Adds "safe deletion" functionality to journalist interface #5770
Conversation
|
This pull request introduces 1 alert when merging 59d8ebf into bf2cc5b - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging 9783f5c into bf2cc5b - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging cf95945 into 31d1b7a - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging ab6686c into 31d1b7a - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging 40007dc into 5395bbc - view on LGTM.com new alerts:
|
zenmonkeykstop
requested review from
kushaldas and
redshiftzero
as code owners
zenmonkeykstop
force-pushed
the
nellie-bly
branch
2 times, most recently
from
d8789e8 to
123bb3a
Compare
There was a problem hiding this comment.
Thanks @zenmonkeykstop (and @ninavizz and @rmol) for these changes. I went through the test plan in staging VMs, both JavaScript enabled and disabled. Functionally (other than the AppArmor rules, see inline) the changes here work well, and the test plan completes successfully in staging VMs. See inline comments for discussion
As @zenmonkeykstop has stated previously, we will need to update some screenshots of the journalist guide after merging these changes, we should track as an issue in the docs repo.
Finally, prior to merge, we should squash some commits (specifically lint/typo related ones), if possible.
files+messages (JS enabled)
- log into the SI and submit multiple messages/files
- log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
- a server call is not made, and a modal is displayed under the Delete button asking the user to select one or more checkboxes.
- select the checkbox for the source created above in the "All Sources" page and Click Delete..:
- a modal is displayed under the delete button giving the option to delete files and messages, delete source accounts, or cancel - the number of sources selected is also displayed.
- click Cancel
- The source entry is present and its file/message counts are unchanged
- ensure that the source is selected and click Delete.. again, then click Files and Messages
- A success flash message is displayed
- The source is still present and its file/message counts are both
0
- in the SI, submit a message
- The message is submitted successfully
- in the JI, when the All Sources page is refreshed the message count is now 1.
- clicking on the source codename opens the source page, the message is listed and can be downloaded.
- on the source page, a reply can be successfully sent to the source
- Return to the All Sources page, select the source, and choose Delete > Files and Messages
- The source is present and counts are 0
- clicking through to the source page works and no files/messages/replies are listed.
- In the SI, submit some more messages/files, then log out, create a new source account, and submit more messages. Repeat to create a total of 3 sources with submissions.
- In the JI, return to the All Sources page.
- select two sources, choose Delete > Files and Messages
- both sources are present with zeroed file/message counts
- the third source is present and its counts are unchanged (and non-zero)
source accounts (JS enabled)
- log into the SI, recording the source codename, and submit multiple messages/files
- log into the JI and select the checkbox for the source created above in the "All Sources" page
- Click Delete..:
- a modal is displayed under the delete button giving the option to delete files and messages, delete source accounts, or cancel, the count of selected sources is also displayed
- Click Source Accounts
- A second explanatory modal is displayed giving the option to cancel or delete source accounts
- Click Yes, Delete Source Accounts
- a success flash message is displayed and the source account is removed from the listing
- the source's files are all queued for deletion on the server
- the source's database entry is deleted
- the sources' reply key is deleted.
- return to the SI and attempt to log in as the source
- the source codename is not found.
- In the SI, log in with a new account submit some more messages/files, then log out, create a new source account, and submit more messages. Repeat to create a total of 3 sources with submissions.
- return to the JI and open the All Sources page
- select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
- a success flash message is displayed
- the two sources selected are deleted from the All sources page and the server (store/db/reply key)
- the remaining source is unaffected.
JS disabled
- test cases above pass with the the following exceptions
- the selected source count is not displayed on the initial deletion modal
- the modals are centered in the page, not displayed under the delete button
- a flash error message is displayed if the user clicks Delete on All Sources when nothing is selected
Flash message styling
- Flash message styling matches the examples in Update JI/AI Flash Messaging Styles #5767 (see comments inline)
UX changes
- UX changes conform to the descriptions in "Safe Delete" project delivery #5766 (see comments inline)
| {% elif category == "error" %} | ||
| <img src="{{ url_for('static', filename='i/font-awesome/exclamation-triangle-black.png') }}" height="17" width="20"> | ||
| <img src="{{ url_for('static', filename='i/flash-error.png') }}" height="30" width="9"> |
There was a problem hiding this comment.
To me, based on the examples provided in the parent issue, the exclamation icon here might look slightly too large/tall high, at least in the login error page, when compared to #5767 (comment)
In #5767 the text (presumably "login failed" is also bolded and the same color as the icon, is this something we want to apply here, or defer to later? Similar improvements are already visible in the alert below:
For reference, is what the flash text looked like before the changes introduced here:
There was a problem hiding this comment.
Sizes are as specified in #5767, though I do agree that they seem a little on the big side. Updating the Login failed text.
There was a problem hiding this comment.
Here's the exclamation/error flash icon set to height="25" and width="7" . I think it looks better and is more aligned with the mockups in #5767, but feel free to disregard this suggestion.
install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2
Show resolved
Hide resolved
zenmonkeykstop
force-pushed
the
nellie-bly
branch
from
79052d7 to
f74d7ad
Compare
There was a problem hiding this comment.
I went through the latest changes and all looks great with and without JavaScript enabled on the Journalist Interface, on staging instance.
Other than a reply to an inline comment (flash icon), one last comment; it looks like the box size is different here, likely due to the font weird difference between the two buttons.
In the prototype, their height was the same and their the font weight also appears to be the same across the two buttons:
Other than that, It's good to merge from my perspective. Given the scope and the nature of these changes, I would appreciate if @rmol or @eloquence could take one final quick pass.
