? ? Pending

User tests: Successful: Unsuccessful:

avatar Ruud68
Ruud68
31 Mar 2018

Pull Request for New Feature.

Summary of Changes

previous discussion of several approaches that led to this solution:

Summary of Changes

This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields (and therefore for Joomla!) in ‘real-life’ implementations.

In this PR, #19884 is 'cherry picked' (currently in staging) as this is a required bug fix for com_fields.

Current Limitations

This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields in ‘real-life’ implementations.

Use Case com_fields and com_content:

I run a large blog site where the blogs are ‘enriched’ with custom fields to add credits, opengraph image / title / description, twitter card image / title / description to the blogs. The access to these field values must be set to public in order for visitors / facebook / twitter etc. to ‘see’ the given values.

These filling of these fields must be limited to the publisher role to avoid mis usage and to comply to site standards (for images).

The fields should be invisible to authors in order to avoid ‘support calls’: what are these fields for, why cannot I edit them, etc.

With the current configuration settings this is not possible:

  • Setting the Access to publisher will prevent the fields from displaying on the article editing / creation form, but will also only display the values set in these fields to publisher only: public / guest will not see the values set.
  • using show on administrator will partly work, but the publishers need to be able to login via the back-end. The show on parameter is ACL independent (simple toggle). Publishers do not have access to the back-end but need access to these fields via the front-end.
  • setting the ACL to only allow publishers to Edit Custom Field Value, will display the fields on everybody’s article edit / creation form (including authors) as read-only except for the groups that have the correct permissions. This will clutter the article edit / creation form with a lot of read-only fields with the possibility that in the long list of fields some fields are read-only and some are editable.

Use Case com_fields and com_users:

I run a membership site where users subscribe to a service. Depending on their subscription, values can be set in their user profile via com_fields. The amount of fields for all subscriptions total up to 50 fields.

The values set in these fields should be visible on the front-end (via a special view that reads the user’s set value (via com_fields api)), the access to these fields must be set to public in order for public and guests to see the values for a specific user.

Specific fields should only be visible on the user profile edit form for the groups the user is member of and where these fields should be assigned to.

  • Setting access to a field to the specific group that the fields belongs to does not work as this will also make the values set in these fields inaccessible to public. The values can only be seen by the users that have group membership the field access is set to
  • using show on administrator will now work, because it is a generic toggle that is independent of group ACL membership: They are either all shown or all invisible. Furthermore no users have access to the back-end.
  • Setting the ACL to only have specific user groups Edit Custom Field Value rights will display all fields on the user profile edit form: most read-only and some where values can be set. Only the fields where values can be set should be shown on the user edit profile form.

Furthermore: because the fields access is set to public, when a new user registers on the site, all (!) 50 fields are shown in the registration form as read-only, where the registering user needs to scroll down past all the read-only fields to reach the actual register button. Only the fields that are necessary in the form should be displayed.

Proposed Change

The current limitation lies in the fact that the access field is used for both the form AND for the values.

I propose to extend com_fields with an additional parameter: Display on Forms

The Display on Forms setting holds the group that a user needs to be member of in order to be able to see the field on the form.

The Display on Forms setting can be set on field level AND on group level, making the maintenance of large field sets easier as not every field needs to be modified when the Display on Forms setting value changes (can be set on fields group level).

Use Case com_fields and com_content:

With the proposed change, the following configuration can be set for the com_content fields:

  1. Access = Public (as the values set need to be displayed to visitors)
  2. Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
  3. ACL permission: set Edit Custom Field Value permission to publisher (only members of the publisher acl can set and edit the field values)
  4. (proposed setting) Display on Forms: set to publisher (only publishers will have the fields on the article edit / creation form.

Users that do not have sufficient Access rights to edit the fields will also not see these fields on the article edit / creation form. This will make the edit / create form very UX friendly as only relevant fields are displayed on the form!

Use Case com_fields and com_users:

With the proposed change, the following configuration can be set for the com_users fields:

  1. Access = Public (as the values set need to be displayed to visitors)
  2. Config setting Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
  3. ACL permission: set Edit Custom Field Value permission to public (only members of the public acl can set and edit the field values)
  4. (proposed config setting) Display on Forms: set to ‘subscription group’ (only subscribers to the ‘subscription group’ will have the fields on their user profile edit form.

The benefit here is that users that do not have sufficient Access rights to edit the fields will also not see these fields on their user profile edit form. This will make the edit form very UX friendly as only relevant fields are displayed on the form!

