Skip to content

[Spike] Publishing Queue: consolidated audit — current state, backend API, target UI mapping #36039

Description

@hmoreras

Goal

Consolidated audit of the current Publishing Queue portlet that produces every input the FE implementation will need: feature parity matrix across the three Dojo tabs, backend API contract, target UI mapping to the new Angular design, and a backend hardening backlog.

Deliverables

Post the artifacts below as a comment on this issue, then back-link a one-line summary on epic #34734.

1. Feature parity matrix

Single table covering every feature currently shipped across all three Dojo tabs, with classification (Keep / Drop / Defer) and a short note explaining why. Group rows by the target Angular surface in the new design, so the FE task can be sized accurately:

  • Queue tab — READY TO SEND column (currently Bundles tab): list unsent bundles, edit name/filter, delete bundle, delete asset from bundle, download .tgz, generate / regenerate, remote publish, per-row kebab actions
  • Queue tab — IN PROGRESS column (currently Pending tab): list queued bundles, list assets per bundle, delete asset from queue, delete bundle from queue, status / retry chips, pagination
  • History tab (currently Status / History tab): debounced search, pagination, bundle detail modal, retry bundles, bulk delete options (selected / all / success only / fail only), Sent / Failed chips
  • Cross-tab top bar: single global search ("bundles, content, or environments"), Refresh, Upload Bundle
  • Modals (new design): Asset list (Name / Type / State), Bundle details (metadata + endpoints-by-environment table), Configure & send (Push / Remove / Push+Remove + Send now / Schedule + env + filter), Upload bundle, Confirm-remove
  • Legacy Dojo bits to drop: dijit.layout.TabContainer, dotcms.dojo.push.PushHandler, dojox.form.Uploader, the inline ng-event custom DOM bridge used to hand off "Generate / Download" to Angular

2. Backend API audit

Table covering every endpoint the portlet touches, with the columns below. Source code references included so reviewers can confirm.

| HTTP | Path | Class#method | Purpose | Auth gates | License | OpenAPI | Request | Response | Known gaps |

Coverage at minimum:

  • GET /v1/publishing — list bundles with filter / status (com.dotcms.rest.api.v1.publishing.PublishingResource)
  • GET /v1/publishing/{bundleId} — bundle detail
  • POST /v1/publishing/retry — retry bundles
  • POST /v1/publishing/push/{bundleId} — push to environments
  • DELETE /v1/publishing/{bundleId} — delete bundle
  • DELETE /v1/publishing/purge — bulk purge by status (async, WebSocket completion notification)
  • POST /v1/bundles/assets, DELETE /v1/bundles/{bundleId}/assets — bundle asset management (com.dotcms.rest.api.v1.publishing.BundleManagementResource)
  • GET /bundle/{bundleId}/assets — list assets in bundle (legacy)
  • GET /bundle/getunsendbundles/{params:.*} — list unsent (legacy, regex path)
  • GET /bundle/updatebundle/{params:.*} — update name/filter (legacy)
  • GET /bundle/_download/{bundleId}.tar.gz streaming download (legacy)
  • POST /bundle/_generate — generate bundle (legacy)
  • POST /bundle/sync, POST /bundle — bundle upload sync / async (legacy, requireLicense(true))
  • DELETE /v1/publishqueue — delete queue elements
  • GET /environment, POST /environment, PUT /environment/{id}, DELETE /environment/{id} — environments
  • GET /v1/environments/endpoints, …
  • GET /v1/pushpublish/filters, …

3. Target UI mapping — design walkthrough

For each screen in the new design (link below), produce a short annotated description that lists: route + component name + which store action drives it + which endpoint(s) it calls + edge cases (empty state, error, in-flight). Cover at minimum:

  • Queue tab populated (READY TO SEND + IN PROGRESS two-column)
  • Queue tab with empty READY TO SEND
  • History tab populated
  • Asset list modal
  • Bundle details modal (metadata + endpoints-by-environment)
  • Configure & send modal
  • Per-row kebab on READY TO SEND
  • Top bar (search + Refresh + Upload Bundle + site selector)

4. Security findings

If the API audit surfaces a license, role, or inter-server-auth gating gap, file a separate [Task] security issue immediately and link it here. Specific resources to validate: AuditPublishingResource (no OpenAPI, custom auth header), BundlePublisherResource (Community license check), legacy BundleResource listing helpers (mixed auth patterns).

5. Backend hardening backlog

For each gap below, file a separate [Task] issue and link it here:

  • OpenAPI hardening for legacy resources missing @Operation: BundleResource, AuditPublishingResource, PublishQueueResource
  • Consolidation of legacy BundleResource endpoints into the v1 publishing surface: getunsendbundles, updatebundle, _download, _generate, sync, {bundleId}/assets
  • Sorting parameter for GET /v1/publishing (currently fixed order)
  • Webhook / callback alternative for async purge + upload operations (currently WebSocket-only)

Inputs

  • JSPs: dotCMS/src/main/webapp/html/portlet/ext/contentlet/publishing/view_publish_tool.jsp (shell), view_publish_audit_list.jsp, view_publish_queue_list.jsp, view_unpushed_bundles.jsp, view_publish_audit_detail.jsp, edit_publish_bundle.jsp
  • Portlet registration: dotCMS/src/main/webapp/WEB-INF/portlet.xml (entry publishing-queue, lines ~212-225)
  • PortletID enum: dotCMS/src/main/java/com/dotmarketing/util/PortletID.java (entry PUBLISHING_QUEUE)
  • i18n keys: dotCMS/src/main/webapp/WEB-INF/messages/Language.properties (com.dotcms.repackage.javax.portlet.title.publishing-queue, publisher_Queue, publisher_Audit, publisher_Unpushed_Bundles)
  • New design: https://claude.ai/design/p/52e62c08-322d-4a8e-9900-95e5668c4d74?file=Publishing+Queue+Redesign.html&via=share (internal — auth required)

Definition of Done

  • Feature parity matrix, API audit table, target UI mapping, and backend hardening backlog posted as a comment on this issue
  • Any discovered security gap filed as a separate issue and linked here
  • Each backend hardening item filed as a separate [Task] issue and linked here
  • Summary comment cross-posted on epic Dojo to Angular: Publishing Queue Portlet #34734

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions