Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show infonav button to project viewers for linked entity lists #897

Open
2 tasks
matthew-white opened this issue Feb 18, 2025 · 0 comments
Open
2 tasks

Show infonav button to project viewers for linked entity lists #897

matthew-white opened this issue Feb 18, 2025 · 0 comments
Labels
backend Requires a change to the API server frontend Requires a change to the UI needs testing Needs manual testing

Comments

@matthew-white
Copy link
Member

For #827, we plan to add an infonav button to form pages that will link to each entity list that the form uses or updates. However, as we're currently implementing it, it won't be possible for project viewers to view this infonav button. This issue is to change Backend and Frontend so that it will be possible for project viewers to view the infonav button.

Background: To retrieve the list of entity lists that the form uses or updates, Frontend sends two requests. These are the same as the two requests that the form overview used to send before we removed it in #865:

  1. A request for the form attachments of the latest published version of the form. From this, we can get the list of entity lists that the form uses.
  2. A request for the "dataset diff", from which we can get the list of entity lists that the form updates.

The difficulty is that requesting the dataset diff requires the user to be able to form.update, which a project viewer cannot. The dataset diff endpoint is unusual in that it requires permission for both a form verb (form.update) and a dataset verb (dataset.list). There's an explanation for why that is above the endpoint for the dataset diff of the form draft (here). I think it makes a lot of sense that both a form verb and a dataset verb are required. However, I don't understand why form.update is required specifically. The endpoint is read-only, so I feel like form.read would be sufficient. A project viewer does have that verb, so if we only checked for that, a project viewer would be able to request the dataset diff.

My proposal for this issue is that we update the dataset diff endpoints to require the form.update verb instead of form.read. My guess as to why we required form.update before is that a main way that the dataset diff is used is to publish a form draft. In the context of publishing a form, we show the user what changes to entity lists would be made if the form were published. In order to see that page in Frontend, you need to be able to form.update, since that verb is required to publish a form draft. I think we used a stricter verb on the endpoint than we needed to, and it just hasn't been an issue up until now, because project viewers have never needed to access dataset diffs. Note that project viewers weren't permitted to view the form overview, which is the other place where Frontend used to request a dataset diff.

Whoever works on this issue should confirm that that makes sense, but it's hard for me to think of why we would require form.update instead of form.read. I'm pretty sure that project viewers have other ways to access all the information we return in dataset diffs. Project viewers can read entity lists, including linkedForms and sourceForms, and they can read the form definitions of forms and form drafts, as well as form attachments.

Currently, Frontend will only send the two requests mentioned above if the user can form.update. That adds a little complexity to Frontend, so it'd be nice to do away with that conditionality. It also the potential to delay the request, since we need the project response before we can check the verbs on it. Once we change Backend, we should change Frontend so that it always sends those requests.

As a final note, one idea I thought about was to work around the form.update requirement of the dataset diff by requesting the entire list of entity lists from the .../datasets endpoint. That would even have the benefit of being a single request instead of the two we're currently sending. However, while the endpoint for an individual dataset includes properties for linkedForms and sourceForms, the .../datasets endpoint does not. Note that this is not related to extended metadata. Requesting extended metadata for the .../datasets endpoint returns summary-statistic properties for entities, lastEntity, and conflicts, but it does not return linkedForms and sourceForms. On the other hand, the endpoint for an individual dataset returns linkedForms and sourceForms even if extended metadata is not requested. I don't think any of that needs to change, but I wanted to mention that I looked into this idea.

Summary of proposed to-dos:

  • Change the dataset diff endpoints in Backend (form draft + published form) so that they only require form.read, not form.update.
  • Change Frontend so that it doesn't check form.update before sending the two requests above and instead just always sends them immediately.
@matthew-white matthew-white added backend Requires a change to the API server frontend Requires a change to the UI needs testing Needs manual testing labels Feb 18, 2025
@github-project-automation github-project-automation bot moved this to 🕒 backlog in ODK Central Feb 18, 2025
@matthew-white matthew-white mentioned this issue Feb 21, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Requires a change to the API server frontend Requires a change to the UI needs testing Needs manual testing
Projects
ODK Central
Status: 🕒 backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matthew-white