only permission.

This issue affect both template and device admin pages.

This issue was first found in https://github.com/openwisp/openwisp-controller/pull/840#pullrequestreview-1923292713

PS added by @nemesifier, applies for:

  • device admin
  • template admi
  • vpn server admin
  • group variables and metadata
  • credentials, parameters:
    • if the user has view permissions because is member of the org, this should work as the other objects listed above
    • if a non superuser is viewing shared credentials, I think we should completely hide the parameters field both in admin and REST API

pandafy avatar Apr 01 '24 19:04 pandafy

Would be good to address this as well as https://github.com/openwisp/openwisp-controller/issues/560 to improve read-only capabilities.

nemesifier avatar Nov 13 '24 17:11 nemesifier

Could you please provide detailed steps to reproduce this issue?

Utkarsh09102004 avatar Mar 14 '25 14:03 Utkarsh09102004

Addition: this shall be done for Device, Template and Vpn objects, we shall fix this for both config and context.

@Utkarsh09102004 the issue is visible when accessing the admin with an user who has only read permissions.

nemesifier avatar May 27 '25 21:05 nemesifier

Django handles rendering of read-only fields differently. Instead of using the widget for the field, it handles the rendering based on field type.

In https://github.com/openwisp/django-loci/pull/158/, we relied on the undocumented workaround of setting the read_only attribute on the form widget to True which tricks Django to use the widget for rendering the field.

This workaround has been removed in https://github.com/django/django/pull/19063 which is merged in Django main. So, relying on this method would not work in Django 6.X unless a change is made in Django.

Another option is to extend the django.contrib.admin.helpers.AdminReadonlyField and then monkey patch django.contrib.admin.helpers.Fieldline to use the extended field.

There was a ticket opened in Django 6 years ago for adding this functionality. The ticket was closed and the discussion was moved to the Django forum, but it hasn't gained any traction.

pandafy avatar Jul 14 '25 10:07 pandafy

I have created a bare bones PoC using the same logic as https://github.com/openwisp/django-loci/pull/158 in https://github.com/openwisp/openwisp-controller/commit/f70d515e78d023cc4c226d76d1fe65224e9b6282

pandafy avatar Jul 14 '25 10:07 pandafy