-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(rbac): nested condition #1814
base: main
Are you sure you want to change the base?
Conversation
|
8b1fae8
to
44023e6
Compare
d56f48a
to
97d3aa4
Compare
97d3aa4
to
c8c0ca0
Compare
Thanks @ciiay for the PR. I am not sure if you have seen this https://docs.google.com/document/d/1UtQeeTwPvUndxEInjvEt9JgKIA5Pnrkl5ImFmGsAjR8/edit?disco=AAABPVRBMts but there are plans for adding conditions via a file and it can have any levels of nesting. From our end we should make sure if this happens the UI doesnt break as we are only supporting 1 level of nesting for now. For testing this you can create multi level nested conditions using the CLI and add necessary checks in UI so that it doesnt break in case a multi level nested condition is present. Added this here as a note and you can take this up while working on edit flow story. |
c8c0ca0
to
04a74f9
Compare
Hi @divyanshiGupta , thanks for the tips. I have tested with second level conditional permission policies with mocked data in dev env and it shows empty rule rows as shown in the below screenshot. As the nested conditions don't have a |
@ciiay looks good, thank you! Few comments:
![]()
![]()
![]()
We agreed to limit ourselves to just one level of nested conditions for now, despite the backend's capability to support multiple levels. In case users use the CLI to create multiple levels we will show them one below each other, so I think the nested condition fields should not be empty. Does this make sense? |
Hi @ShiranHi , thanks for the review. Here's updated screenshot. About the form validation, it has consistent behavior as Plugin drop list and Resource type input field, which is from the form component we implemented with. I don't see a very straight forward solution here. @divyanshiGupta Any thoughts?
Do you mean we don't allow them to edit the multiple level nested conditions which is more than 1 level, but we need to display the nested condition? It's empty because the nested condition in a nested condition doesn't have a The mocked condition I used is
|
a5ff37f
to
0d9183d
Compare
I believe we should display error messages only after users have left the field empty, rather than immediately. If this behavior appears in other areas, I recommend making the same adjustment.
So, in case there are multiple level nested conditions, I suggest showing only the first level as in the screenshot and show a message like this one. If we can provide a link explaining how to use the CLI for this, we can add it to the yellow notification. |
0d9183d
to
b13cae2
Compare
Hi @ShiranHi , thanks for the reply and quick design on multiple level nested conditions. I have uploaded the updated screen recording along with the screenshot of the multiple-level nested condition sidebar display.
Totally agree that validating on blur provides a more user-friendly experience. In that case, do you mind if we address this requirement in a separate effort? The library(
That was only a note on the screenshot to explain the situation, not in the code 😄 |
Thank you!
Sure, it would be great to change that everywhere.
Good to know haha, thanks for clarifying it! |
b13cae2
to
1f5ecfd
Compare
aef5d41
to
f72f1c4
Compare
plugins/rbac/src/components/ConditionalAccess/ConditionsFormRow.tsx
Outdated
Show resolved
Hide resolved
plugins/rbac/src/components/ConditionalAccess/ConditionsFormRow.tsx
Outdated
Show resolved
Hide resolved
plugins/rbac/src/components/ConditionalAccess/ConditionsFormRow.tsx
Outdated
Show resolved
Hide resolved
622090e
to
dd810f1
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Nested conditions are <b>1 layer rules within a main condition</b>. It | ||
lets you allow appropriate access by using detailed permissions based on | ||
various conditions. You can add multiple nested conditions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO nested condition definition can be improved. We should explain what a nested condition is and then add that the UI currently supports only 1 level of nesting i.e multiple criteria based conditions can only be added to the upper most criteria.
@AndrienkoAleksandr @PatAKnight any suggestions on the definition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO nested condition definition can be improved. We should explain what a nested condition is and then add that the UI currently supports only 1 level of nesting i.e multiple criteria based conditions can only be added to the upper most criteria.
@AndrienkoAleksandr @parvathyvr any suggestions on the definition?
I find this text fairly clear in explaining what a nested condition is and discussing your suggestion. It mentions the limitation of having only 1 layer and how it has been incorporated into the main condition. I'm unsure about what you feel is still unclear or missing. Could you please explain what is missing/unclear?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nested conditions are <b>1 layer rules within a main condition
@ShiranHi I find above line confusing as nested conditions can have multiple levels. It looks like we are stating that in general nested conditions can have only 1 level whereas its the limitation of the UI we are providing. But its just a suggestion, if you think it looks correct then I am fine with it :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc: @invincibleJai
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find above line confusing as nested conditions can have multiple levels. It looks like we are stating that in general nested conditions can have only 1 level whereas its the limitation of the UI we are providing.
Got it, I see your point. I think that if we allow for one level of nested conditions on the UI, this is the story we should communicate to users, unless it will be confusing. I've tried some other wording but it feels that this sentence is the best option for now. Unless you have a better suggestion, let's stick with this version, as it was suggested by our UX copywriter.
plugins/rbac/src/components/ConditionalAccess/ConditionsFormRow.tsx
Outdated
Show resolved
Hide resolved
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
Signed-off-by: Yi Cai <yicai@redhat.com>
81822c2
to
f350b46
Compare
For RHIDP-2553: Add support for creating nested conditions
Screen recording(updated on 7/1):
rhidp_2553_updated.mov
Screenshot for multiple level nested condition warning message:
![image](https://private-user-images.githubusercontent.com/26255262/344779473-9047cb58-e40a-4dab-9d1a-51893117c591.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA4ODY0NDgsIm5iZiI6MTcyMDg4NjE0OCwicGF0aCI6Ii8yNjI1NTI2Mi8zNDQ3Nzk0NzMtOTA0N2NiNTgtZTQwYS00ZGFiLTlkMWEtNTE4OTMxMTdjNTkxLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzEzVDE1NTU0OFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTNhODM1NzM0M2NkZjY1OTNkOGM1MTlhZjIzNjk5ZWIzNTUxYmM0MWI0OTE2MjAyMDkzNGNlMTdmZDlkZjIxZDgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.JT2MmhNxN6ZIniyGks_pE8_Wz4m3djXr98mejOcVjX0)