Thanks again @zenmonkeykstop
|
Fixed the font-weight which also seems to address the button size disparity - those buttons have similar dimensions/margins/padding otherwise. |
Taking a look now. |
securedrop/journalist_app/utils.py
Outdated
| Markup( | ||
| ngettext( | ||
| '<b>Success!</b> The account and all data for {num} source have been deleted.', | ||
| '<b>Success!</b> The accounts and all data for {num} sources have been deleted', |
There was a problem hiding this comment.
Final . is missing in the plural variant.
|
To begin with, stepping through the test plan, before more styling review and exploratory testing. Tested in Docker dev env only. Functionality looks great at a high level. files+messages (JS enabled)
source accounts (JS enabled)
JS disabled
Regarding the on-disk behavior, attaching sample log output as well for an account deletion. Dev env log of source account deletion |
securedrop/journalist_templates/_sources_confirmation_modal.html
Outdated
Show resolved
Hide resolved
securedrop/journalist_templates/_sources_confirmation_modal.html
Outdated
Show resolved
Hide resolved
| @@ -6,4 +6,5 @@ | |||
| <div id="select-none-string" hidden>{{ gettext('Select None') }}</div> | |||
| <div id="delete-user-confirm-string" hidden>{{ gettext('Are you sure you want to delete the user {username}?') }}</div> | |||
| <div id="reset-user-mfa-confirm-string" hidden>{{ gettext('Are you sure you want to reset two-factor authentication for {username}?') }}</div> | |||
| <div id="sources-selected" hidden>{{ gettext('Sources selected: ') }}</div> | |||
There was a problem hiding this comment.
If I'm not mistaken, this string is a compromise to accommodate lack of pluralization support in our current solution for managing client-side strings. It may be worth at least minimally augmenting the get_string JS function to support fetching basic singular/plural variants so we can use more human-friendly strings. For any changes to the JI, including admin features, this problem is likely to arise again in future. I understand this may be pushing it for 1.8.0.
There was a problem hiding this comment.
Yup @rmol and I briefly discussed this. Having some way to properly handle translateable JS strings would be useful, but it's not going to happen for this release.
There was a problem hiding this comment.
The consensus among Arabic translators was that this usage ("Things: x") is not optimal, but people would understand.
securedrop/journalist_templates/_sources_confirmation_final_modal.html
Outdated
Show resolved
Hide resolved
securedrop/journalist_templates/_sources_confirmation_final_modal.html
Outdated
Show resolved
Hide resolved
securedrop/sass/modules/_flash.sass
Outdated
|
|
||
| &.notification | ||
| border: 1px solid #8ed9f6 | ||
| background-color: #e3f7fc | ||
| background-color: $color_notification_background |
There was a problem hiding this comment.
Because this is a shared module, these changes bleed into the Source Interface, while the icon changes do not. As a consequence, some Source Interface messages are now a hybrid between the old style and the new style. Case in point (rendered without border but with old icon):
Since we are updating the shared style, I think it would be reasonable to update the impacted icon(s) in the Source Interface flash template as well, and make sure that all notifications look how we want them to.
There was a problem hiding this comment.
I'm actually gonna split them for now - all old style for source, new style for Journalist - as a) the SI has different notification states, so we may not want to use the same icons, b) there would probably be text updates needed in there too, and c) if there are text updates, we're adding even more to translator workflow for this release. Should also reduce release QA reqs.
If there isn't already a ticket for improving the SI flash messaging, we should put one in. Otherwise this is just scope creep, and a bit late in the process for it.
securedrop/journalist_templates/_sources_confirmation_final_modal.html
Outdated
Show resolved
Hide resolved
|
Done with my detail review for today (can take a second pass or help with some of the potential changes if desired), mostly nits from my end. I'll open up a smol docs PR now without screenshots since small aspects may still change around a little bit. Q: Will this already auto-generate screenshots via the functional tests? |
- added option to delete store data while retaining a source's account - added double modal confirm for source account deletion on All Sources page - added extra functionality whe Javascript enabled to provide more information on deletion operations - updated related strings and flash messages to accurately describe impact and results of deletion operations - updated source deletion UI on single sources page - updated flash message styling and icons - replaced references to "documents" with "submissions" or "files and messages" in strings - other misc UX fixes
zenmonkeykstop
force-pushed
the
nellie-bly
branch
from
85824cc to
d033d0e
Compare
|
This pull request introduces 1 alert when merging d033d0e into 88ac049 - view on LGTM.com new alerts:
|
zenmonkeykstop
force-pushed
the
nellie-bly
branch
from
d033d0e to
af05801
Compare
zenmonkeykstop
force-pushed
the
nellie-bly
branch
from
af05801 to
b9b3ae8
Compare
| {% elif category == "error" %} | ||
| <img src="{{ url_for('static', filename='i/font-awesome/exclamation-triangle-black.png') }}" height="17" width="20"> | ||
| <img src="{{ url_for('static', filename='i/flash-error.png') }}" height="30" width="9"> |
There was a problem hiding this comment.
Thanks @zenmonkeykstop for your patience and hard work on this one, went through the latest round of changes visually and functionally, and look good to me.
Status
Ready for review
Description of Changes
Fixes #5766
Fixes #5767
Testing
files+messages (JS enabled)
0source accounts (JS enabled)
JS disabled
Flash message styling
UX changes
Deployment
Checklist
If you made changes to the server application code:
make lint) and tests (make test) pass in the development containerIf you added or removed a file deployed with the application:
If you made non-trivial code changes:
Choose one of the following: