Form preview is using "dump" to show submission results. This should work without the debug bar.

Submitting the modal with an enter key press does not work.
Because the submit button is not inside the form tag, sadly but true

To be investigated how the api should evolve.
Adding a swagger would be nice for new users.
Adding rate limiting?

Discuss PEP/PDP/PAP...
https://www.yenlo.com/blog/api-policies-pap-pdp-pep-and-pip.-oh-my

The current API token system is a lightweight version that might benefit from this. (or not?)

Why

When comparing environments, sometimes only a subset of data needs to be published. When environments are not synced, or when many maintainances are ongoing, the risk of error is growing.
Therefore we should be able to attach revisions to a release, and publish (apply) that release to an environment.

How

As discussed with Mathieu:

• No changes in the UX when creating and editing content revisions
• Have an admin view "Releases" in which
  • new releases can be created
  • existing releases can be applied to an existing environment
  • a release can be reverted

Create a new release

• Chose a name and add revisions to your release.
• By default all content is shown to be selected, showing the most recent changed revisions first. Only revisions in their default environment are available to select.
• Facets are available to filter on content type.
• Search field is available to filter (at least introducing the ouuid of a revision should work)

Apply a release

• Select an environment to apply the release to.
• If the selected environment is the default environment of a release, nothing happens
• if the selected environment is another environment, the revision in the default environment will be published to that environment
• Save this action to allow for a revert
  • Store database ID of every revision that was originally in the "to" environment

Revert the application of a release

• Select an applied release to rollback
• Verify for every stored database ID that it is still available (with revision_to date null) --> This might not be a good check!
• If the rollback is possible: apply it
• Else generate an error message that rollback is not possible

When we remove a child type from a json menu structure.

Any existing document using this type, is throwing an error.

Cause because we want to get the node which is not there anymore.

Simple case:

• Club content type with a multiple data link field related_players.
• Player content type with a single or multiple data link field type called club(s) and a update referrers value related_players
  If we create or update a player and we change the club, the referred club field related_players will be updated.

Advanced case (jsonMenuNested)

A content type called structure for creating league nodes, which can contain club nodes, which can contain player nodes. The player node has a data link field type to the player document. When we save the structure, all changed player nodes should be updated.
A content type called player which should contain the club based from the structure.

Issues

• To many revisions: a dashboard view for managing a structure, is already creating a lot of revisions. Now also updating the related changed relationships, will create even more revisions.

Todo

• The revision event listener, which is responsible for updating changed relationships, should NOT touch revisions that are already in draft. This relationship will be updated on finalization of the draft, but what if the draft gets discard? The relationship is broken.

Proposal

Image we can define a new view type: searchable. In this view we can query for documents, normally starting from the attached contentType. And it will create new documents. This way we can merge documents and make it easy for the frontend to aggregate.

This view should be called after rebuild, reindex, recompute. And maybe also if we finalize a revision passing the revision ouuid, so that the view knows he only needs too recreate for the passed revision.

If something changed in the jsonMenuNested, instead of updating the referrer (+++revisions), we are just triggering the new view type and passing the ouuids. The view will then update the passed ouuids.

Once at night to be sure, we can just rebuild the searchable view types.

I have a field EMS\CoreBundle\Form\DataField\SelectFieldType defined with the options :

true
false

But it gets indexed as strings ("true", "false") but I want to get the real boolean values out of it in elasticsearch

And so remove class aliases from the services.yml file

When a user logs in for the first time, he should be required to change his password.

Alternatively, there should be a checkbox "user is required to change their password" on the create user form, which is checked by default.

Make the copy/paste fully javascript. Currently you get redirect to the raw view and then need to go back for pasting the copied data.

Also nice improvement: When pasting the copied data, show a modal for modifying the copied data before pasting it.

