Use select2 for the groups excluded from sharing in admin page #10968
Conversation
|
CC @ser72 this should fix the admin page slowness, check it out! |
|
@butonic @PVince81 @MTRichards Tested with an LDAP consisting of 10000 users. Admin page hangs with Sharepoint integration, and I assume it will with Windows Network Drive as well, however I am having issues enabling that app. 👎 |
|
🚀 Test Passed. 🚀 |
|
🚀 Test Passed. 🚀 |
|
@ser72 you have issue enabling the app because the app page is slow ? |
|
Added select2 on the apps page as well. Fixes #9012 Will rebase now. |
The ajax call is now using ajax/appconfig.php instead
Moved setupGroupsSelect() from admin.js to a common settings.js as OC.Settings.setupGoupsSelect(). Now using select2 as well on the apps page.
PVince81
force-pushed
the
admin-groupsselect2
branch
from
bde9641 to
0d28ba0
Compare
|
Rebased. @ser72 please try again: the apps page should be more responsive now. Please review @icewind1991 @schiesbn @butonic @owncloud/designers Two things to look at now:
Have fun 😄 |
|
🚀 Test Passed. 🚀 |
| callback(selection); | ||
| }, | ||
| formatResult: function (element) { | ||
| return element.displayname; |
There was a problem hiding this comment.
💣 💣 💣
👎 XSS detected - you need to escape this. (escapeHTML(element.displayname))
💣 💣 💣
|
|
@LukasReschke select2 already escapes this internally, that's why I removed the escapeHTML things. From the docs: http://ivaynberg.github.io/select2/ But I'll double check with a debugger. I didn't know group names could have a comma !? I'm pretty sure that will break other parts of OC as well. Is there a safer separator ? (select2 can work with a configurable separator) |
Well, it doesn't change anything about the fact that this is exploitable. Do not trust the docs ;-) |
What about JSON serialize the data? |
|
The dumb thing is that if I manually escape markup in "formatResults()" I'll need to override "escapeMarkup()" from select2 to disable escaping... else it will double escape. Is that what we want ? select2 still needs a separator to be able to parse the initial value from the hidden "input" field and also to be able to store the values back there. |
|
The format of "exclude groups" in the config is currently comma separated. |
|
Raised comma=>json task as #10983 |
Added explicit escaping. Now internally using a pipe symbol as separator for select2, to make it possible to use group names containing commas.
|
To avoid having to make complex changes that affect other parts of ownCloud I settled on using a pipe symbol internally to make it work with select2.
Please review/try again. |
|
💣 Test Failed. 💣 |
|
👍 @th3fallen Please review. Thanks! |
|
Also @owncloud/designers please confirm that it looks ok UX-wise |
|
I fixed the select box style to fit into the ownCloud style. @owncloud/designers please review. |
|
💣 Test Failed. 💣 |
To avoid making a server request every time the dropdown opens, the whole list of groups are cached (from the last request): Whenever the user types in a search term it will still send server requests.
|
A new inspection was created. |
|
I was worried that select2 was making too many ajax requests so I've added a local JS cache that contains all groups. This way when opening the dropdown again it will not redo the request. However if you type in search terms it will make ajax requests (uncached). |
|
@blizzz I saw in some other issue/PR related to the share autocomplete (the one that returns only 15 entries) that it is not good to use the Do you think that issue would apply here as well ? |
|
I have not seen a corresponding line here, or is it included in /settings/ajax/grouplist? In general yes, the group backend cannot properly search users, only user backends can. We should look into a more general solution for it. |
|
@blizzz I haven't checked the backend code, am just using this endpoint and but the search seems to work. So it's probably filtered by our own code, not the backend ? |
|
On a second glance i don't see that users are search for at all, also not in settings/ajax/grouplist. Searching groups using the group backend is of course totally correct. |
|
@blizzz if you don't see anything against this ticket then we can merge it ? |
|
reviewed and tested 👍 |
|
@owncloud-bot retest this please |
|
🚀 Test Passed. 🚀 |
Use select2 for the groups excluded from sharing in admin page
|
@karlitschek Another goldy that is crying "Backport me, please!" ;-) |
|
yes. please backport |
|
I'm on it. |
First commit moves select2 to core
Second commit uses select2 in the admin page for the groups selection:
Please review @schiesbn @owncloud/designers @butonic @MTRichards @LukasReschke
Fixes #10936
Fixes second part of #9014
If you guys like it I'll do the same for the apps page, next.