Details

      Description

      Hi team,

      Create button doesnt take care about User permissions.

      Step to reproduce:

      • On ezplatform.yml, configure your language (ex: [fre-FR, eng-GB] )
      • Create multiple language on BO (ex: fre-FR, eng-GB, ger-DE, jpn-JP)
      • Create a new user with new role and policies. User should have to create only a content in fre-FR
      • Connect with this user
      • Try to create a new content
      • All languages are available on Create button UI -> User should see only the language defined on their permission
      • Off course publishing it is forbidden but in term of UX its already too late

        Issue Links

          Activity

          Show
          Maciej Kobus added a comment - PR: https://github.com/ezsystems/ezplatform-admin-ui/pull/226
          Hide
          Maciej Kobus added a comment -

          Hey Philippe Vincent-Royol
          We hit a technical limitation and we are not able to provide complete improvement. We are not able to check if user is able to create content in particular language without knowing the Content Type. We are only able to provide simple filtering based on languages defined in the system and limited by siteaccess config.

          cc Sylvain Guittard Bertrand Dunogier You should also take a look as I remember there was also an requirement for Content Type filtering in Create Widget. This is also impossible to implement at the moment as we would have to provide language in order to check perms for particular Content Type.

          Show
          Maciej Kobus added a comment - Hey Philippe Vincent-Royol We hit a technical limitation and we are not able to provide complete improvement. We are not able to check if user is able to create content in particular language without knowing the Content Type. We are only able to provide simple filtering based on languages defined in the system and limited by siteaccess config. cc Sylvain Guittard Bertrand Dunogier You should also take a look as I remember there was also an requirement for Content Type filtering in Create Widget. This is also impossible to implement at the moment as we would have to provide language in order to check perms for particular Content Type.
          Hide
          Philippe Vincent-Royol added a comment -

          Hi Maciej Kobus

          I guess it could be filter by the SA definition . Its more easier to explain the menu depends of the SA configuration than user roles and permissions that could be a nightmare

          what do you think Sylvain Guittard Bertrand Dunogier ? I guess the legacy didnt filter on user persmission also.

          Show
          Philippe Vincent-Royol added a comment - Hi Maciej Kobus I guess it could be filter by the SA definition . Its more easier to explain the menu depends of the SA configuration than user roles and permissions that could be a nightmare what do you think Sylvain Guittard Bertrand Dunogier ? I guess the legacy didnt filter on user persmission also.
          Hide
          Sylvain Guittard added a comment -

          Hi guys!

          I think using the siteaccess configuration is not a good solution and it will confuse website owners / administrators. This widget should only be based on the user rights.

          Based on the design we have for the widget, we should fetch the content types based on the language selected in the dropdown list.
          Example:

          Module Function Limitation
          content create Blog Post (english)
          content create Article(french)

          When an editor (having the previous rights) will click on the create button, the editor will see only Blog Post because English is pre-selected. As soon as the editor changes the language to french, the list of available Content Types changes and displays only Article.

          This is only an example. And there is more regarding user permissions on content/create: sections, location, subtree, parent...

          If it's not possible to do that today because we need to improve/rework the API we can create a story for that.

          Show
          Sylvain Guittard added a comment - Hi guys! I think using the siteaccess configuration is not a good solution and it will confuse website owners / administrators. This widget should only be based on the user rights. Based on the design we have for the widget, we should fetch the content types based on the language selected in the dropdown list. Example: Module Function Limitation content create Blog Post (english) content create Article(french) When an editor (having the previous rights) will click on the create button, the editor will see only Blog Post because English is pre-selected. As soon as the editor changes the language to french, the list of available Content Types changes and displays only Article . This is only an example. And there is more regarding user permissions on content/create: sections, location, subtree, parent... If it's not possible to do that today because we need to improve/rework the API we can create a story for that.
          Hide
          Łukasz Serwatka added a comment -

          Hi,

          current implementation from Maciej is exactly as it was in legacy if I remember correctly. In order to use language, you not only have to add it from UI but also you need change site.ini for admin siteaccess and add language there.

          So we need your decision tonight. Either we revert it and leave it as it is now, so no SA filter nor permission checks. Or we keep what was merged today with SA filter. We need only upgrade documentation.

          ping Sylvain Guittard

          Show
          Łukasz Serwatka added a comment - Hi, current implementation from Maciej is exactly as it was in legacy if I remember correctly. In order to use language, you not only have to add it from UI but also you need change site.ini for admin siteaccess and add language there. So we need your decision tonight. Either we revert it and leave it as it is now, so no SA filter nor permission checks. Or we keep what was merged today with SA filter. We need only upgrade documentation. ping Sylvain Guittard
          Hide
          Sylvain Guittard added a comment -

          Just confirmed with Lukasz that the language list should not be based on SiteAccess.
          Fix will be reverted.

          We will need a follow-up story about user permission with content / create

          Show
          Sylvain Guittard added a comment - Just confirmed with Lukasz that the language list should not be based on SiteAccess. Fix will be reverted. We will need a follow-up story about user permission with content / create

            People

            • Assignee:
              Unassigned
              Reporter:
              Philippe Vincent-Royol
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: