-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate "form designer" and "access to form data" roles #3
Comments
A suggestion for how this could be achieved fairly easily - move the entries viewer to a new Section on the left nav. Then an Umbraco security group for form creators would grant access to the "Forms" section (maybe renamed "Forms design") while a separate security group would grant access to the "Form data" section. |
Just to clarify: currently you can't grant read-only access to forms! This is a major issue and I'm certain this worked correctly in previous versions (e.g. users could only view entries of the forms with 'Has Access' checked). So now you have to give the 'Manage forms' permission to view the issues and deal with clients that (accidentally) change or removed fields, etc. Just tested this with Umbraco 7.14.0 and Umbraco Forms 7.1.1. |
In Umbraco 8/Forms 8.2.0 it's even worse: if you give access to the Forms section and none of the 'manage' checkboxes on Forms security are checked, you're presented with a 'Create a form' screen. After clicking the button, a notification pops-up indicating the user does not have the right permission: |
Just sharing this 'workaround' that may help for anyone in this situation or lead to a resolution, essentially 'There Should' be a role, or just the convention, that if you have access to a form, you can see that form's entries, and only if you have 'manage forms' ticked can you see/edit the form design. This must be a bug/oversight, because why would you give a user access to the forms section and untick 'manage forms'? what would they be able to do? Anyway, workaround is not secure, it just handles TreeNodesRendering event and if current user is in a certain user group it changes the RoutePath of the form entry to be the 'Entries' node - so users in this group 'see' the forms listed, if they click on a form, the entries node opens and they see the entries - it's hackable via the querystring to see the form design, but at least it's not accidentally updated... ... Additionally handling the MenuRendering event for the form enables you to remove 'Create, Copy and Delete options...
|
Is this being put on the roadmap? One of our clients is requesting this as well to be able to be GDPR compliant. |
It is yes. Can't currently commit to any timing or priorities I'm afraid, but it's one of the things we plan to look at as part of new feature development in Forms over the coming months. |
@AndyButland Another thing to consider in the permissions update is multi-site. If I configure a single instance of Umbraco to host multiple sites, I can create a User Group for each site and assign that group a Content Start Node and Media Start Node. Users assigned to the group can only see content and media under the assigned nodes. There is no equivalent for Forms. You can limit which forms a User can see in the Forms section, but that is undermined by #12 which immediately grants access to users of other sites when a form is created. If possible an implementation consistent with the Content & Media sections would be preferable, ie a Content Start Node and Media Start Node specified on the User Group (related to #19), which could point to a folder with the forms for the relevant site. |
Due in the next minor releases, 8.11.0 and 9.3.0. |
First logged as http://issues.umbraco.org/issue/CON-1455 using Umbraco 7.7.6 and Forms 6.0.5.
What did you do?
Created 2 new forms and a new user. Tried to give the user access to view the entries submitted to one (and only one) of the forms. This required me to grant them "Manage forms" and tick "Has access" next to the form.
What did you expect to happen?
The user should be able to sign in, view the entries for their form, and somehow mark them as dealt with. The user should not be able to modify the form design, as that is a separate role reserved for Umbraco admins or form designers. I would expect ticking "Has access" next to the form would grant this level of permission.
What actually happened?
Because I had to tick "Manage forms" the user had access to add and delete fields on the form. Deleting fields deletes data for existing entries. Adding fields adds them for old entries, making it impossible to prove what questions were asked. It needs to be possible for form design to be a separate role reserved for those who have been trained to do it.
Suggested solution
"Manage forms" permission should not be required to view form data. There should be another permission for form design, scoped to each form eg a "Design form" checkbox next to "Has access". This may or may not require an overall "Manage forms" permission as well.
The way to access entries may need to change to reflect the separation, as currently you have to expand the design view of a form to get to the entries. Entries might be a separate branch of the tree, for example, or an icon at the top right next to Design and Settings, where the relevant icons only appear depending on your permissions as suggested by Jeffrey Schoemaker.
Workaround
Escc.Umbraco.Forms.BackOffice on NuGet & Github is a step towards this - it separates the entries viewer from the form designer, so you can view entries without design permission.
https://github.com/east-sussex-county-council/Escc.Umbraco.Forms/
https://www.nuget.org/packages?q=Escc.Umbraco.Forms
The text was updated successfully, but these errors were encountered: