search

2sic / 2sxc

DNN + 2sxc = #DNNCMS - This tool helps web designers and developers prepare great looking content in DNN (DotNetNuke). It's like mixing DNN with Umbraco and Drupal :)
http://2sxc.org
MIT License
145 stars 40 forks source link

Template picker showing on skin embedded apps for logged in users without permissions #3380

Closed 6TELOIV closed 1 week ago

6TELOIV commented 6 months ago

That's a very long title...

I'm submitting a

[x] bug report

...about

[x] edit experience / UI [x] DNN parts

Current Behavior / Expected Behavior

For apps embedded in a skin on DNN, users who are logged in but don't have crud permissions on the app see an app view selector button: image

The also see a toolbar, and get various errors when clicking the buttons on it. This error is from clicking the "change layout" toolbar item: image

Uncaught (in promise) TypeError: Qe.getTag(...) is null
    code command-layout.ts:20
    f cms-engine.ts:127
    promise callback*e.prototype.run cms-engine.ts:125
    detectParamsAndRun cms-engine.ts:62
    r sxc-global-cms.ts:127
    do sxc-global-cms.ts:141
    runInternal sxc-global-cms.ts:130
    run edit-manager.ts:40
    onclick (index):1

Clicking the button gives the view selector menu but it never loads: image

The second tab says TemplatePicker.ViewNeedsContentType: image

Once granted crud permissions, this all goes away (template button and toolbar no longer show): image

Also, when viewing the page where the "real" module lives, the issue goes away as well (template button and toolbar no longer show): image

The apps are embedded in the skin using the following method:

<%@ Import Namespace="DotNetNuke.Entities.Modules" %>
<%@ Import Namespace="ToSic.Sxc.Dnn" %>
<%@ Import Namespace="ToSic.Sxc.Services" %>
<!-- * * * -->
<%= this.GetScopedService<IRenderService>().Module(77, 446) %>

Instructions to Reproduce the Problem

  1. Create an app
  2. Create a user with no crud access
  3. Add the app to a page
  4. Embed the app in the skin using the method outlined above
  5. Login as the other user and view a page where the "real" app isn't and the skin app is.

Your environment

iJungleboy commented 6 months ago

I tried to reproduce but everything seems to work. My guess is you're doing something special. Here's what I did:

  1. user basic-user - no permissions, just registered user - so no edit permissions and correspondingly also no crud
  2. module on a specific page etc.
  3. also added to Theme ...everything works.

Not sure what you did, but I believe you did more special stuff ;) ?

Maybe some draft data or strange edit permissions?

6TELOIV commented 6 months ago

I had noticed today that it wasn't showing on certain pages, but was showing on others. Something additional to try would be adding an app to the page that they DO have permission to edit. That might be a part of it.

Additional context is that this was a V16 install that was upgraded to V17. That could be part of the problem as well.

On Tue, May 14, 2024, 2:08 PM iJungleboy @.***> wrote:

I tried to reproduce but everything seems to work. My guess is you're doing something special. Here's what I did:

  1. user basic-user - no permissions, just registered user - so no edit permissions and correspondingly also no crud
  2. module on a specific page etc.
  3. also added to Theme ...everything works.

Not sure what you did, but I believe you did more special stuff ;) ?

Maybe some draft data or strange edit permissions?

— Reply to this email directly, view it on GitHub https://github.com/2sic/2sxc/issues/3380#issuecomment-2110825365, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABS33DDAXBWZF6423V2RIPDZCJHIDAVCNFSM6AAAAABHS2GEK2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJQHAZDKMZWGU . You are receiving this because you authored the thread.Message ID: @.***>

iJungleboy commented 6 months ago

The upgrade almost certainly is not relevant.

That the user has edit permissions is, but it feels confusing that he has edit but seems to not have edit?

If he has edit, how can he not have CRUD?

6TELOIV commented 6 months ago

I have narrowed down the issue. Here are the steps to reproduce.

I just followed these steps to reproduce the issue on my local machine. As a note, the system will need to be registered to give just the user permissions. I'm not sure if this is a necessary step or not; it seems that the only criterion needed to cause the bug are: don't have permissions on the app in the skin, and DO have permission on an app on the page.

That the user has edit permissions is, but it feels confusing that he has edit but seems to not have edit?

Our content editors only have permissions to edit certain apps. They can edit the basic textual apps that we use for content on pages, but they are not allowed to edit our social media links, the search app, footer contact links, news releases, and many of our other apps. That's why they have CRUD permissions on "App 2" but not "App 1" (in this minimal reproducible demo)

ajplopez commented 5 months ago

I can confirm that I'm experiencing this issue on a brand new site that uses 9.13.03 and 17.9.0.

I have a menu that is injected into the theme's .ascx file. Everything works great for SuperUser, Administrators, and the public.

But I created a new role called "Content Editors" and they have permissions to 1 module on 1 page, and when the Content Editor is logged in, they see the big blue icon and the 2sxc App Chooser/Template Chooser section that spans the bottom of the browser.

iJungleboy commented 5 months ago

@ajplopez will look into this. Note BTW that DNN 10 will plan to come with a built-in role called "Content Editors" which has some long awaited features. To avoid your existing role being repurposed, I recommend you rename it.

6TELOIV commented 1 week ago

Yay! Glad to see this fixed, looking forward to 2sxc 18 LTS