Testing Instructions

Test Case: com_users

  1. in com_users create a fields group:
  • title: user details
  • permissions: Edit Custom Field Value > public > allowed
  • Display on Forms (new field): Public
  1. in Com_users create 3 new fields:
  • title: address, type text, Display on Forms: registered, field group: user details
  • title: town, type text, Display on Forms: registered, field group: user details
  • title: country, type: text, Display on Forms: public, field group: user details
  1. In the front-end: register a new user account
    Without this PR: fields address, town and country are visible on registration form
    With this PR: only field country is visible on registration form
  2. In the front-end: login with user account en edit user profile
    all fields: address, town, country are visible
  3. In back-end:change com_user field town > Display on Forms = Author
  4. In the front-end: login with user account and edit user profile
    Fields: address and country are visible, town is not visible for this user
  5. change user group access to author, login with this user and edit user profile:
    all fields: address, town, country are visible

Test Case: com_content

  1. in com_user: create Viewing Access Levels for Author and Publisher
  2. in com_content create a fields group:
  • title: Blog info
  • permissions: Edit Custom Field Value > Author > allowed
  • Display on Forms (new field): Author
  1. in com_content create 3 new fields:
  • title: opengraph image, type: media, Display on Forms: publisher, field group: Blog info
  • title: opengraph description, type: editor, Display on Forms: publisher, field group: Blog info
  • title: credits, type: editor, Display on Forms: publisher + author, field group: Blog info
  1. Login on the front-end with a user account with author (no editor/ publisher etc.) rights and edit an article created by this user
    Without this PR, a tab Blog Info will be shown with all fields on it
    With this PR, a tab Blog Info will be shown with only the field 'Credits' shown
  2. In the back-end change the group for the user to publisher
  3. Repeat step 4
    A tab Blog info is shown with all three fields on it.

Expected result

in italics described above

Actual result

Fields are always displayed write or read-only

Documentation Changes Required

yes, com_fields gets new configuration field

EDIT: changed test instruction

avatar Ruud68 Ruud68 - open - 31 Mar 2018
avatar Ruud68 Ruud68 - change - 31 Mar 2018
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 31 Mar 2018
Category Administration com_fields Language & Strings
avatar Ruud68 Ruud68 - change - 1 Apr 2018
Labels Added: ? ?
avatar Quy
Quy - comment - 3 Apr 2018

Under Field Groups, swap Publishing and Options tabs to match under Fields.

Tested only with com_content and got all 3 fields with Author and 2 fields (no credits) with Publisher which are different than stated in the testing instructions.

avatar laoneo
laoneo - comment - 3 Apr 2018

In core we either have access levels for view access and permissions for editing. Just having a user group field is none of them and is for me a step into the wrong direction. I mean the edit.core.value permission defines who can edit the field. What we want to define basically is the behavior when no permissions are available but the user can edit the item in general. So for me, it would be enough to just have a hide/show switcher which defines if the field should be shown or not, when no permission is given.

avatar Ruud68
Ruud68 - comment - 3 Apr 2018

Under Field Groups, swap Publishing and Options tabs to match under Fields.

Can't seem to control that as this is automatically 'pulled-in' from the groups.xml file. Changing the order in the xml does not change the order in the form? Need to look into this (which for me isn't blocking). First need to get some more traction and direction in these PR's

Tested only with com_content and got all 3 fields with Author and 2 fields (no credits) with Publisher which are different than stated in the testing instructions.

You tested correct, the instructions where a copy and paste from the access_form view level PR. access levels are respecting hierarchy, so publisher also has author rights. when using groups however, publisher is publisher only. Will update test instructions Instructions updated :)

In core we either have access levels for view access and permissions for editing. Just having a user group field is none of them and is for me a step into the wrong direction.

There are two ways of getting this done: via access levels (see other PR) which raised a red flag as that was not the way to do it, and via user groups which... well...
This PR is NOT about edit rights, it is about displaying the field (for the component who utilizes com_fields) on the edit form

What we want to define basically is the behavior when no permissions are available but the user can edit the item in general. So for me, it would be enough to just have a hide/show switcher which defines if the field should be shown or not, when no permission is given.

That was also one of the cases I worked out, but although it does the initial requirement, it 'lacks' potential future use cases. Setting this on a usergroup / access level adds much more flexibility and functionality.

If only we could agree on the how...

The good thing here is that for me doing it via Access Levels or via User groups is both acceptable and doable.
The bad thing is that you can almost see me waving with something that looks like a white flag, but that actually is the towel I am about to throw in :S

avatar Ruud68 Ruud68 - change - 3 Apr 2018
The description was changed
avatar Ruud68 Ruud68 - edited - 3 Apr 2018
avatar Ruud68
Ruud68 - comment - 3 Apr 2018

Please do not complain that there is no choice :) #20068

So we now have a PR do do it via Access Level, a PR to do it via group membership and a PR to do it based on read-only rights....

avatar Quy Quy - change - 7 Apr 2018
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2018-04-07 14:55:16
Closed_By Quy
avatar joomla-cms-bot
joomla-cms-bot - comment - 7 Apr 2018

Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/20039

avatar joomla-cms-bot joomla-cms-bot - change - 7 Apr 2018
Closed_Date 2018-04-07 14:55:16 2018-04-07 14:55:17
Closed_By Quy joomla-cms-bot
avatar joomla-cms-bot joomla-cms-bot - close - 7 Apr 2018
avatar Quy
Quy - comment - 7 Apr 2018

Closing in favor for #20068


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20039.

Add a Comment

Login with GitHub to post a comment