ENH Tidy up permissions #141
Conversation
emteknetnz
force-pushed
the
pulls/4/permissions
branch
4 times, most recently
from
9d81374
to
3c11fad
Compare
| @@ -230,15 +231,15 @@ public function provideLinkFormPost(): array | |||
| // note: not duplicating code paths already tested with provideLinkFormGetSchema() | |||
| // e.g. Reject Invalid ID | |||
| return [ | |||
| // 'Valid update existing record' => [ | |||
There was a problem hiding this comment.
A lot of these items in the data provider were previously merged while commented out, I've uncommented them
There was a problem hiding this comment.
canCreate
With canCreate returning false, it still looks like I can add links:
The modal is set to readonly, but I shouldn't even be able to get to the modal.
canView for file and sitetree
It feels a bit weird that the "File Link:" and "SiteTree Link:" are just left blank - maybe we should have a "Cannot view file/page" or similar message there in red instead?
Also, do we have opinions about how the modal should treat those?
i.e:
- the treedropdown is still editable and shows the name of the page
- Should it be editable if the user doesn't have view access to the page currently stored there?
- Should the page title be visible in that field?
- The file upload field is still editable, but shows nothing (as though no file was saved)
- Should it be editable?
- Should it provide some feedback that there is a file saved there, but the current user just isn't allowed to see it?
emteknetnz
force-pushed
the
pulls/4/permissions
branch
2 times, most recently
from
e11043b
to
08a8862
Compare
|
emteknetnz
force-pushed
the
pulls/4/permissions
branch
2 times, most recently
from
163c11c
to
0559f50
Compare
There was a problem hiding this comment.
If I set Link::canCreate() to return false, I still get the option to open the modal. The changes I've requested in the code should fix this.
Re the 'editable' bits for treedropdown and file upload - This PR adds a 'Cannot create link' if it fails a canCreate() check - this means you can't open the modal
This isn't about whether I can create a link. The scenarios is this:
- I already have a link to a file or to a page
- I do not have
canView()permissions for the file/page that is being linked to - I click on the link to edit it (which I can do - I do have edit permissions for the link itself)
- The modal is fully editable. See ENH Tidy up permissions #141 (review) for how that modal behaves.
|
I haven't tested this in a gridfield record or in an elemental block yet - just testing on a page until everything is working correctly in that context, then I'll check other contexts. |
emteknetnz
force-pushed
the
pulls/4/permissions
branch
2 times, most recently
from
929f905
to
5856507
Compare
There was a problem hiding this comment.
Nearly there.
I've spun off my UX inconsistency concerns into a separate card: #147
src/Form/LinkField.php
Outdated
| public function getSchemaStateDefaults() | ||
| { | ||
| $data = parent::getSchemaStateDefaults(); | ||
| $data['canCreate'] = $this->getOwner()->canEdit() && Link::singleton()->canCreate(); |
There was a problem hiding this comment.
| $data['canCreate'] = $this->getOwner()->canEdit() && Link::singleton()->canCreate(); | |
| $data['canCreate'] = $this->getOwner()->canEdit(); |
You made a good point while we were discussing this in person - we have to respect the actual type of link being created - if we can create a PhoneLink but not Link then we need to respect that. You're doing that with the change to AllowedLinkClassesTrait so we should remove the canCreate() check from here.
You can also remove the canEdit (and this entire prop and its functionality) if you want - if owner's canEdit() method returns false then the field will be set to readonly (which is being handled separately in #11) so this prop won't matter in that scenario anyway.
We should probably also add some logic (assuming it's not there already) so that when there are no available link types for the field, it has a nice message instead of a weirdly empty link type menu - though I'd be okay with that being spun off separately.
There was a problem hiding this comment.
Please also change this in the other places that pass this prop.
There was a problem hiding this comment.
Updated
Have added AC to the readonly card to revisit the canEdit() logic, decide what to do with it then
Have created new card to handle the empty list scenario
…emove-menu ENH Remove LinkFieldController from cms menu
emteknetnz
force-pushed
the
pulls/4/permissions
branch
from
5856507
to
f9e765b
Compare
Issue #103
This PR does a few things: