2sxc: `App` module added by `Content Managers` role doesn't allow `Choose App`

I’m submitting a … [x] bug report

…about [x] edit experience / UI [x] admin experience UI [x] app permissions [x] other / unknown

Current behavior We are experiencing this issue on a net new site.

Here is our scenario:

  • DNN 9.10.2
  • 2sxc 12.8.1
  • Have a role called “Content Managers” and they have “Edit” rights on pages.
  • Have applied “Can Deploy” to “Content Managers” for “App” extension.

A user belonging to Content Managers is able to add an “App” module to a page. However, they do not have the ability to Choose App in 2sxc.

In 2sxc, I have tried enabling the Feature for Permission by Group / Role. Then for the relevant app, I updated App Permissions to add a Security Rule for the appropriate RoleId (the one that matches the Content Managers role) and gave it Edit (Create, Read, Update, Delete) rights. It still didn’t work, so I even tried giving it Full Control (usually host only). That didn’t work either.

Any other ideas? What the heck am I missing?

I found this SO post helpful, but unfortunately, it just doesn’t work for me. ☹️ https://stackoverflow.com/questions/58293074/best-way-to-implement-basic-content-manager-permissions

Expected behavior The experience for Content Managers should be the same as it is for App modules that were previously added by Admin or Super User. They should have the ability to Choose App and select the appropriate layout/view, and subsequently manage the content. Those seem to work just fine for Content Managers, but they also need to be able to successfully add new App modules to the page and work with them.

Instructions to Reproduce the Problem Follow the setup in the Current behavior section:

  • Create Content Managers role
  • Assign Edit rights at the DNN page level.
  • Within DNN Extensions, mark the App module with Can Deploy rights for Content Managers.
  • Add Permission by Group / Role in 2sxc.
  • Add app permissions security rule for Content Managers RoleId with Edit (Create, Read, Update, Delete).
  • Login as user belonging to Content Managers role.
  • Add App module to page for which the user has page Edit rights.
  • See issue with not being able to Choose App.

Why change the behavior? It currently seems to be a bug.

Your environment See below.

  • 2sxc version(s): 12.8.0/12.8.1 (tested on both)
  • Browser: [all]
  • DNN: [9.10.2]
  • Language: [any/all]

Anything you would like to add

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 30 (12 by maintainers)

Commits related to this issue

Most upvoted comments

image

+4
david-poindexter on Feb 19, 2022

@david-poindexter Thanks for being my first sponsor!

+2
iJungleboy on Feb 20, 2022

I truly appreciate that all this was discussed publicly and to a reasonable conclusion. Very seriously, thank you Daniel - and thank you David!!

+2
jeremy-farrance on Feb 19, 2022

We’ve added docs to explain what LTS means, and will link this in future LTS releases.

👉 https://r.2sxc.org/lts

+1
iJungleboy on Feb 19, 2022

@iJungleboy I have huge respect for anyone participating and supporting open-source initiatives. That includes you and your team! 😉

I also understand that you are leveraging this open-source project to actually generate revenue for your business, so although it is nice to hear the sentiment of such charity, it is not completely out of charity alone. 😉 Taking a solution that works for your business and making it open-source is brilliant and we do the exact same thing with some of our open-source projects. I guess we just have a different mindset on how we approach sponsored changes from community users of our open-source projects. Because we use the tool to help us make money, it seems only fair (from our perspective) that we split the cost with the sponsor for changes that will provide us (and others) benefits from the proposed changes. In practice, this has worked really well for us over the years and it helps us “partner” with our community to move things forward that are mutually beneficial, and without high development fees for our community. On the flip side, sometimes we have clients that want changes to the underlying solution. For those, we charge standard rates because it is a specific client request and billable accordingly. This too has worked well for us over the years.

Open-source is not an exact science and we all have our own unique experiences. So, to each his own I suppose. I was just a bit shocked at the posture, for a BUG on an LTS version, and I have hardly ever asked for anything from this project. Anyway, we’ll see what our client says, but I doubt they are going to shell out $840 USD to fix something that they were expecting to work from the beginning. Oh, and by the way, the hard sell for us is that the rate is higher than our agreed-upon rate for development in the first place. So then we are in a position of potentially having to pay for something just to “save face” with our client. It is a very uncomfortable position to be in, but I fully understand the risks of using open-source software solutions. I just expected otherwise from such a seasoned project as 2sxc. 😢

Regarding the use of LTS, I now better understand your dilemma. Thanks for explaining. I am pretty sure most outsiders will not view LTS in the same way though, so this may need to be thought through a bit more to come up with something that is clearer to users. As @jeremy-farrance pointed out, LTS has a very specific meaning and expectations come with that meaning.

+1
david-poindexter on Feb 19, 2022

Based on what you have said, please consider not labelling versions LTS in the future. Free or not, LTS has a specific meaning and I recommend you just don’t bother with the label again because it sets an expectation and not following through creates a serious “negative delta.”

I love 2sxc and I hope you take this input as professionally as it is intended. Thank you!!

+1
jeremy-farrance on Feb 16, 2022

We believe it will be solved in 13.02

+1
iJungleboy on Feb 16, 2022

@david-poindexter Yeah, I realized that was a difference in our use cases & wanted to clarify that point. I think it would be important that any solution to your scenario still leave the developer in control of allowing or disallowing that roles ability to add new modules.

+1
BillyShelton on Feb 14, 2022

I just wanted to add my experience with this in hopes of giving additional usage information.

I am running into a similar issue, but simply trying to give the Content Manager CRUD and the ability to reorder the items in the list view.

My Setup:

  • DNN 9.10.2
  • 2Sxc 13.0.0
  • DNN Role called Content Manager that does NOT have edit rights on the page
  • 2Sxc App with Content Type and List View
  • 2Sxc App Feature “Permission by Group/Role” enabled

In App Permissions, I add a permission for the Content Manager using the DNN Role ID and Grant “All Content” OR “Full Control”.

The user then has the ability to Create, Read, and Update an item on the view. The user cannot Delete an item or modify the order of items in the list view.

The post to /api/2sxc/cms/list/delete?index=3&parent=&fields= returns a 401. As does the post to /api/2sxc/cms/list/move.

+1
BillyShelton on Feb 7, 2022

I am having a hard time understanding why nobody else is running into this issue after all this time. 🤔

+1
david-poindexter on Feb 3, 2022

My guess is that somewhere during the last year our checks for edit-permissions became checks for Is-Admin. We’ll have to review this, could take 2-3 weeks.

+1
iJungleboy on Feb 3, 2022
Read more comments on GitHub
← 2sxc: All custom API calls return 404 in the last couple updates
2sxc: During Edit.TagToolbar customization when moving edit button to a different group and adding a custom button everything breaks and whole page becomes unclickable. →