-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Icon showing if file/folder is restricted + tied to a userform submission #1066
Comments
What we need to investigate further, make decisions on:
|
Some thoughts:
Not sure about the folders
|
I think this solution doesn't resolve the opportunity of
We've reworded it slightly to have slightly more emphasis to the protected state but maybe it doesn't aim to resolve the opportunity enough still. |
Tested updated the graphql for doing 50x checks on files Uploaded over 50 files into a folder, max per page in the File Manager is 50 There's already a File->getVisibility() which returns "public" or "protected". It reads the filesystem. Added another option is a newly added canViewAnonymous() it may make more sense in some combination of a files modified state and permissions. It used the db rather than the filesystem, so it is much faster than getVisility() - see benchmarks in comment below assets File.php
asset-admin FileTypeCreator.php
asset-admin fileFragments.js
|
graphql - fileFragments.js visibilty
draft
|
Benchmark of getVisibility() vs canViewAnonymous() @ 10,000 repetitions on vagrant tl;dr database canViewAnonymous() is much faster then filesystem getVisibility() 10,000 repetitions: Published file
Draft-only file
Published file in a Folder with LoggedInUsers permission (so file is in protected asset store)
Note: all the getVisibility() results are all functionally the same since they are agnostic to canView() permissions, difference is just margin of error Code:
|
I assume we are not catering to the scenario of a file archive being used, meaning we don't need to check whether permissions are retained once a file is returned from the archive. |
@clarkepaul I agree. What about an update to:
|
Also a quick note: can we please watch out that tasks or comments related to 'an icon for form submissions' are kept in issue silverstripe/silverstripe-userforms#950 and not in this issue? While there's overlap, we should make sure to keep these conversations separate. I bet the way the current opportunity is phrased doesn't help... |
Note that we've had discussions where performance has been significantly impacted in other areas of the CMS, some sites have wanted to see functionality have the ability to opt out. I don't think we should default to this, but worth noting this has been considered before... |
After viewing a demo of use a green/blue icon that shows if a file is in the public/protected asset store, it was determined that this is a very confusing method of displaying 'protected' The core issue is that a file can be in the protected store by either:
The asset store abstraction is not something CMS users are normally aware of, so the green/blue icon was very confusing to people After this, we went through and exercise of making the protected icon derive purely from permissions instead of which asset store the file was in |
Showing a protected icon based on permissions is fraught because some websites allow customers to create an account. The majority of sites do not. This does mean that the 'LoggedInUsers' permission:
We cannot assume, nor can we reliably automatically determine, which of these two models a site follows What this means is we are unable to automatically derive business logic for what a permission based 'protected' state means In order to get the protected icons working, we would need to add something like a CMS editable option in Site Settings such as 'Customers can log in to an account', which we'd probably default to 'off'. Site administrators on sites where customer can login, would then need to manually set this in order for the protected icons to display correctly This does not strike me as a particularly good outcome |
Extra note about canView() checks on DataObjects, if we do decide to progress this further, and we want to accommodate sites where customers can log in, then we'll need to feed the canViewAnonymous() function with a member written to the database:
This is because all the canView() permission checks the ORM does actually require a member in the database What this means is there will be a member with a strange email such as 'zz_member_with_no_cms_access' floating around in the Member table This will probably be very confusing to CMS users who see it in the Security section |
The places we might need to consider placing both icons for restricted and form submission the icons. All placements should have a tooltip to educate users of what the icons mean. Priority placements:
Med priority placements:
Low priority placements:
Excluding:
|
Option 1 and Option 3 (what the demo currently has) are both confusing for the same reason - we're using the same icon on the folder as we are on the file. Option 1
Option 3
Option 2 is just confusing, not really an option IMO Option 4 is obviously the easy solution, non-confusing though at the same time non-informative If we were to implement either 1 or 3 then it seems like we'd need a new icon Option 1 seems nice from a "I just created a new user form" point of view Option 3 is generally better though IMO
So my recommendation is we stick with option 3 and create a new icon |
Note: I would be OK with option 4 if we instead created a report separate from the file manager showing the location of Folders/Files of submitted files. I think that would do a better job of helping people audit their website for submitted files than file manager icons alone would. |
Agree that opt 2 is a no-go so crossed it out. I think the thing the main thing we are actually trying to communicate is that this folder is being used by "something" so be careful with it, regardless if its a form, the carousel, the company staff list of profile pictures. In this case, the icon would be a link icon showing there is a relationship of which I can't tell you what the relationship is but don't delete it (also not very informative). Multiple forms can be associated with a single folder so you probably don't want to list all the relationships in the tooltip itself. Either way, we don't have room on the folder to display two icons so I'm recommending not showing any form related icon there. The folder itself is an icon so with the addition of two more icons we're just overloading things. Open to bright ideas though. |
> we don't have room on the folder to display two icons
Fair reason
> Open to bright ideas though
As previously mentioned, creating a report that shows where all the
existing submitted files on the website are (and also if they're in the
public asset store) would be something I think is very helpful to people
managing websites. It's also going to be pretty low cost to implement.
|
An update based on this morning discussion... We are not going to indicate that a folder is associated to a form from the files area as part of this issue (no submission icon on folders). This could still happen as a separate issue if either of the above options (1 & 3) get selected to go further with, so as part of this issue we are going for option 1 (don't show submission icon on folders). Side note, if we went further with option 1 indicating that a folder is connected to a userform we could possibly use a different coloured folder icon (for example we could use purple or grey colour). This is pretty abstract so it would need to be reinforced with a tooltip. |
Demo feedback
|
Re the new points that have been added on a11y:
I'd guess that the fact that you can't tab to the 'draft' badge should probably be seen as a bug and not necessarily as functionality we're trying to copy as it limits how some should ideally access this information. @clarkepaul should I create a new issue to log this as a problem? I know that eventually we'd want to see that draft label as a reactstrap component too. |
I think the experience we'd want to use is |
Overview
Provide a clear visual indicator in the Files area to indicate the restricted access of folders and files.
I.e whether they are in the public asset store and as a result are accessible by anonymous website visitors, or if they in the protected asset store and as a result are protected to at least logged-in users only.
NOTE: This work does not include an indication for Folder being associated with a form, this piece has been removed from this issue.
This would look to solve the following opportunities:
ACs
Sub-tasks - design
Designs
Create userhelp content to align with the final experience:Sub-tasks - dev
PRs
Cucumber tests
Accessibility
title
attributeThe text was updated successfully, but these errors were encountered: