ENH Add Readonly field status

[sabina-talipova]

Description

The developer can set readonly using the setReadonly method and in the CMS the user will not be able to edit or delete record data. The user will only be able to view these records.
Also, this state will be used if the user can only view the page, but not edit it.

Test steps

• Add the following code to your test DataObject or Page:

  private static array $has_one = [
       'HasOneLink' => Link::class,
   ];

   private static $has_many = [
       'HasManyLinksOne' => Link::class . '.Owner',
       'HasManyLinksTwo' => Link::class . '.Owner',
   ];

   private static array $owns = [
       'HasOneLink',
       'HasManyLinksOne',
       'HasManyLinksTwo',
   ];

   public function getCMSFields()
   {
       $fields = parent::getCMSFields();
       $fields->removeByName(['HasOneLinkID', 'HasManyLinksOne', 'HasManyLinksTwo']);

       $fields->addFieldsToTab(
           'Root.Main',
           [
               LinkField::create('HasOneLink')
               ->setReadonly(true),
               MultiLinkField::create('HasManyLinksOne'),
               MultiLinkField::create('HasManyLinksTwo')
               ->setReadonly(true),
           ],
       );

       return $fields;
   }

Note

There is some problem here, how this should work if the user can edit the page, but LinkField is set to read only. Which should take precedence over canEdit or ReadOnly? Since if the field is read only, then a user with canEdit permission will not be able to create a link. Should there be a super user who can create links? Based on this discussion: #141 (comment)

Parent issue

• Read only #11

[sabina-talipova]

This method gets Owner's (e.g. Page) fields and check is this LinkField is read only.

[sabina-talipova]

isReadOnly can be null in some cases.

[GuySartorelli]

I'm not doing an actual review of this yet - just answering the question in the note:

There is some problem here, how this should work if the user can edit the page, but LinkField is set to read only. Which should take precedence over canEdit or ReadOnly? Since if the field is read only, then a user with canEdit permission will not be able to create a link. Should there be a super user who can create links? Based on this discussion: #141 (comment)

Readonly is more important than canEdit. It doesn't matter if we can edit anything if the field has been set to readonly - readonly explicitly means we're not allowed to edit the field, even if we have edit permissions for the model or the model's owner.

[emteknetnz]

I haven't tested locally yet

I really dislike the how 'readonly' has been stuffed into the value of 'canCreate'. It makes things much harder to understand what's going on.

Instead you should make 'readonly' its own separate key / prop

[emteknetnz]

Suggested change

	&.readonly {
	&--readonly {

Safer to use a BEM class rather than a generic/global readonly that may accidentally get values set from somewhere else

You'll need to update this is bunch of places in this PR

[sabina-talipova]

Updated

[emteknetnz]

This logic looks wrong, shouldn't have a canCreate check for a delete button

[sabina-talipova]

Updated. I have to use readonly, since we should hide "Archive" button if user cannot edit link field.

[emteknetnz]

Why are we doing this with $ownerRelation? Owner relation should be what's set in the private static $has_many, not the _Readonly added to form fields when they are set to read only mode?

[sabina-talipova]

Updated

[emteknetnz]

Create a new private method getOwnerClassFromRequest() so that it's consistent with the rest of the file and throw a 404 error if the owner class !is_a DataObject

[sabina-talipova]

Updated

[emteknetnz]

Suggested change

	$isReadOnly = Injector::inst()->get($ownerClass)->getCMSFields()->dataFieldByName($ownerRelation)?->isReadonly();
	return (bool) Injector::inst()->get($ownerClass)->getCMSFields()->dataFieldByName($ownerRelation)?->isReadonly();

[sabina-talipova]

Updated

[GuySartorelli]

This doesn't take into account scenarios where the form was set to readonly, which I believe is what happens when the user doesn't have edit permission for the owner record (e.g. a page).

[emteknetnz]

Suggested change

	return $isReadOnly ?? false;

[sabina-talipova]

Updated

[emteknetnz]

I'm still able to sort links in a MultiLinkField when it's in a readonly state

Also needs a rebase

[emteknetnz]

I'm not sure we should be setting a form message here. Can you find any other examples of us doing this?

If we do keep it, the message is wrong when the form has been manually set to read only rather than because of a lack of permissions

[sabina-talipova]

@emteknetnz, I could not find any similar example. I think it was new requirements from Design team. I moved logic only for readonly field.

[emteknetnz]

Suggested change

	test('LinkPickerTitle render() should have readonly class if cannot edit', () => {
	test('LinkPickerTitle render() should have readonly class if set to readonly', () => {

[sabina-talipova]

Updated

[emteknetnz]

Suggested change

	test('LinkPickerTitle render() should not have readonly class if can edit', () => {
	test('LinkPickerTitle render() should not have readonly class if set to readonly', () => {

[sabina-talipova]

Updated

[emteknetnz]

This message feels even more out of place now

It will now only show if $this->isReadOnlyField() is explicitly called, though not if $this->canEdit() is false or if the owner page/element canEdit() returns false which seems worse because it's inconsistent.

We also don't show this message anywhere else in the CMS as far as we know

I think we should just remove this message, it's seems pretty obvious that the form is readonly because the background of all the form elements if grey

Perhaps raise a new card to add this to globally add this message to forms through the CMS instead?

[sabina-talipova]

Updated

[emteknetnz]

Merge conflicts, needs a rebase + run yarn build