[PLIP-Advisories] [Plone development workspace] #10804: include workflow manager

Change notifications for Plone PLIPs on Trac. plone-plip-advisories at lists.plone.org
Sun Dec 30 19:34:08 UTC 2012


#10804: include workflow manager
-----------------------+-----------------------
  Reporter:  vangheem  |      Owner:  vangheem
      Type:  PLIP      |     Status:  confirmed
  Priority:  n/a       |  Milestone:  4.4
 Component:  Unknown   |    Version:
Resolution:            |   Keywords:
-----------------------+-----------------------

Comment (by MatthewWilkes):

 Here's some additional feedback from me:

 == Look and feel ==

 * The control panel navigation sidebar is missing when you go to the
 workflow manager
 * I agree with David that the bootstrappyness looks out of place in Plone
 * The states and transitions tabs should look more like the users and
 groups tabs in that control panel
 * If there are too many/long transitions for a state it breaks the layout
 to such an extent that it's very hard to read the table
 * Don't use an asterisk for initial state, we're in a rich UI, we can use
 some clearer styles
 * The front page of the workflow manager doesn't show much info on the
 workflows, it could do with more summary info

 == UX ==


 * The advanced > update security workflow strikes me as a little odd,
 perhaps it should just prompt you to do that when you modify security
 settings?
 * The permission names are understandably truncated, but I'm not sold on
 the hover, especially with the descriptions of permissions. I haven't read
 the code as I'm writing this, but I'm concerned where those are coming
 from.
 * The modify state page is quite confusing, I think it'd be better being
 linear and on its own page (this means back/forward would work right, as
 frapell mentions)
 * The Group Roles and Permissions Roles edit tables I think would be
 better under a separate edit button, and by default you can show a reduced
 groups/permissions mapping, which should make it both easier to understand
 and encourage people to use groups
 * I think sanity check should happen automatically on the overview page
 for a given workflow, with sane workflows passing silently and problematic
 ones being highlighted.
 * The help text for fields in a transition edit aren't very good, they
 should explain what something's for, not just reword their names
 * I think source states on transition edit is just there to be faithful to
 the ZMI, it's probably not necessary to have this exposed in two places
 * There should be better (I don't know how) integration with the types
 control panel

 == Code ==

 * permissions.py hard codes short forms of permission names, but this
 isn't developer extensible
 * allowed_guard_permissions seems to do translations of permission names,
 I haven't followed this through the code paths, but does this break other
 languages?

 Security looks good, as it's all browser views, but I've not checked every
 possible form for CSRF problems yet.

-- 
Ticket URL: <http://dev.plone.org/ticket/10804#comment:19>
Plone development workspace <https://dev.plone.org/>
Plone Enterprise Content Management System


More information about the PLIP-Advisories mailing list