Some route shoulb be defined for some role. The user should be able to login based on a user defined in a ems content type

The command "php bin/console ems:env:align preview template --force" crashes after exactly 5 minutes with the following error message:

Message: "" {"exception":"[object] (Elasticsearch\\Common\\Exceptions\\Forbidden403Exception(code: 403):  at /opt/src/vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php:600)","command":"'ems:env:align' preview template --force --verbose","message":""} []
09:32:20 ERROR     [console] Error thrown while running command "'ems:env:align' preview template --force --verbose". Message: "" ["exception" => Elasticsearch\Common\Exceptions\Forbidden403Exception^ { …},"command" => "'ems:env:align' preview template --force --verbose","message" => ""]
In Connection.php line 600:  [Elasticsearch\Common\Exceptions\Forbidden403Exception (403)]  

Specifying the ScrollSize and ScrollTimeout doesn't seem to make a difference.

According to some fora, this error usually relates to lack of space. The command works locally so most likely server limitations are the cause. However, we need to adapt the script to bypass these limitations (e.g. bulkSize parameter)

With that approach it will be easier to add a processor. In this bundle or somewhere else. Like a processor specific to the core or a project specific processor.

The processor will be identified with the config attribute _config_type.

Once this refactoring done, with 3 first processors; default, image, zip, a next processor could be a chained one allowing to apply multiple config:

{
     "_config_type": "chain",
     "_chained": [{
          "_config_type": "rotate-image",
          "_rotate": 66
     },{
          "_config_type": "image",
          "_flip_horizontal": true
     }] 
}

The silent publish does not work for multiplex fields

example document:

{"fr":{"title":"Title FR","structure":"{}"},"nl":{"title":"Title NL","structure":"{}"}}

They controller should support nl.structure as field_document.

src/Controller/Revision/JsonMenuNestedController.php -> silentPublish(...

$rawData = $revision->getRawData();
RecursiveMapper::mapPropertyValue($rawData, function (string $property, $v) use ($field, $updateJson) {

Suggestion improve the RecursiveMapper function so that he return the full property path.

https://github.com/ems-project/EMSCoreBundle/blob/bfd0c4c9cd6ebd573534fdf27dd08adf8df1d930/Service/DataService.php#L83

When we define the max value of a collectionFieldType and there is no data we get a warning

Warning: count(): Parameter must be an array or an object that implements Countable

if (!empty($restrictionOptions['max']) && \count($dataField->getRawData()) > $restrictionOptions['max']) {

in vendor/elasticms/core-bundle/src/Form/DataField/CollectionFieldType.php (line 156)

Expected Behavior

When you impersonate a user using the "Switch User" button. You can go back to your own user/rights using the "Exit" button. However, it is possible to ge back in the browser history and find yourself on a page where you are your own again (without using the Exit button).

When the back button is used, and you find yourself on the page of your own user without using the "exit" button. You should either get an error and offered the option to click on "exit". Or the "exit" functionality should automatically trigger. --> Whenever using "Back" on the browser, the user token should be verified to be the one corresponding to the page we opened.

Current Behavior

When going back to your original user via the "browser back button". You are presented the screen of your own user. However if you decide to perform an action (e.g. edit a user) you get a "access denied" error.

Possible Solution

Steps to Reproduce

1. In a backend, go to the /user url.
2. Click on "switch user" for a user that has minimal permissions
3. Use the browser back button.
4. Click on "edit" button next to a user
5. Access denied error will be thrown as the system thinks you are still impersonating the user, however the system is showing you as your own user.

Context (Environment)

Detailed Description

Possible Implementation

The "edit structure" page of any content type that has a substantial amount of fields loads slow.
Route: /content-type/structure/{id}

This is because we load 3 modals (+field, options, duplicate) for every field.

Possible solutions are to optimize the page by reusing fields, making the modals load with ajax or moving the modals to different routes. To be discussed.

https://github.com/ems-project/EMSCoreBundle/blob/81425d55ee3686b97df89cb6b85eabd82fba7c00/src/Resources/config/controllers.xml#L8

Currently, for each contenttype we can define a create and edit role. However, if you only have the create role, you can create a new draft. Which redirects to the edit route, for which you do not have permissions.

So you can create empty drafts, but not fill in any details.

