Open moofoo opened 12 years ago
moofoo
commented
12 years ago I can't figure out how to set labels and milestones (I need to be a collaborator I think? I haven't used github in awhile), but I wanted to point out that this is suggestion is somewhere between a feature request and a core change. I'd put it under the someday milestone.
The way element visibility is done now is adequate for almost all use cases.
cheesegrits
commented
12 years ago I agree with a lot of this, and your suggested layout is similar to something I've had in mind for a while.
Much of the inconsistency is due to the gradual development of Fabrik over time, and the various options (or lack thereof) J! itself has provided for access control, starting in the dim distant past with Mambo. Which is why (for instance) certain elements have a 'read only' setting. Which we've ended up keeping for backward compat, but I think now is the time to bite the bullet and get rid of that.
We need to get Rob on board though ...
pollen8
commented
12 years ago Move Encrypt data from 'Access tab to somewhere else, maybe add a "Misc" sub-section under the 'Publishing' tab and put it there?
Note entirely sure what that would gain us
Rename 'Access' tab to 'Visibilty'.
Think i disagree here, generally throughout Joomla this acl controls are labeled 'access'.
Remove the 'Hidden' option as a plugin-specific option (remove from field, date, user, internal id, etc).
I'd agree with this.
Link visibility for Form Views. <-- Label
Could you expand on what this one means?
Options: Nobody, Everybody,
I wouldn't add these in here, its up to the user to create these corresponding acl viewing levels if they so desire.
Form View - Edit
It would be good to come up with some use cases as to where edit acl levels would be different to new acl levels. Considering the large number of acl options we already have for editing a record, would acl on a per element basis when editing a form be needed? I've not seen any examples where this was the case.
I'll set the milestone to this one for someday (think you have to be one of the project admins to do that)
cheesegrits
commented
12 years ago Thinking about it, I think what my issue is, is 'visibility' rather than 'access'.
I'd like to end up with the flexibility to specify if the element is visible:
On new. On edit. On detail view. On list.
As far as Access goes, I'm not sure we need to change anything.
And on a vaguely connected note ... I need to test and confirm whether this is still the case ... one thing I remember having issues with is with elements being used as "approval" flags. I want to set the access so normal users don't have write access ... but last time I tested, this meant that default values weren't being applied. Not sure if this has changed, but IMHO, default values on elements on new forms should be applied, regardless of access. Or at least, that should be an option.
-- hugh
On Tue, Apr 10, 2012 at 6:31 PM, Rob Clayburn reply@reply.github.com wrote:
Move Encrypt data from 'Access tab to somewhere else, maybe add a "Misc" sub-section under the 'Publishing' tab and put it there?
Note entirely sure what that would gain us
Rename 'Access' tab to 'Visibilty'.
Think i disagree here, generally throughout Joomla this acl controls are labeled 'access'.
Remove the 'Hidden' option as a plugin-specific option (remove from field, date, user, internal id, etc).
I'd agree with this.
Link visibility for Form Views. <-- Label Could you expand on what this one means?
Options: Nobody, Everybody, I wouldn't add these in here, its up to the user to create these corresponding acl viewing levels if they so desire.
Form View - Edit It would be good to come up with some use cases as to where edit acl levels would be different to new acl levels. Considering the large number of acl options we already have for editing a record, would acl on a per element basis when editing a form be needed? I've not seen any examples where this was the case.
I'll set the milestone to this one for someday (think you have to be one of the project admins to do that)
Reply to this email directly or view it on GitHub: https://github.com/Fabrik/fabrik/issues/220#issuecomment-5058999
pollen8
commented
12 years ago ok so whats the actual difference for a end user between invisible/visible and can/cant access. I think what moofoo is rightly saying is that there isn't really any difference and that we can condense that all down into one set of options which are global for all elements......
Ah yes there is a difference as cant access would still show the data (but in a read only form), hmm so any element really has three possible states
@moofoo perhaps this is what you meant in your original post?
cheesegrits
commented
12 years ago Well, 'hidden' doesn't necessarily mean "not editable". Like cases where custom JavaScript may want to set the value.
So "visibility" should be separate from "access".
-- hugh
On Tue, Apr 10, 2012 at 7:04 PM, Rob Clayburn reply@reply.github.com wrote:
ok so whats the actual difference for a end user between invisible/visible and can/cant access. I think what moofoo is rightly saying is that there isn't really any difference and that we can condense that all down into one set of options which are global for all elements......
Ah yes there is a difference as cant access would still show the data (but in a read only form), hmm so any element really has three possible states
- hidden (if set to yes should basically make the element not editable and not viewable) (Also if set to yes then editable and viewable options not shown as they are not applied)
- editable (fully working field/dropdown etc) applicable in form view
- viewable (if in details view or not edtable then this setting applies)
@moofoo perhaps this is what you meant in your original post?
Reply to this email directly or view it on GitHub: https://github.com/Fabrik/fabrik/issues/220#issuecomment-5059492
jguice
commented
11 years ago Right now I don't see a simple way to have an element hidden yet saved for a public form and visible for a registered/special details view. It sounds like this issue's suggestions would resolve that so +1 ;)
Sophist-UK
commented
11 years ago We need to handle several use cases:
And choice of 1. - 3. might be wanted by Fabrik access (template type), by Joomla viewlevel (but not through, access), by hidden field option on the element, by menu visibility settings, by javascript etc.
So lots of complexity here.
jguice
commented
11 years ago When a record is saved access should be checked and only fields the user has write permission for should be udpated (I assume it works close to this today or I could construct post data and update fields I didn't get in a form or that were disabled).
Calculations based on the field should use the existing database value (again I assume these happen server-side already). If the field itself is a calculation that should also happen server-side regardless of access (if a user allows a non-public field to be derived from public fields that's a potential programming security issue but not something I'd expect a framework to handle...a warning might be cool though ;) ).
As mature as fabrik is I'm not surprised that it's mostly complex problems that remain :smile_cat:
Right now the following options in element settings can affect visibility:
This arrangement is confusing for a couple of reasons:
Here's what I think would be a better solution:
In this 'Visibility' tab, replace the current 'Editable' and 'Viewable' options with the following:
A couple UI details:
This new configuration would cover all the use cases of the current setup, plus some that you can't currently do with just the 'Hidden', 'Editable'/'Viewable' and 'Show in List' options, for example an element could now be hidden from the form view when a record is created, but be visible when the record is edited, or vice versa. This configuration is very easy to understand. In the 'Visibility' tab you can set whether an element is shown or not for each View type, and you can set that absolutely or have it based on the user's access level.
When I'm less busy I'll make a fork Fabrik and work on this myself, however it will be 4-5 months from now before I'll have the free time.