My feedback (and bug report) for Cockpit 2.x

Cockpit 2 - Feedback and bugs

I spent the last 3 days with reading a lot of the source code and testing the new, fancy Cockpit version 2. I like it :slight_smile: - @artur: Well done.

There are a few bugs and I made many notes. I’m not motivated, to open an issue for each point, but I want to share them before they are outdated.

Now I merged my old bugs.md from March 2022 with my hand written notes from the last days. If something is unclear, just leave me a note and I’ll elaborate.

Setup

Cockpit Version: 2.0.2 (latest develop branch, commit 1b31bcde19de17ab3973976cb614e1f96776f021, Sun Jul 31 03:50:53 2022 +0200)

Desktop

OS: OpenSUSE Tumbleweed (latest)
DE: i3
Browser: Firefox 102.0.1 (64-bit)
Firefox-Add-ons: uBlock Origin, NoScript, Decentraleyes, KeePassXC-Browser, BlockTube, Facebook Container

mobile

OS: LineageOS 19.1 (latest) (Android 12)
Browser: Fennec 103.1.0 (based on Firefox for Android)
Firefox-Add-ons: uBlock Origin, NoScript, Decentraleyes

Host

PHP 8.1 Docker image with apache
Image: Docker Hub
Dockerfile: dockerfiles/Dockerfile at master · raffaelj/dockerfiles · GitHub

Some issues on my mobile device might be related to a bad internet connection. I sat in the garden and lost the Wifi signal multiple times.

Bugs, notes, feedback

found between March and July 2022

  • top bar icons for offcanvas and home are counter-intuitive
    • At the top left should be an icon with three dots or three lines to display the offcanvas menu.
    • The CP logo with the text “Cockpit” should sit next to the offcanvas icon and point to home.
  • [a11y] Boolean buttons in field settings modal should have clickable labels
  • missing content.save.before event
    • I want to validate and modify data before it is written to the database.
  • [a11y] keyboard navigation
    • → seems possible, but requires a lot of tabbing
    • skip links to main content would be nice
    • input fields are hidden behind fixed footer when navigating wit tab key
  • rename “master” branch to “main”
  • [Question] Will Lexy templating come back?

found since 2022-07-31

  • defines.php in .gitignore
    • defines.php is not included in /index.php or /bootstrap.php. Will it come back? Otherwise it can be removed from.gitignore.
  • check for App class, should be Cockpit class in /install/index.php (If I remember correctly, “Cockpit” was named “App” in a very old version from last year.)
  • create user
    • Only “Saving failed” when creating user with email address, that is used by a different user. The XHR response has the correct error message, it just doesn’t show up in the UI.
    • role should be displayed in user list
  • privacy/GDPR
    • user IPs are logged on login
  • resource lock doesn’t update properly
    • beforeunload event is not reliable for firing XHR requests - I’m not sure, if I disabled it or if this is disabled in Firefox by default for security and privacy reasons.
  • [mobile] login form too wide
    • I can move the form to the left and right while touching. I can’t reproduce that issue on the desktop with dev tools and responsive design mode.
    • Maybe the pulse animation creates a wider wrapper, that isn’t reset properly.
  • [mobile] some close icons of modals are hard to spot, e. g. “Upload File” modal
  • [mobile] json view of logged item too big (height)
    • I had to scroll to spot the back button, which wasn’t obvious.
  • I like the new way of including admin and api files after triggering events. If I’m right, I can now trigger the rest api event with a custom cli command to fake api calls and pipe the json output to a different software :slight_smile:
  • Pro addons are closed source :frowning:
  • denying access to *.php files via .htaccess is new. I like it :slight_smile:
  • [security] open route /app.i18n.data.js - available without login
  • Asyn class, finished method → tmp/ in file path missing
  • [permissions] [security] open routes (multi user setup with backend access)
    • /collections/find/{model}
    • /tree/find/{model}
    • /tree/load/{model}
    • /tree/updateOrder/{model}
  • [typo] field description of Number field “Quantity[t]”
  • [typo] /modules/Content/assets/js/content.js “field-contentItem[t]link”
  • [Question] How to disable big red state/publish field?
  • [Question] How to set default state to published?
  • user i18n is not changable
  • [mobile] freeze while scrolling in modal “Select field type”
    • Maybe because of nested modal and some js scroll events, which cause a loop…?
  • no noscript tag/message on login page
  • I like the conditional fields :slight_smile:
    • [Question] How to validate via PHP? → maybe use Cassis (subset of PHP and JS for dual use scripts)?
    • if a conditional field is required, but the condition to display it isn’t met, it is impossible to save an entry (In my case a required select box - if the item “other” is selected, an extra text field pops up, which should also be required)
      • Workaround: Don’t set conditional fields as required
      • Feature request: conditionally require fields
  • [Question] How to restrict editing of entry to creator (per user and per group)?
  • [Question] How can I add custom user data or role data (German: Stammdaten)?
  • boolean field icon has a different color (light red), than all other field icons
  • [Question] How can I display the name of _by and _mby in entry view?
    • → field type “account” with name _by, set to readonly
  • [forum] We need a new category “Cockpit 2” and we should enable tags. If we can batch edit all existing posts, we could change the existing categories to tags and use “Cockpit 0-1” and “Cockpit >2” as categories (or something in this direction).
  • user with a role without “publish” permission still has the publish select box and gets a success message after saving - but the permission works and the edited entry keeps it’s old state.
  • [Question] What is the “meta” field of models?
  • [Question] How to set field width? → espacially useful with conditional fields (like the boolean fields of the model permission page, where the extra settings only show after clicking the read permission)
  • [Question] What are the list options in the field settings? Bug? Or maybe for an not implemented auto-complete feature…?
  • [Question] How to add dashboard items?
  • [permissions] Assets folder permissions have no effect - I was able to change folder without permission.
    • create
    • edit
    • delete
  • [Question] How to change $envDir?
  • [Question] What’s the goal with /.spaces?
    • They seem great for quick tests with data and user separation.
    • But addons aren’t separated, so changing an addon in a new test space won’t work and hard coded collection names can lead to errors in the test space, if that collection doesn’t exist.
    • also assets aren’t separated (yet).
  • [TODO] test collection links - espacially for non-protected routes in multi user setups with backend access
1 Like

Hey Raffael :wave:

Thanks for your time diving deeper into Cockpit. Now I need some time to go through that list :sweat_smile:

Some of your addressed issues are already fixed in the develop branch. More to come.

Thanks again for your great feedback :pray:

Cheers
Artur