New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XWIKI-17533: Allow to set custom rights in administration #1644
Conversation
* Provide a new API to retrieve all rights names in SecurityAuthorizationScriptService * Provide a new administration section to configure the custom rights * Edit rightsUI.vm to allow customize custom rights, without breaking the existing rights and UIs mechanisms
No way to have "Custom Rights" right below "Rights" ? I feel it would help discoverability. |
I definitely agree |
So for information, after a discussion with @vmassol on the chat, I checked if there was XWiki contrib extensions registering custom rights and providing an UI for them. My findings are that one contrib extension is using custom rights: the Discussion application, which does not provide any UI for setting them right now. In my knowledge, and putting aside the Change request application, those are the two usages of the custom rights registration, and none of them is providing a custom UI for settings the rights. |
I need to check a bit more, but AFAIR the section in "Users and groups" are hardcoded, except the last current one "Authorization". So I can probably put it below rights, but it would involve either to recode all sections to use order, or to hardcode it too. |
* Put the custom right section at the right place
So I was actually wrong about that, I can put the section on the right place using the appropriate order, which I did in my last commit. I updated the screenshot accordingly. Note that right now the changes only allow to configure those custom rights globally in the wiki since I'm using a ConfigurableClass (see https://jira.xwiki.org/browse/XWIKI-18723). Once this issue will be fixed, we can imagine having it also for space administration, but there will be the question of calling it for the space or for the page only: right now we have two rights UI in space administration, so it would double it when using the custom rights. |
<content>{{velocity}} | ||
### Sheet used to generically display the XWikiPreferences object fields in the administration sheets. | ||
{{html}} | ||
<form method="post" action="$xwiki.getURL($currentDoc, 'saveandcontinue')" class="xform"> | ||
############################################################################################ | ||
## RIGHTS | ||
############################################################################################ | ||
<fieldset> | ||
#template('rightsUI.vm') | ||
</fieldset> | ||
</form> | ||
{{/html}} | ||
{{/velocity}}</content> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think of adding a PageTest for this document?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
quite frankly I'm not sure it worthes it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would you not? Templates are very easy to break on change, so adding some test (even if it's only testing what you changed) seems valuable to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@surli said differently, where do you validate that the HTML is correct and that it works? do you have a functional test? it's definitely needed to test somewhere this code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No I don't have test for now for this. I'll try to provide it for 13.5, I'll merge it like that for now so that I can ensure it's possible to have it for 13.5RC1. Note that I tested it manually and also this code is a copy/paste of what's in AdminWikisRightsSheet.
@@ -40,13 +40,25 @@ $xwiki.ssfx.use('js/xwiki/usersandgroups/usersandgroups.css', true) | |||
$xwiki.jsfx.use('js/xwiki/table/livetable.js', true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think of adding a PageTest for this template?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same answer
#if("$!request.section"=='wikis.rights') | ||
#set ($standardRights = ['view', 'comment', 'edit', 'script', 'delete', 'admin', 'register', 'programming', 'login', | ||
'createwiki']) | ||
#set ($sectionWikiRights = "wikis.rights") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
very minor, could be in single quotes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there any advantage to use single quote vs double quote? I generally use double quote because of the Java habit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC single quote content is not interpreted whereas double quotes content is, making the single quote alternative slightly faster on static content such as this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok so indeed might worth it to change that, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes it's our best practice to use single quotes to the max (for the reason mentioned by Manuel)
For information I opened a vote for the wording of the section: https://forum.xwiki.org/t/section-name-for-displaying-non-standard-rights/8892 Also after discussing with @mflorea on the chat I investigated on the possibility to integrate the new rights LT directly in the same Rights section that currently exists, however I abandoned the idea since it was lots of work to make it work properly and ensuring to not cause any regression. I preferred to play it safe here. |
* Rename Custom Rights to Extension Rights and improve a bit the template
* Use simple quote in the velocity constants
JIRA
https://jira.xwiki.org/browse/XWIKI-17533
Description
This PR is an experiment to find a trade-off for allowing to set custom rights, without having to rewrite entirely the whole rights UI, and without breaking the existing one.
Here's what I said about it on the chat:
Implementation
SecurityAuthorizationScriptService
the existing rights and UIs mechanisms
Screenshot
Here's a screenshot after the changerequest extension has been installed (which currently misses a translation for its custom right)