User not accessible as "Assigned To" but *IS* accessible as "Sub-assigned to", and then disappears from Contact #405
Comments
zdmc23
changed the title
|
Hi @zdmc23 @corsacca Working in this issue, We discovered some inconsistencies about the data that the user has permission to view. For example:
This user does not have access to the contact 'Anthony Palacio (multiplier) (contact with id 62)' (according to website). But in the 'wp-json/dt/v1/users/get_users?get_all=1' end-point it returns me this contact.
In this development, We are using this users list (and the contacts list) to know if the user has access to this data, and add a links to redirect the user to contactDetail view (related issue #308). We need the end-point only returns data that the user have access to, or add some property to indicate that the user does not have access to this contact. We believe the same situation happens to the groups. |
|
@raschdiaz i need a little more help understanding your request. The sub-assigned field is connected to the list of contacts. Any field ( subassigned, groups, etc ) should display the values of that field even if the user does not have access to the full record. I think this was implemented in #400 ? So the sub-assigned field should display "Anthony Palacio (multiplier)" even if the user does not have access to the full record of "Anthony Palacio (multiplier)". What should happen if the user clicks on the value and does not have access to the record? I think just a screen that says "you don't have access to this record or this record is unavailable offline". Presumably the app is looking locally if the record is there, and if not: making an API call to the server to get the contact? The server will respond "Permission Denied" and the app display the message page. The Assigned to field is connected to the list of users. Here too the field should display the value, even if the user is not returned from the users list. Every endpoint only returns the data the user has access to. Is there an issue/block in copying the behavior of the desktop website with a "Permission Denied" page? |
|
Hi @corsacca , answering your questions: "The sub-assigned field is connected to the list of contacts. Any field ( sub assigned, groups, etc ) should display the values of that field even if the user does not have access to the full record. I think this was implemented in #400 ?" - Yes, this implementation was made in #400 issue. So the sub-assigned field should display "Anthony Palacio (multiplier)" even if the user does not have access to the full record of "Anthony Palacio (multiplier)". What should happen if the user clicks on the value and does not have access to the record? I think just a screen that says "you don't have access to this record or this record is unavailable offline". Presumably the app is looking locally if the record is there, and if not: making an API call to the server to get the contact? The server will respond "Permission Denied" and the app display the message page. - When the user taps the value of a contact he does not have access, the app will do the request and get an error response (and show a toast)
This is related to the #433 issue that @mikeallbutt created. The app do the request to get contact data according to ONLINE/OFFLINE state. If app its ONLINE, it will do the request, if not, will get local data. The Assigned to field is connected to the list of users. Here too the field should display the value, even if the user is not returned from the users list. Yes, actually this is working like that. Every endpoint only returns the data the user has access to. - Well, as I show you in the above screenshots ('wp-json/dt/v1/ users/get_users?get_all=1' end-point), this doesn't happen. Is your request that each value of the connection fields on a contact or group record have a flag saying if the user has full access to the connected record? (On the sub assigned field: Anthony Palacio (multiplier) would be marked as "not full access" ? Add a new property, or don't return the data (We prefer this option) I don't see a way to achieve this without slowing the requests down significantly. Well, if its not possible to add a new property. Then you can filter this end-point? to only show data that user has access to. Is there an issue/block in copying the behavior of the desktop website with a "Permission Denied" page? No. but We want you check this flow (with the D.T team). Because we remember that someone mentioned the following flow: "When a user does not have access to the contact/group displayed in the detail view, don't add the 'link' behavior to this contacts/groups". This can avoid the user to enter a detail view (contact/group) that he does not have access. This flow can be more easily to implement. This can be worked related to the #433 issue |
|
@raschdiaz if there is a value for a field like "Anthony Palacio (multiplier)" we can not hide or not show the value. We must show it. Instead of showing the toast that says "No permission to read contacts", the app should load a different screen (or a modal) that says "You don't have access to this record or this record is unavailable offline". For now ignore the request: "When a user does not have access to the contact/group displayed in the detail view, don't add the 'link' behavior to this contacts/groups". We can come back to it later. It is more important for us to have a good understandable message when the user tries to navigate to any record that they don't have access to. A use might navigate to a record from a typeahead field, a comment, a link, an old notification, etc. |
|
