-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI to manage users/permissions for the content libraries [FC-0062] #1362
UI to manage users/permissions for the content libraries [FC-0062] #1362
Conversation
Thanks for the pull request, @pomegranited! What's next?Please work through the following steps to get your changes ready for engineering review: 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. 🔘 Let us know that your PR is ready for review:Who will review my changes?This repository is currently maintained by Where can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:
When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
c5ab164
to
bd21593
Compare
56078bd
to
c9b5d2f
Compare
which allows Library Admins to add Readers, Authors, and other Admin users to the list of people who can access a Library. * Readers can only see the library, but not its Team. * Authors can see the Library Team, but cannot alter it. * Admins can update the Library Team. Modal is triggered from a button on the LibraryInfo sidebar which is only accessible to users who can edit the library.
c9b5d2f
to
06fff10
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1362 +/- ##
==========================================
- Coverage 93.04% 93.04% -0.01%
==========================================
Files 1036 1043 +7
Lines 19743 19954 +211
Branches 4174 4233 +59
==========================================
+ Hits 18370 18566 +196
- Misses 1311 1323 +12
- Partials 62 65 +3 ☔ View full report in Codecov by Sentry. |
@@ -0,0 +1,61 @@ | |||
import { useIntl } from '@edx/frontend-platform/i18n'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The library-team UI borrows heavily from the course-team UI. I initially tried to factor out the common parts so we could re-use components. But there were so many subtle differences between them -- 3 roles instead of 2, different text, the "allow public" toggle switch -- that it made the code really hard to read and use. So I ended up just copying over what I needed, though I did decide to use some css classes to keep a consistent appearance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Thank you for your work, @pomegranited!
- I tested this using the instructions from the PR
- I read through the code
- I checked for accessibility issues
- Includes documentation
Some comments:
- The user can "Manage Tags" (at least try to) in the readonly mode. We are addressing it in at least 2 other PRs, but I think we should also need it here.
In the private window, refresh the library page.
You should see a spinner and 403 errors in the Network tab.
I don't think this is a BIG issue, but because we use a token on the meilisearch queries it will still work. We can reduce the token expiry, as I think it is currently set to one week.
* camel-case the updated library data before storing it in the cache * add validation for the email on the Add Team Member form * remove showToast from the useCallback context (console errors) * key field only needs to be locally unique * updates comments on "don't demote/delete the single Admin member"
I looked into this and it's more complicated than it seems on the surface because of how complicated our tagging permissions are :/ Have raised #1376 to address this, because it's going to require both backend + frontend changes to fix. |
and makes minor mods to the UI/data to fix a label and a data type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great. Nice work!
src/library-authoring/data/api.ts
Outdated
export interface LibraryTeamMember { | ||
username: string; | ||
email: string; | ||
accessLevel: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we define this as a LibraryRole
type instead? Or at least 'admin' | 'author' | 'read'
instead of string
.
Thanks for catching those type issues @bradenmacdonald ! Addressed and ready for your review/merge. |
92aaa33
to
17ec568
Compare
Description
Adds a modal UI to add/remove users from the Library Team, with different roles: Admin, Author, or Reader
Also updates the Libraries UI to ensure read-only users can't see the Publish, Revert, or Add Tags buttons -- these would only throw errors as the user doesn't have permission on the backend.
This change impacts Content Authors using Libraries V2.
Screenshots
Admin view
Author view
Reader view
Supporting information
Part of: #1342
Resolves: #1376
Private-ref: FAL-3869
Testing instructions
You will need 1 or 2 extra users for these tests.
You should see yourself as an Admin.
That user should be added to the Team as a Reader.
Confirm that you can view the library and its components, but cannot edit anything.
Confirm that you cannot see any "Publish" , "Revert changes", or "Manage Access" buttons in the library sidebar.
Confirm that you can now edit/publish/revert the library and its components.
Click "Manage Access" in the library sidebar, and confirm that you can see the Library Team, but cannot make any changes.
Confirm that you can now edit/publish/revert the library and its components.
Click "Manage Access" in the library sidebar, and confirm that you can edit the Library Team.
This should remove access to the library for that user.
You should see a spinner and 403 errors in the Network tab.
The "Libraries" list will not contain this library.
Confirm that this setting saves as expected.
Confirm that you can view the library and its components, but cannot edit anything.
Confirm that you cannot see any "Publish" , "Revert changes", or "Manage Access" buttons in the library sidebar.
Author Concerns