Handle plugin settings with up to date patterns#15
Conversation
|
Goal is update plugin settings to use vue.js on the frontend and latest patterns for API on the backend
@ewhanson @Touhidur - can you please help with reviewing the backend patterns (creating endpoints, permission check, validation) to make sure I got these right? |
|
The old way how this was handled with the manage method relied a lot on the Plugin class I think. There is quite a lot of code for each plugin to handle by themselves. Just as a general question would it be possible to have some of this in the core which plugins could use with less code of their own? |
|
@ajnyga Thats for sure to consider. On the front-end part I addressed that with the FormModal, so unless you need something very custom - you can handle lots of use cases with just configuring the form on php side. On the API side - there might be opportunity to move something to the Plugin.php. Want to make sure first I am using right building blocks there.. and than maybe we will find some parts that would work for 90% plugins that could be added to the Plugin.php. But not 100% sure yet if we find enough that could be abstracted out to justify abstractions. |
|
Hi @jardakotesovec , just a note about a minor instructions issue. It says:
However, the button label is "Save" |
|
Hey @jardakotesovec!
I think a general approach like this is a good idea, but not something I would want to rush in as part of a sprint. If you have some feedback that could go into an issue of what types of things it would be helpful if a plugin provided some scaffolding for (particularly around permissions and endpoints), we could use that as a starting point. In the meantime, if you haven't already looked at this, there have been some improvements in handling custom plugin API endpoints, added in pkp/pkp-lib#12050. |
ewhanson
left a comment
There was a problem hiding this comment.
Hey @jardakotesovec, just a couple of thoughts and questions related to some of the backend/API work. Nothing really a "must do," just some ideas. Thanks!
| { | ||
| public function getHandlerPath(): string | ||
| { | ||
| return 'plugin/allowedUploads'; |
There was a problem hiding this comment.
I think including plugin in the path is good practice in general to help make the endpoint more specific and it's function more apparent, but my preference would be to have it be plural, e.g. plugins/allowedUploads. This would also be applicable anywhere else the path is used.
I also wonder if it would be good practice (assuming it's used entirely within PHP in this case) to use a constant for the handler path so it's not being manually duplicated across the plugin.
| public function getActions($request, $verb) | ||
| { | ||
| $router = $request->getRouter(); | ||
| $context = $request->getContext(); |
There was a problem hiding this comment.
Not sure if this matters, but something to consider: it looks like this plugin is not available as a site-wide plugin (which makes sense). What happens if people attempt to access it in a site wide way? Is it impossible to reach that state here (since it's assumed there is a context and that it cannot be null? It seems like this is covered in the API controller fine, but thought I would check.
| $this->addField(new FieldText('allowedExtensions', [ | ||
| 'label' => __('plugins.generic.allowedUploads.manager.settings.allowedExtensions'), | ||
| 'description' => __('plugins.generic.allowedUploads.manager.settings.description'), | ||
| 'value' => '', |
There was a problem hiding this comment.
I don't know if this changes anything based on the updates here, but how does the plugin handle an empty string for this value? Is an empty string distinct from the idea of a null value? (Not necessarily in the form field, but for the setting value in general?)
| return [ | ||
| 'has.user', | ||
| 'has.context', | ||
| self::roleAuthorizer([ |
There was a problem hiding this comment.
These permissions should probably follow somehow whether the plugin is a site level plugin or a context level plugin and like you mentioned elsewhere, this could maybe be logic that each plugin does not have to define by themselves?
There was a problem hiding this comment.
These permissions should probably follow somehow whether the plugin is a site level plugin or a context level plugin
kind of but not also fully like that . I do agree that has.context is related to being site/context only but others are more like generic one that control all the routes global requirements .
Actually getRouteGroupMiddleware is build with that purpose where we can can have the general middleware at global level for the controller class so that any routes defined in the getGroupRoutes will have those auto applied .
…ndpoint and reduce duplications
…use in that case controller is not created
Uh oh!
There was an error while loading. Please reload this page.