My feedback (and bug report) for Cockpit 2.x

Cockpit v2
1

Cockpit 2 - Feedback and bugs

I spent the last 3 days with reading a lot of the source code and testing the new, fancy Cockpit version 2. I like it :slight_smile: - @artur: Well done.

There are a few bugs and I made many notes. Iā€™m not motivated, to open an issue for each point, but I want to share them before they are outdated.

Now I merged my old bugs.md from March 2022 with my hand written notes from the last days. If something is unclear, just leave me a note and Iā€™ll elaborate.

Setup

Cockpit Version: 2.0.2 (latest develop branch, commit 1b31bcde19de17ab3973976cb614e1f96776f021, Sun Jul 31 03:50:53 2022 +0200)

Desktop

OS: OpenSUSE Tumbleweed (latest)
DE: i3
Browser: Firefox 102.0.1 (64-bit)
Firefox-Add-ons: uBlock Origin, NoScript, Decentraleyes, KeePassXC-Browser, BlockTube, Facebook Container

mobile

OS: LineageOS 19.1 (latest) (Android 12)
Browser: Fennec 103.1.0 (based on Firefox for Android)
Firefox-Add-ons: uBlock Origin, NoScript, Decentraleyes

Host

PHP 8.1 Docker image with apache
Image: Docker Hub
Dockerfile: dockerfiles/Dockerfile at master Ā· raffaelj/dockerfiles Ā· GitHub

Some issues on my mobile device might be related to a bad internet connection. I sat in the garden and lost the Wifi signal multiple times.

Bugs, notes, feedback

found between March and July 2022

  • top bar icons for offcanvas and home are counter-intuitive
    • At the top left should be an icon with three dots or three lines to display the offcanvas menu.
    • The CP logo with the text ā€œCockpitā€ should sit next to the offcanvas icon and point to home.
  • [a11y] Boolean buttons in field settings modal should have clickable labels
  • missing content.save.before event
    • I want to validate and modify data before it is written to the database.
  • [a11y] keyboard navigation
    • ā†’ seems possible, but requires a lot of tabbing
    • skip links to main content would be nice
    • input fields are hidden behind fixed footer when navigating wit tab key
  • rename ā€œmasterā€ branch to ā€œmainā€
  • [Question] Will Lexy templating come back?

found since 2022-07-31

  • defines.php in .gitignore
    • defines.php is not included in /index.php or /bootstrap.php. Will it come back? Otherwise it can be removed from.gitignore.
  • check for App class, should be Cockpit class in /install/index.php (If I remember correctly, ā€œCockpitā€ was named ā€œAppā€ in a very old version from last year.)
  • create user
    • Only ā€œSaving failedā€ when creating user with email address, that is used by a different user. The XHR response has the correct error message, it just doesnā€™t show up in the UI.
    • role should be displayed in user list
  • privacy/GDPR
    • user IPs are logged on login
  • resource lock doesnā€™t update properly
    • beforeunload event is not reliable for firing XHR requests - Iā€™m not sure, if I disabled it or if this is disabled in Firefox by default for security and privacy reasons.
  • [mobile] login form too wide
    • I can move the form to the left and right while touching. I canā€™t reproduce that issue on the desktop with dev tools and responsive design mode.
    • Maybe the pulse animation creates a wider wrapper, that isnā€™t reset properly.
  • [mobile] some close icons of modals are hard to spot, e. g. ā€œUpload Fileā€ modal
  • [mobile] json view of logged item too big (height)
    • I had to scroll to spot the back button, which wasnā€™t obvious.
  • I like the new way of including admin and api files after triggering events. If Iā€™m right, I can now trigger the rest api event with a custom cli command to fake api calls and pipe the json output to a different software :slight_smile:
  • Pro addons are closed source :frowning:
  • denying access to *.php files via .htaccess is new. I like it :slight_smile:
  • [security] open route /app.i18n.data.js - available without login
  • Asyn class, finished method ā†’ tmp/ in file path missing
  • [permissions] [security] open routes (multi user setup with backend access)
    • /collections/find/{model}
    • /tree/find/{model}
    • /tree/load/{model}
    • /tree/updateOrder/{model}
  • [typo] field description of Number field ā€œQuantity[t]ā€
  • [typo] /modules/Content/assets/js/content.js ā€œfield-contentItem[t]linkā€
  • [Question] How to disable big red state/publish field?
  • [Question] How to set default state to published?
  • user i18n is not changable
  • [mobile] freeze while scrolling in modal ā€œSelect field typeā€
    • Maybe because of nested modal and some js scroll events, which cause a loopā€¦?
  • no noscript tag/message on login page
  • I like the conditional fields :slight_smile:
    • [Question] How to validate via PHP? ā†’ maybe use Cassis (subset of PHP and JS for dual use scripts)?
    • if a conditional field is required, but the condition to display it isnā€™t met, it is impossible to save an entry (In my case a required select box - if the item ā€œotherā€ is selected, an extra text field pops up, which should also be required)
      • Workaround: Donā€™t set conditional fields as required
      • Feature request: conditionally require fields
  • [Question] How to restrict editing of entry to creator (per user and per group)?
  • [Question] How can I add custom user data or role data (German: Stammdaten)?
  • boolean field icon has a different color (light red), than all other field icons
  • [Question] How can I display the name of _by and _mby in entry view?
    • ā†’ field type ā€œaccountā€ with name _by, set to readonly
  • [forum] We need a new category ā€œCockpit 2ā€ and we should enable tags. If we can batch edit all existing posts, we could change the existing categories to tags and use ā€œCockpit 0-1ā€ and ā€œCockpit >2ā€ as categories (or something in this direction).
  • user with a role without ā€œpublishā€ permission still has the publish select box and gets a success message after saving - but the permission works and the edited entry keeps itā€™s old state.
  • [Question] What is the ā€œmetaā€ field of models?
  • [Question] How to set field width? ā†’ espacially useful with conditional fields (like the boolean fields of the model permission page, where the extra settings only show after clicking the read permission)
  • [Question] What are the list options in the field settings? Bug? Or maybe for an not implemented auto-complete featureā€¦?
  • [Question] How to add dashboard items?
  • [permissions] Assets folder permissions have no effect - I was able to change folder without permission.
    • create
    • edit
    • delete
  • [Question] How to change $envDir?
  • [Question] Whatā€™s the goal with /.spaces?
    • They seem great for quick tests with data and user separation.
    • But addons arenā€™t separated, so changing an addon in a new test space wonā€™t work and hard coded collection names can lead to errors in the test space, if that collection doesnā€™t exist.
    • also assets arenā€™t separated (yet).
  • [TODO] test collection links - espacially for non-protected routes in multi user setups with backend access
2 Likes
2

Hey Raffael :wave:

Thanks for your time diving deeper into Cockpit. Now I need some time to go through that list :sweat_smile:

Some of your addressed issues are already fixed in the develop branch. More to come.

Thanks again for your great feedback :pray:

Cheers
Artur