Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improvements to the Limited Staff role experience #361

Open
jmakowski1123 opened this issue Jun 7, 2024 · 18 comments
Open

Improvements to the Limited Staff role experience #361

jmakowski1123 opened this issue Jun 7, 2024 · 18 comments
Assignees

Comments

@jmakowski1123
Copy link

jmakowski1123 commented Jun 7, 2024

The Limited Staff role needs some improvements to the user experience.

Currently, when a user with the Limited Staff role lands on a Studio Page in the new course-authoring MFE, they are blocked by a 403 error message, which contains json fields and is difficult to interpret. Minimally, the messaging could be improved to explain that the user is not granted access to Studio.

An enhancement can be made in the Studio experience such that users with this role do not see the "View this course in Studio" button. This will greatly reduce the chance of users trying to access parts of the platform that they don't have access to.

Copy link

github-actions bot commented Jun 7, 2024

Thanks for your submission, @openedx/open-edx-project-managers will review shortly.

@jmakowski1123
Copy link
Author

@arbrandes @brian-smith-tcril Could you please add any technical requirements you'd like to see here?

@brian-smith-tcril
Copy link

In order to be able to fully test the Limited Staff role UX, I'd want to know:

  • What pages are not accessible by Limited Staff?
    • If a Limited Staff user navigates directly to those pages (by entering a URL), what should they see?
      • Should they see the same thing on every page they cannot access?
      • Should they see the same thing as other roles that cannot access those pages?
  • What UI elements on pages Limited Staff can access exist that navigate to pages Limited Staff cannot access?
    • Are they currently visible by limited staff?
    • Should they be hidden/disabled?

Answers to the previous questions would help inform my thoughts on this from a technical implementation perspective:

  • If Limited Staff should see the same thing on every page they cannot access, and they should see the same thing as other roles that cannot access those pages, can we make a generic "you lack permission to see this page" page?
  • If all UI elements that navigate to pages Limited Staff cannot access should be hidden/disabled, and the same is true for any other role that cannot access a page, can we write generic "hide/disable based on role" logic to wrap navigation elements in?

@jmakowski1123
Copy link
Author

Limited Staff should not have access to any of the Studio pages in the course-authoring MFE.
In the LMS, Limited Staff have the same permissions as Course Staff.
Limited Staff should not see the button to "view this course in Studio" from the LMS. This will reduce chances for Limited Staff to land on Studio pages.
If Limited Staff land on a Studio page via a url, they should see a message indicating they do not have access to the page. This message can be the same for any Studio url.

@0x29a as the contributing author for this role, is there anything you'd add here? openedx/edx-platform#32570

@0x29a
Copy link

0x29a commented Jun 11, 2024

as the contributing author for this role, is there anything you'd add here?

No, @jmakowski1123, this description is correct. cc @Agrendalath

@itsjeyd
Copy link

itsjeyd commented Sep 7, 2024

@jmakowski1123 It looks like the following PRs are providing a partial implementation of this proposal:

Could you please have a look at those and let us know what the next steps are from the product perspective?

CC @mphilbrick211

@itsjeyd
Copy link

itsjeyd commented Sep 20, 2024

@jmakowski1123 Could you please have a look at the comment above and let us know how to proceed?

(Happy to ping someone else from the product working group if you'd prefer. Let me know.)

@ali-hugo
Copy link

ali-hugo commented Oct 16, 2024

@itsjeyd I stand to be corrected, but I don't think that #1436: hide studio button for limited staff would need additional product review considering @jmakowski1123 has already "approved" this change simply by creating the current issue:

An enhancement can be made in the Studio experience such that users with this role do not see the "View this course in Studio" button. This will greatly reduce the chance of users trying to access parts of the platform that they don't have access to.

However, something that would need product input, is the messaging described in the following comment, but I imagine this would be covered in a separate issue.

If Limited Staff land on a Studio page via a url, they should see a message indicating they do not have access to the page. This message can be the same for any Studio url.

Let me know if there's anything I can do to help move this along.

@itsjeyd
Copy link

itsjeyd commented Oct 17, 2024

@ali-hugo That's helpful input, thank you!

@0x29a Can you confirm that openedx/frontend-app-learning#1436 and openedx/edx-platform#35313 address this need:

An enhancement can be made in the Studio experience such that users with this role do not see the "View this course in Studio" button. This will greatly reduce the chance of users trying to access parts of the platform that they don't have access to.

... and nothing else?

@0x29a
Copy link

0x29a commented Oct 18, 2024

@itsjeyd, can confirm. These two PRs just remove the button in question for Limited Staff and do nothing else.

@ali-hugo ali-hugo self-assigned this Oct 22, 2024
@ali-hugo
Copy link

@0x29a @itsjeyd It was just confirmed in the Core Product Working Group meeting that openedx/frontend-app-learning#1436 and openedx/edx-platform#35313 can be merged! 🚀

We'll keep the current ticket (#361) open to work on improving the user experience when someone visits a Studio page to which they don't have access. We need a more user-friendly solution than 403 error that is currently shown. @0x29a, could you please send a screenshot of the 403 message so I can take a look?

@itsjeyd
Copy link

itsjeyd commented Oct 24, 2024

Thanks @ali-hugo! I added the product review complete label to both PRs and marked them as ready for (engineering) review.

Regarding the 403 message, do we have an internal ticket for working on that? We can't add it to the scope of the ticket that prompted the creation of openedx/frontend-app-learning#1436 and openedx/edx-platform#35313 at this time.

CC @0x29a @mphilbrick211

@ali-hugo
Copy link

Regarding the 403 message, do we have an internal ticket for working on that?

@itsjeyd Not yet. I am out of hours for this month, so will only be able to work on this next month. I will create an internal ticket then.

@0x29a
Copy link

0x29a commented Oct 24, 2024

@ali-hugo, here it is:
image

@ali-hugo
Copy link

@0x29a Thank you!

@itsjeyd
Copy link

itsjeyd commented Oct 29, 2024

@ali-hugo

Regarding the 403 message, do we have an internal ticket for working on that?

Not yet. I am out of hours for this month, so will only be able to work on this next month. I will create an internal ticket then.

Sounds good.

@0x29a If you end up spending more time helping out here, please log that time on the ticket that Ali's going to create. Since the 403 message is out of scope for the original ticket, we can't use that ticket to log time spent on the 403 message.

@ali-hugo
Copy link

@jmakowski1123 @0x29a I've been thinking about how to improve the 403 messaging when someone with the Limited Staff role visits a Studio URL. Please let me know what you think of the two options below:

Option 1:
Studio 403 - Option 1

Option 2:
Studio 403 - Option 2

You'll notice that I've included a "back to safety" link to the LMS (since the Limited Staff user doesn't have access to any Studio pages). For other types of users, I imagine it would be more helpful to link them to the Studio Home. Is it too complicated to show different 403's for different user types?

Thanks for your help!

@sarina
Copy link
Contributor

sarina commented Nov 5, 2024

#2 is better from my opinion, it's more standard a message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: [Prod Proposals] In Review
Development

No branches or pull requests

6 participants