Details

      Description

      Hi team,

      Create button doesnt take care about User permissions.

      Step to reproduce:

      • On ezplatform.yml, configure your language (ex: [fre-FR, eng-GB] )
      • Create multiple language on BO (ex: fre-FR, eng-GB, ger-DE, jpn-JP)
      • Create a new user with new role and policies. User should have to create only a content in fre-FR
      • Connect with this user
      • Try to create a new content
      • All languages are available on Create button UI -> User should see only the language defined on their permission
      • Off course publishing it is forbidden but in term of UX its already too late

        Issue Links

          Activity

          Philippe Vincent-Royol created issue -
          Maciej Kobus made changes -
          Field Original Value New Value
          Status Open [ 1 ] Confirmed [ 10037 ]
          Maciej Kobus made changes -
          Assignee Maciej Kobus [ maciej.kobus@ez.no ]
          Maciej Kobus made changes -
          Status Confirmed [ 10037 ] Backlog [ 10000 ]
          Maciej Kobus made changes -
          Status Backlog [ 10000 ] Development [ 3 ]
          Maciej Kobus made changes -
          Project eZ Platform Enterprise Edition [ 11800 ] eZ Publish / Platform [ 10401 ]
          Key EZEE-1824 EZP-28598
          Component/s Platform UI (Admin UI & Content UI) [ 10301 ]
          Component/s Platform UI (Admin UI & Content UI) [ 14059 ]
          Affects Version/s 2.0.0-beta4 [ 14883 ]
          Affects Version/s 2.0.0-beta4 [ 14884 ]
          Maciej Kobus made changes -
          Status Development [ 3 ] Development Review [ 10006 ]
          Show
          Maciej Kobus added a comment - PR: https://github.com/ezsystems/ezplatform-admin-ui/pull/226
          Maciej Kobus made changes -
          Link This issue is blocked by EZP-28615 [ EZP-28615 ]
          Hide
          Maciej Kobus added a comment -

          Hey Philippe Vincent-Royol
          We hit a technical limitation and we are not able to provide complete improvement. We are not able to check if user is able to create content in particular language without knowing the Content Type. We are only able to provide simple filtering based on languages defined in the system and limited by siteaccess config.

          cc Sylvain Guittard Bertrand Dunogier You should also take a look as I remember there was also an requirement for Content Type filtering in Create Widget. This is also impossible to implement at the moment as we would have to provide language in order to check perms for particular Content Type.

          Show
          Maciej Kobus added a comment - Hey Philippe Vincent-Royol We hit a technical limitation and we are not able to provide complete improvement. We are not able to check if user is able to create content in particular language without knowing the Content Type. We are only able to provide simple filtering based on languages defined in the system and limited by siteaccess config. cc Sylvain Guittard Bertrand Dunogier You should also take a look as I remember there was also an requirement for Content Type filtering in Create Widget. This is also impossible to implement at the moment as we would have to provide language in order to check perms for particular Content Type.
          Maciej Kobus made changes -
          Status Development Review [ 10006 ] Documentation Review done [ 10011 ]
          Fix Version/s 2.0.0 [ 14722 ]
          Assignee Maciej Kobus [ maciej.kobus@ez.no ]
          Michał Szołtysek made changes -
          Link This issue testing discovered EZP-28620 [ EZP-28620 ]
          Sylvain Guittard made changes -
          Summary No filtering langauge on create content UI No filtering language on create content UI
          Sylvain Guittard made changes -
          Component/s Permissions [ 10306 ]
          Sylvain Guittard made changes -
          Affects Version/s 2.0.0-rc1 [ 14864 ]
          Sylvain Guittard made changes -
          Issue Type Improvement [ 4 ] Bug [ 1 ]
          Hide
          Philippe Vincent-Royol added a comment -

          Hi Maciej Kobus

          I guess it could be filter by the SA definition . Its more easier to explain the menu depends of the SA configuration than user roles and permissions that could be a nightmare

          what do you think Sylvain Guittard Bertrand Dunogier ? I guess the legacy didnt filter on user persmission also.