Can we define what should happen in this case? Is this expected behavior? Should we not split up these two permissions? Or should "create" be able to do the very first "finalize" step?

How to reproduce:

• create an internal link pointing to a page, Save and close
• Edit the link: the id is displayed instead of the label

Today we have one datatransformer available for fields that are 100% numeric:

• EMS\FormBundle\Components\DataTransformers\ForgivingNumberDataTransformer

The same DataTransformer should be created for alphanumeric fields:

• EMS\FormBundle\Components\DataTransformers\ForgivingAlphaNumericDataTransformer

And this should be made extendeable so that we can add custom dataTransformers for specific custom fields.

The DB endpoint should not use Symfony by default (via config). We should be able from one backend to post into multiple databases. This would align the strategy of the DBsubmit to the strategy of our other submits.

Stop using @route annotation and move to XML route definition

The goals are :

• remove the hard dependency with Admin-LTE
• lighten our dependencies and update them
• try to choose and use 1 script by need/feature: e.g. date-time-range-picker (5 scripts) or sortable/draggable (4 scripts)
• update dev dependencies (Webpack 5)

Dependencies

Dependencies Admin-lte

Dev dependencies

Just like the datatables the JsonMenuNested should use the asset saveConfig, for preventing that url's and post data get's to big.

Config & defaultData parameter.

Static applications might reference pages on websites generated by the ClientHelperBundle. However, the title of a page determines the URL, so the URL changes on every title update.

Problem

This requires a deployement to fix these static applications.

Solution

Generate permalinks for every page that uses dynamic slugs for access.

Proposition

We could make it possible to access a page through its technical details, for example:
/_locale/permalink/<content_type_name>/<_ouiid>

• Nice to have: an automatic redirect to the more readable slug, which requires reverse engineering of the routing configurations [at a first glance this seems hard to achief]
• There might be issues with contents that are not accessible "on their own", for example content that is only shown in a list would now be accessible directly using its permalink.

Suggestion (keep version):

When we create a new version we now create a new revision with a new ouuid. We should keep the ouuid and give the pervious version a new ouuid. This solves the following issue:

• Tasks are saved on a revision, creating a new version is not moving the tasks.
• Internal links are not going to the current version.

Switching the ouuid or changing the ouuid on the previous version, we should update offcourse all revisions of that version (silent publications)

See PR ems-project/EMSFormBundle#210 for more information.
To be non breaking, a "ChoiceWithDuplicateValues" or something alike should be created, and the values should be explicitly set by us when configuring the choices.

The EMSCO_PUBLIC_KEY is not used in any service, we are just looking at the private key.
We should also make a seperate SigningService and remove logic from DataService

For the documentation:

• EMSCO_PUBLIC_KEY (mandatory): Path to a public key. The public key file needs to be in OpenSSH's format. It should look something like: ssh-rsa AAAAB3NzaC1yc2EAAA....NX6sqSnHA8= rsa-key-20121110
• EMSCO_PRIVATE_KEY (mandatory): Path to a private key.

For Mistatis, after import via Logstash, it is necessary to point the Alias to the new index via an action in the CMS.

We should think about a way to log information when is_bool returns false. That would make it easier for debugging of custom expressions written in the backend of our forms.

For example: creation of an expressionLanguageService that covers the try/catch block, and adds logging in the case that an expression does not evaluate to a boolean.

Example:
"orejime-v1.2.3.js.twig" => ["orejime", "v", "1", "1.2", "1.2.3", "js", "twig"]

Right now it's impossible because Standard analyzer cannot split words by dots, and simple analyzer filters out the numbers.

Maybe we should look at the pattern tokenizer? https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pattern-tokenizer.html

We should add a new role for allowing switch users

Should be fixed, but we should rethink how we handle error messages (translations in submission)

Related to:

ems-project/EMSFormBundle#224

In the searchDocuments function yields an array of documents at each scroll instead of one document at the time.

Originally posted by @theus77 in ems-project/EMSCoreBundle#595 (comment)