ACL management in scope of organization and business unit
Main point of this story was to give administrator an ability to limit permissions for users on organization or business unit level. Users can now be assigned permissions of a role and in the same time assign a scope for this permission.
- Create and Edit actions now support only “None” or “System” ACL scope. Owner field on create and edit actions cannot view entities according to ACL levels (e.g. users, business unit. division. organizations etc.) it only works on “None” and “System” scope. This should be fixed in next sprint.
- Action buttons in grid rows, such as “View”, “Edit” and “Delete” displayed even if user has no permissions for these actions. If clicked a user will get an error message about his lack of permissions. Buttons are not visible only if ACL action is set to “None”.
- Search results has no filtering according to ACL access, search result will return all founded entities.
- Contact address ACL does not work.
- If ACL role was changed and pinned without saving, when user will return to pinned page all changes will be lost.
- If session is lost while on the edit/create role page user will not get any ACL dropdown opened.
“Option Set” Field Type for Entity Field
Implemented functionality for users with the ability to add select/multiselect attributes to extended entities. Users are able to create custom field with type “Option set”, set it as “select” or “multiselect”, add options, change options order and mark all options that will be selected by default.
Form validation improvements
Added form extension that will add data-validation attributes to all forms where it is needed.
Tabs implementation on entity view pages
Was refactored implementation of scrollSpy component re-initialization.
Title block of the tab hided if tab is active.
Last tab is scrollable to the top of the page.
Eliminated registry js-component
‘oro/registry’ component has been removed from UIBundle because it encourages writing tightly coupled components.
In the future, it would be great to minimize usage of global state in any form. For that matter we should always try to pass as little information as possible in the parameters to emitted events (either ‘oro/mediator’ or DOM-events) . By giving a reference to some private object in the parameters, we allow other components to save this link permanently and create potential memory leak.