          Show
          Philippe Vincent-Royol added a comment - Hi Maciej Kobus I guess it could be filter by the SA definition . Its more easier to explain the menu depends of the SA configuration than user roles and permissions that could be a nightmare what do you think Sylvain Guittard Bertrand Dunogier ? I guess the legacy didnt filter on user persmission also.
          Hide
          Sylvain Guittard added a comment -

          Hi guys!

          I think using the siteaccess configuration is not a good solution and it will confuse website owners / administrators. This widget should only be based on the user rights.

          Based on the design we have for the widget, we should fetch the content types based on the language selected in the dropdown list.
          Example:

          Module Function Limitation
          content create Blog Post (english)
          content create Article(french)

          When an editor (having the previous rights) will click on the create button, the editor will see only Blog Post because English is pre-selected. As soon as the editor changes the language to french, the list of available Content Types changes and displays only Article.

          This is only an example. And there is more regarding user permissions on content/create: sections, location, subtree, parent...

          If it's not possible to do that today because we need to improve/rework the API we can create a story for that.

          Show
          Sylvain Guittard added a comment - Hi guys! I think using the siteaccess configuration is not a good solution and it will confuse website owners / administrators. This widget should only be based on the user rights. Based on the design we have for the widget, we should fetch the content types based on the language selected in the dropdown list. Example: Module Function Limitation content create Blog Post (english) content create Article(french) When an editor (having the previous rights) will click on the create button, the editor will see only Blog Post because English is pre-selected. As soon as the editor changes the language to french, the list of available Content Types changes and displays only Article . This is only an example. And there is more regarding user permissions on content/create: sections, location, subtree, parent... If it's not possible to do that today because we need to improve/rework the API we can create a story for that.
          Hide
          Łukasz Serwatka added a comment -

          Hi,

          current implementation from Maciej is exactly as it was in legacy if I remember correctly. In order to use language, you not only have to add it from UI but also you need change site.ini for admin siteaccess and add language there.

          So we need your decision tonight. Either we revert it and leave it as it is now, so no SA filter nor permission checks. Or we keep what was merged today with SA filter. We need only upgrade documentation.

          ping Sylvain Guittard

          Show
          Łukasz Serwatka added a comment - Hi, current implementation from Maciej is exactly as it was in legacy if I remember correctly. In order to use language, you not only have to add it from UI but also you need change site.ini for admin siteaccess and add language there. So we need your decision tonight. Either we revert it and leave it as it is now, so no SA filter nor permission checks. Or we keep what was merged today with SA filter. We need only upgrade documentation. ping Sylvain Guittard
          Hide
          Sylvain Guittard added a comment -

          Just confirmed with Lukasz that the language list should not be based on SiteAccess.
          Fix will be reverted.

          We will need a follow-up story about user permission with content / create

          Show
          Sylvain Guittard added a comment - Just confirmed with Lukasz that the language list should not be based on SiteAccess. Fix will be reverted. We will need a follow-up story about user permission with content / create
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Confirmed Confirmed
          18h 3m 1 Maciej Kobus 17/Dec/17 3:44 PM
          Confirmed Confirmed Backlog Backlog
          1d 17h 3m 1 Maciej Kobus 19/Dec/17 8:48 AM
          Backlog Backlog Development Development
          2s 1 Maciej Kobus 19/Dec/17 8:48 AM
          Development Development Development Review Development Review
          45m 16s 1 Maciej Kobus 19/Dec/17 9:33 AM
          Development Review Development Review Documentation Review done Documentation Review done
          1d 2h 4m 1 Maciej Kobus 20/Dec/17 11:37 AM

            People

            • Assignee:
              Unassigned
              Reporter:
              Philippe Vincent-Royol
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: