Core Data: Add entity prop locking and use it in the Site Title block.#18772
Core Data: Add entity prop locking and use it in the Site Title block.#18772epiqueras wants to merge 3 commits into
Conversation
epiqueras
added
[Package] Core data
epiqueras
requested review from
Soean,
ajitbohra,
chrisvanpatten,
jorgefilipecosta,
mkaz,
nerrad,
talldan and
youknowriad
as code owners
youknowriad
left a comment
youknowriad
left a comment
There was a problem hiding this comment.
Not sure I understand why we need the ability to lock properties, for me this is more a value that comes built-in depending on the role of the logged-in user instead of something you should/can set.
|
Locking will be necessary in situations outside of user permissions/authentication (think Newspack blocks) and even the way we query user permissions can vary enough that we benefit from making this general in the framework. Compare the changes to |
epiqueras
force-pushed
the
add/entity-prop-locking
branch
from
4908880 to
63378bf
Compare
|
I'm still not convinced here to be honest. It's not about the consuming API itself which I'm fine with but it's just a duplicate of It's more about the responsibilities. I don't think locked properties should be defined in the entity config as they can change per user, we should just consume them from the existing Rest APIs and I don't think a public |
Think about cases where a prop may be locked for different reasons in different circumstances and this doesn't map directly to things like @mtias also has more thoughts on this. |
I wonder, then, if this is the right tool for the job. We might want to take a broader look at what "modes" could be and how core and third parties would implement them. Otherwise we may be conflating concerns between pure permissions and user-activated restrictions. For instance, my initial impression is that an API like |
|
Let's close this PR for the reasons you stated. #18956 paves a better way forward by generalizing
And keep all the permissions logic coherent. It might require some extensions to the API. Still, this way, we can keep the permissions logic in the server where the data is. |
5 participants
Description
This PR addresses a need found by #18760 and is an alternative to it.
Certain entity props, like a site's title, should not always be editable depending on editing context and/or user permissions. The framework should provide a declarative way of "locking" these props.
This PR provides a way to define default "locked" values for different entity types in their configs, and a way to track and edit these values on a per-entity-record basis. The "locked" values can either be literals that will be wrapped in getters, i.e.
true, becomes() => trueand means a prop is locked,falseorundefinedmeans it's not, or they can be functions that will be pre-bound toselect.This approach allows for simplicity and the flexibility for consumers to derive the values based on any state, like the site entity config does in this PR with
canUser.Additionally,
useEntityProp's setter now throws a warning when trying to set a value for a locked prop, and it also returns a third variable, the evaluated "locked" value for the specified prop. This made the changes needed in the Site Title block minimal and it made it really easy to avoid forking the rendering path when the site title is locked.How has this been tested?
It was verified that using the Site Title block logged in as a contributor renders it disabled.
Types of Changes
New Feature:
core-dataentities now support locked entity props for managing props that shouldn't be editable under certain context and/or with certain user permission levels.Checklist: