Custom widgets: warn user it's risky #1423
Conversation
manuhabitela
force-pushed
the
issue-1338-custom-widget-warning
branch
from
8739304 to
9758d08
Compare
|
I need to update the tests but the implementation is already reviewable if anyone wanna check early! |
|
@lusebille you'll notice a few things don't exactly match your figma design, for example the ordering of confirm / cancel buttons. I did it that way because modals in grist usually have those buttons rendered like that (I actually discovered that when seeing how modals were built in the code). Is this okay or should I do some specific design here? |
|
@manuhabitela ok I still think it's really more natural to have validation button on the right ( and it's much more common) but I understand we need to keep Grist homegenous ( the solution might to change it everywhere but should be another ticket anyway ) |
manuhabitela
force-pushed
the
issue-1338-custom-widget-warning
branch
8 times, most recently
from
80bf1b2 to
d8b21e4
Compare
|
After discovering the tests suite more I ended up removing my small change of making the URL input required for custom url widgets. Looks like it's actually a feature and not a bug to allow empty strings and overall it implied a bit more change than I thought that I'm not even sure is welcomed haha. I left the change to force entering a valid URL if you input something though. This is good to review for me! Appart the code review, on the design part, question remains about the placement of confirm/save button: either specifically put them on the right as per Lucie's mockup, or leave them as is (on the left) to follow usual modal buttons placement in Grist, and maybe challenge this UI choice in a global way later. |
|
hi @manuhabitela, thanks for this, could you resolve the conflicts that have accumulated so I can stick up a preview of this to show around? |
manuhabitela
force-pushed
the
issue-1338-custom-widget-warning
branch
from
d8b21e4 to
e58c14f
Compare
|
Oops sorry, done. I realize with the merge conflict, that this commit seems to have introduced a somewhat similar idea I had on the markdown side. Maybe it could be reused. Seeing the code though it seems the linked commit doesn't actually returns html not wrapped in |
|
Deployed commit |
|
(just adding a screenshot from the preview, for context) |
| ? 'img/security-alert.png' | ||
| : 'img/security-alert-dark-theme.png'; | ||
|
|
||
| return new Promise<boolean>((resolve) => { |
There was a problem hiding this comment.
Can you refactor this, and create the save modal outside of the promise? Example of such modal is in modals.ts function invokePrompt.
There was a problem hiding this comment.
Done! I'll let you check in case I misunderstood.
Is this a universal change that is intended to be shown to all users? If so, the reference to administrator & organization will be confusing to some or inaccurate for individuals. If this is universal, I feel like this could be greatly condensed. I also think showing the URL in question on this pane is useful. Something like:
If there are specific requirements that necessitate elements of this dialog, that would be good to know. Apologies if I've missed something! |
commit to fix PR feedback, to fixup after review
manuhabitela
force-pushed
the
issue-1338-custom-widget-warning
branch
from
7e889e4 to
7a7244f
Compare
|
Deployed commit |
|
Deployed commit |
|
Deployed commit |
|
Ok, code looks good, thank you for addressing my comments, but some other UX questions:
We can all do it in a separate PR if you want, just mentioning it, if you want to address it here. |
There was a problem hiding this comment.
Code looks ok, some UX questions above, but this is already a good improvement.
Thank you @manuhabitela.
|
Deployed commit |
|
Thanks for the thorough feedback @berhalak :)
Good catch, I'll fix code and change the tests for that case, you are completely right.
Oh, let me try to handle this quickly. So that the confirm is triggered by the widget customdef url change and not a specific user action. if I see it's too much changes maybe yeah this can be tackled later, I feel the most important part is when first adding the widget.
I feel it's not really necessary in my case? And rely on browser native url input check is sufficient to verify user input as this moment. |
manuhabitela
force-pushed
the
issue-1338-custom-widget-warning
branch
from
75fe467 to
f42bd9d
Compare
|
Deployed commit |
|
Deployed commit |
|
Deployed commit |
app/client/ui/CustomWidgetGallery.ts
Outdated
| @@ -330,7 +330,8 @@ class CustomWidgetGallery extends Disposable { | |||
| private async _validateSelectedWidget() { | |||
| const isCustomUrlWidget = this._selectedWidgetId.get() === CUSTOM_URL_WIDGET_ID; | |||
| if (isCustomUrlWidget) { | |||
| return this._customUrlInput?.reportValidity() && await userTrustsCustomWidget(); | |||
| return this._customUrlInput?.reportValidity() && | |||
| (!this._customUrl.get().length || await userTrustsCustomWidget()); | |||
There was a problem hiding this comment.
Nitpicking, ignore if you like:
- Hard to read, it would be better if this would look like the comment above
- Comment above is outdated
:)
There was a problem hiding this comment.
Man I can't figure out what comment you talk about haha. But I updated with something more readable!
There was a problem hiding this comment.
The jsdoc for this method. Thanks for updating, it looks very nice :)
app/client/ui/CustomSectionConfig.ts
Outdated
| @@ -558,9 +559,14 @@ export class CustomSectionConfig extends Disposable { | |||
| return cssCustomUrlDetails( | |||
| cssTextInput( | |||
| this._url, | |||
| async value => this._url.set(value), | |||
| async (value) => { | |||
| if ((!value.length || await userTrustsCustomWidget())) { | |||
There was a problem hiding this comment.
Too many ((, and shouldn't we check the validity here?
There was a problem hiding this comment.
Yeah I originally wanted to use the native reportValidity but for some reason I don't understand, it always returns true here… so the user doesn't get the native form validation with native browser message, unlike in the custom widgets gallery where it works.
So yeah I didn't use it. Sometimes those native apis are only usable if the browser detects we actually are in a user interaction, maybe something like that is the culprit. Really I'm surely missing something but I can't figure out what.
There was a problem hiding this comment.
(I removed the extra parentheses, thanks)
There was a problem hiding this comment.
Sorry for that. This is caused by the rawTextInput component in editableLabel.ts. It tries to be clever and disable the input before saving, so the reportValidity doesn't work. I'll file an issue for it.
|
Deployed commit |
app/client/ui/CustomSectionConfig.ts
Outdated
| @@ -558,9 +559,14 @@ export class CustomSectionConfig extends Disposable { | |||
| return cssCustomUrlDetails( | |||
| cssTextInput( | |||
| this._url, | |||
| async value => this._url.set(value), | |||
| async (value) => { | |||
| if ((!value.length || await userTrustsCustomWidget())) { | |||
There was a problem hiding this comment.
Sorry for that. This is caused by the rawTextInput component in editableLabel.ts. It tries to be clever and disable the input before saving, so the reportValidity doesn't work. I'll file an issue for it.
Context
Fixes #1338.
Proposed solution
I allowed myself to add a somewhat related commit for small issues I stumbled upon while working on this. So that we can't add custom url widgets without filling the url input correctly. Hope it's okay!
edit: the check preventing empty-url custom widgets has been removed. Only the check verifying valid URL string is still there
Here is a preview in video:
custom.widget.warning.mp4
edit: now the image used is specific to dark theme for better contrast
Here is what it looks like in dark mode:
Has this been tested?