Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate "form designer" and "access to form data" roles #3

Closed
sussexrick opened this issue Sep 6, 2018 · 8 comments
Closed

Separate "form designer" and "access to form data" roles #3

sussexrick opened this issue Sep 6, 2018 · 8 comments

Comments

@sussexrick
Copy link

First logged as http://issues.umbraco.org/issue/CON-1455 using Umbraco 7.7.6 and Forms 6.0.5.

What did you do?

Created 2 new forms and a new user. Tried to give the user access to view the entries submitted to one (and only one) of the forms. This required me to grant them "Manage forms" and tick "Has access" next to the form.

What did you expect to happen?

The user should be able to sign in, view the entries for their form, and somehow mark them as dealt with. The user should not be able to modify the form design, as that is a separate role reserved for Umbraco admins or form designers. I would expect ticking "Has access" next to the form would grant this level of permission.

What actually happened?

Because I had to tick "Manage forms" the user had access to add and delete fields on the form. Deleting fields deletes data for existing entries. Adding fields adds them for old entries, making it impossible to prove what questions were asked. It needs to be possible for form design to be a separate role reserved for those who have been trained to do it.

Suggested solution

"Manage forms" permission should not be required to view form data. There should be another permission for form design, scoped to each form eg a "Design form" checkbox next to "Has access". This may or may not require an overall "Manage forms" permission as well.

The way to access entries may need to change to reflect the separation, as currently you have to expand the design view of a form to get to the entries. Entries might be a separate branch of the tree, for example, or an icon at the top right next to Design and Settings, where the relevant icons only appear depending on your permissions as suggested by Jeffrey Schoemaker.

Workaround

Escc.Umbraco.Forms.BackOffice on NuGet & Github is a step towards this - it separates the entries viewer from the form designer, so you can view entries without design permission.

https://github.com/east-sussex-county-council/Escc.Umbraco.Forms/
https://www.nuget.org/packages?q=Escc.Umbraco.Forms

@sussexrick
Copy link
Author

A suggestion for how this could be achieved fairly easily - move the entries viewer to a new Section on the left nav. Then an Umbraco security group for form creators would grant access to the "Forms" section (maybe renamed "Forms design") while a separate security group would grant access to the "Form data" section.

@ronaldbarendse
Copy link

ronaldbarendse commented Jul 22, 2019

Just to clarify: currently you can't grant read-only access to forms! This is a major issue and I'm certain this worked correctly in previous versions (e.g. users could only view entries of the forms with 'Has Access' checked). So now you have to give the 'Manage forms' permission to view the issues and deal with clients that (accidentally) change or removed fields, etc.

Just tested this with Umbraco 7.14.0 and Umbraco Forms 7.1.1.

@ronaldbarendse
Copy link

In Umbraco 8/Forms 8.2.0 it's even worse: if you give access to the Forms section and none of the 'manage' checkboxes on Forms security are checked, you're presented with a 'Create a form' screen. After clicking the button, a notification pops-up indicating the user does not have the right permission:

Umbraco Forms permissions issue

@marcemarc
Copy link

Just sharing this 'workaround' that may help for anyone in this situation or lead to a resolution, essentially 'There Should' be a role, or just the convention, that if you have access to a form, you can see that form's entries, and only if you have 'manage forms' ticked can you see/edit the form design. This must be a bug/oversight, because why would you give a user access to the forms section and untick 'manage forms'? what would they be able to do?

Anyway, workaround is not secure, it just handles TreeNodesRendering event and if current user is in a certain user group it changes the RoutePath of the form entry to be the 'Entries' node - so users in this group 'see' the forms listed, if they click on a form, the entries node opens and they see the entries - it's hackable via the querystring to see the form design, but at least it's not accidentally updated...

... Additionally handling the MenuRendering event for the form enables you to remove 'Create, Copy and Delete options...

  public class SubscribeToFormTreeControllerRendering : IComponent
   {

       public SubscribeToFormTreeControllerRendering()
       {

   }
       public void Initialize()
       {
           FormTreeController.MenuRendering += FormTreeController_MenuRendering;         
           FormTreeController.TreeNodesRendering += FormTreeController_TreeNodesRendering;
    
       }

       private void FormTreeController_TreeNodesRendering(global::Umbraco.Web.Trees.TreeControllerBase sender, global::Umbraco.Web.Trees.TreeNodesRenderingEventArgs e)
       {
           if (sender.TreeAlias != "form")
           {
               return;
           }
           IUser user = sender.Security.CurrentUser;
           // determine whether current user should be able to edit a form or just view entries
           // query your combination of groups here:
           if (!user.IsAdmin() && user.Groups.Any(f=>f.Name == "viewEntriesOnly"))
           {
               foreach (var node in e.Nodes)
               {
                   // for each 'form' change the 'route' path for the menu item to be to the 'entries' node below:
                   if (node.NodeType == "form" && node.Name != "Entries")
                   {
                       node.RoutePath = "/forms/form/entries/" + node.Id;
                   }
               }
           }
       }



       private void FormTreeController_MenuRendering(global::Umbraco.Web.Trees.TreeControllerBase sender, global::Umbraco.Web.Trees.MenuRenderingEventArgs e)
       {
           if (sender.TreeAlias != "form")
           {
               return;
           }
           if (e.NodeId.EndsWith("_entries"))
           {
               // the entries node
               return;
           }
          
               IUser user = sender.Security.CurrentUser;
           // query your combination of groups here to determine who can and who can't:
               if (!user.IsAdmin() && user.Groups.Any(f => f.Name == "viewEntriesOnly"))
               {
               // if this is root node remove 'create' menu
               if (e.NodeId == "-1")
               {
                   var createMenuitem = e.Menu.Items.FirstOrDefault(x => x.Alias == "create");
                   if (createMenuitem != null)
                   {
                       e.Menu.Items.Remove(createMenuitem);
                   }
               }
               // remove delete and copy options
               else
               {
                   var deleteMenuitem = e.Menu.Items.FirstOrDefault(x => x.Alias == "delete");
                   if (deleteMenuitem != null)
                   {
                       e.Menu.Items.Remove(deleteMenuitem);
                   }
                   var copyMenuitem = e.Menu.Items.FirstOrDefault(x => x.Alias == "copy");
                   if (copyMenuitem != null)
                   {
                       e.Menu.Items.Remove(copyMenuitem);
                   }
               }                 
               
           }
       }

       public void Terminate()
       {
      
       }
   }

@jeroenmink
Copy link

Is this being put on the roadmap? One of our clients is requesting this as well to be able to be GDPR compliant.

@AndyButland
Copy link

It is yes. Can't currently commit to any timing or priorities I'm afraid, but it's one of the things we plan to look at as part of new feature development in Forms over the coming months.

@sussexrick
Copy link
Author

@AndyButland Another thing to consider in the permissions update is multi-site. If I configure a single instance of Umbraco to host multiple sites, I can create a User Group for each site and assign that group a Content Start Node and Media Start Node. Users assigned to the group can only see content and media under the assigned nodes. There is no equivalent for Forms.

You can limit which forms a User can see in the Forms section, but that is undermined by #12 which immediately grants access to users of other sites when a form is created. If possible an implementation consistent with the Content & Media sections would be preferable, ie a Content Start Node and Media Start Node specified on the User Group (related to #19), which could point to a folder with the forms for the relevant site.

@AndyButland
Copy link

Due in the next minor releases, 8.11.0 and 9.3.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants