Add support for Read Only Fields Based on User Group #1389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It was previously possible for a user to modify fields they did not have access to by replaying a save_entry request with a different JSON payload containing a modification to a read only or hidden field
|
While this PR was developed for my own use of cockpit, looking at open issues, it may help as a base towards solving: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of Changes
acl_ro(access control list read only) parameter to fields within a collectionuk-disabledcss classMotivation
Currently, the per field acl in a collection can be used to hide fields from certain groups of users. For our use case of cockpit, we would like to mark some basic fields about an entry (such as name, slug, etc) as only editable by admins, but allow volenteers to contribute to content within other fields of an entry.
Marking the "basic" fields as only accessible to admins completely hides them from the UI, meaning volenteers cannot see which entry they are editing.
This PR adds seperate access control lists for read/write (the current ACL) and read only - allowing users to see, but not modify fields marked as read only.
Implementation
Split ACL
The per-field access control list is now split into two parts:
The read write list is stored with the
aclparameter as before, ensuring backwards compatbility with existing cockpit deployments. The new readonly list is stored in aacl_roparameterEntries Table
Entries table now displays columns for any field the user can see based on the union of
aclandacl_ro.The "bulk edit" interface on the entires table uses only the
acllist to avoid allowing bulk edits of fields which the user can only see in a read-only capacity.(this would be a good use case for the upcoming HTML "inert" attribute - but since it is not yet supported by any browser (without enabling experimental support), I've used custom javascript. An alternative would be to add the "inert" polyfill to cockpit and use that attribute for a more robust solution.
Entry Editor
The
disabledoption is passed into thecp-fieldfor readonly fields to render them partially translucent and prevent cursor interaction.I have also added code to prevent a user gaining focus into a disabled
cp-fieldby pressing tab on the keyboard to move between inputs.Server Side Validation
The existing ACL is not validated server side, meaning a user can reply a http request to collection/save_entry, modifying the JSON payload to overwrite a field they do not have access to.
This PR additionally adds server side validation to the Collection's Admin controller to use the old value for any read only fields.