Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update 'asset-permission' use in templating #968

Open
4 tasks
jrchudy opened this issue Oct 28, 2022 · 0 comments
Open
4 tasks

Update 'asset-permission' use in templating #968

jrchudy opened this issue Oct 28, 2022 · 0 comments
Labels
discussion required requires a discussion before moving forward

Comments

@jrchudy
Copy link
Member

jrchudy commented Oct 28, 2022

Improve how .asset-permission is applied in templating in cases outside of the default case. Currently the functionality is that we include the .asset-permission class during templating for asset columns default display if none is provided. This does a same origin check before adding the class.

Then chaise will add a click event to elements with this class and perform the same origin check again, before triggering a HEAD request to verify if the user has permission to view and download the asset.

In the case that a markdown pattern is supplied that includes the download attribute (used for download button UI), we should do the following:

  • if .asset-permission is not present, do the same origin check and add this class if the origin is the same
    • this will improve potential bad UX scenarios making sure the user has access before showing them an empty page
    • There shouldn't be an issue with making HEAD requests to cross origins for files
      • if we get 404, communicate to our users the link won't work
      • if we get 3XX, ignore the response and try anyways
  • add .no-asset-permission support to turn off this check for same origin downloads
    • I'm not sure if this is necessary except to reduce making more requests when there are no permissions policies in place
  • make sure error scenarios make sense in chaise
    • are there any errors returned by HEAD request that can be ignored and download anyway?
    • What to do for different error scenarios:
      • 3XX
      • 4XX
      • 5XX

Other changes:

  • add .no-external-link to turn off the feature on a per asset basis to behave similar to the chaise config property for just this asset (chaise config property)

Issue in chaise from when this was originally implemented.

@RFSH RFSH added the discussion required requires a discussion before moving forward label Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
discussion required requires a discussion before moving forward
Projects
None yet
Development

No branches or pull requests

2 participants