Hi @zdmc23 @corsacca We can fix the problem related to navigation and add the 'link' feature to the 'assigned to' contact field. We have to do multiple tests, since this modification affects different user flows. We do the following test flows:
All this tests and fixes were made to contact/groups views. https://drive.google.com/file/d/1d3QvgqrdJK-osswYogqdmh1I9k5pEdcP/view?usp=sharing |
* Bump to 1.7 * resolves #411 notifications screen: changed the separator from being | to ~ * Resolves #329 * Resolves #335 - Initial version of support for Questionnaire Plugin * Resolves #304 * Resolves #304 * Resolves #417 * Resolves #407 - Reintroduce Hans PR #438 * Resolves #424 - Reintroduces Hans PR #438 * Temporarily remove Sentry (see #438) * Significant UI fixes (#442) Resolves #259 * Manually fix security vulnerabilities in dependencies * Resolves #408 - specify utc() when displaying date (view mode) per DatePicker fields * Sprint 26 (#446) * Adding missing icons to fields Adding missing icons to fields on contact details, edit and new screens. * FAB action colors giving the fab actions a different color to help quickly identify each action. * Add initial comment icon * reformatting Icon code for consitency * fix icon from user to users for group edit screen on the group edit screen it used incorrectly a singular icon for group name instead of the group icon. And minor code cleanup. * Add new group icons Group name and Group type * import status icon; remformatted code identations * Adding status icons to contacts and group screens * resolves #259 and adds colors to icons * styling for addIcons & removeIcons * added icon for milestone Added around lines 3014 and 3100 the icon "Octicons" incon named "milestone". * added fieldsIcons style fieldsIcons: { height: 20, width: 20, }, * minor sizing adjustments to the icons * Resolve #407 * Resolves #424 * refinements to remove code conflicts * fix for church_start_date bad alignment * Resolve #405 Co-authored-by: Mike Allbutt <yo@ur.id.au> Co-authored-by: Zachary McCoy <191707+zdmc23@users.noreply.github.com> * Resolves #403 - Group FAB button \(temporarily Comments only until D.T is ready with Activities) * Resolves #447 - case-insensitive comment authorship check * Icons and UIX adjustments (#449) * group date icons using fonts replaced the icons to use fonts * Swapping icons & adjusting spacings assigned_to and subassigned now use the same icons as the website; contact relation icon better represents what the field relats to; * FAB icon bottom padding Increased so that the FAB does not block the last items on the screen. * Include support for Serbian, Slovenian, and Croatian languages; updates to existing languages files * Include new languages in Moment to handle TZ; update language labels * Ui comments - edit and delete for contacts and groups (#451) * Reduced icon sizes & aligned vertically * Modifying the Delete & Edit buttons * Re-inserted the "editComment" and "deleteComment" lines * "delete" added to the language files added "delete" and used the existing text from the "deleteComment" translation - becuase it should be the same. * Fix some RTL layouts on Contact Details * RTL - fixes for text that was incorrectly aligning to the left and not right (#453) * aligned text to right if RTL URL and username field now align right when RTL is set. This also address an issue with #372 by reducing the height of the DT logo. * aligned text in connections fields * added this.props.isRTL to various fields * aligning fields in group record * aligning the lists The text of list items now correctly align to the left or right, depending on the language direction. * Fix text layout issue for iOS, and accomodate for "notch" per logo * minor design adjustments (#454) * Resolves #455 - Do not show FAB button in Edit Mode Co-authored-by: Mike Allbutt <yo@ur.id.au> Co-authored-by: Hans Rasch <raschdiaz@gmail.com> Co-authored-by: MexSurfer <43966676+mikeallbutt@users.noreply.github.com>
* Adding missing icons to fields Adding missing icons to fields on contact details, edit and new screens. * FAB action colors giving the fab actions a different color to help quickly identify each action. * Add initial comment icon * reformatting Icon code for consitency * fix icon from user to users for group edit screen on the group edit screen it used incorrectly a singular icon for group name instead of the group icon. And minor code cleanup. * Add new group icons Group name and Group type * import status icon; remformatted code identations * Adding status icons to contacts and group screens * resolves #259 and adds colors to icons * styling for addIcons & removeIcons * added icon for milestone Added around lines 3014 and 3100 the icon "Octicons" incon named "milestone". * added fieldsIcons style fieldsIcons: { height: 20, width: 20, }, * minor sizing adjustments to the icons * Resolve #407 * Resolves #424 * refinements to remove code conflicts * fix for church_start_date bad alignment * Resolve #405 * Resolves #375 * Resolves #416 * Resolves #416 * Resolves #375 * Resolves #366 * Remove console log * Merge fix Co-authored-by: Mike Allbutt <yo@ur.id.au> Co-authored-by: Zachary McCoy <191707+zdmc23@users.noreply.github.com>
Observed on iOS 13.6
User not accessible as
Assigned Tobut IS accessible asSub-assigned to, and then disappears from ContactSteps to reproduce:
No full name = new contact in headerContactM.S. Useris inaccessible (no link to click thru to Contact Details screen)Mike A.linkM.S. Useris now accessibleM.S. UserM.S. UserNo full name = new contact in header) has no detail forAssigned ToorSub-assigned tofieldsFor reference, please see video:
https://youtu.be/oR8lDkDiybo
The text was updated successfully, but these errors were encountered: