COmanage Developers List

[Arlen Johnson <>]

Hi, Ioannis and Benn -

This is how I might approach this question in the UI which is basically proposal #2 combined with a simple version of #3: place the prefix next to the field to make it obvious what's happening without making the prefix part of the post. The prefix can dealt with by the back-end. The approach requires some styling to keep the elements together, but that's simple. I've changed the helper text from "must be prefixed" to "will be prefixed":

Best, Arlen

On 2/10/20 7:53 AM, Benn Oshrin wrote:

    Hi
      Ioannis,
      
      
      Since the browser cannot be trusted (for the most part, though
      Cake does provide form tampering detection), we must validate the
      username in the backend regardless. You can see this validation in
      Model/ApiUser.php:beforeSave(). If the user submits an invalid
      username, the check will fail and an error will be displayed.
      
      
      The question then is how much effort should we put into the
      frontend to "lock down" the field? We prepopulate the prefix and
      put an informational advice in the field description, so most
      users will have enough context to do the right thing. For those
      who don't, after the form is submitted they will see an error
      message.
      
      
      Proposals 1 and 3 make it harder for the user to submit an
      incorrect value, but (1) it should be pretty rare for this to
      happen and (2) it adds code that needs to be maintained. (In
      particular frontend code that tends to be fragile as browsers
      evolve.)
      
      
      Proposal 2 is functionally the same as the current implementation,
      except without the visual cue to the user as the prefix
      requirement, so I do not think we should take this approach.
      
      
      For the other two proposals, I'll ask Arlen (our UX lead) to
      comment as to whether it is worth it or not.
      
      
      Thanks,
      
      
      -Benn-
      
      
      On 2/10/20 2:01 AM, Ioannis Igoumenos wrote:
      
> Hi Benn,
>         
>         
>         i was working on the changes of the REST API user and i have a
>         question.
>         
>         
>         Currently, the edit view creates the prefix but gives the
>         opportunity to
>         
>         the admin to change it. Put it simply, the prefix is editable,
>         which i
>         
>         think is not the wright path.
>         
>         
>         So, while trying to implement a non editable prefix,e.g. co_xx,
>         i could
>         
>         not decide how to present this to the user. What is you opinion?
>         
>         
>         1. Add the prefix in the text field and use _javascript_ to
>         disable edit
>         
>         
>         2. The username should provide only the username and we add the
>         prefix
>         
>         in the beforeSave event. In the view that we list all the API
>         users we
>         
>         will provide the full form of the username.
>         
>         
>         3. A css solution of a non editable text field/label that will
>         be
>         
>         behind/prepend the existing one. On submit we will add the
>         prefix in the
>         
>         beforeSave function.
>         
>         
>         
>         Regards,
>         
>         
>         Ioannis
>         
>         
>