[Freeipa-devel] [PATCH] 264-265 Web UI:Certificate pages

[Endi Sukma Dewata]

On 3/6/2013 9:51 AM, Petr Vobornik wrote:
>> 1. As previously discussed, the cert-find is only available with Dogtag
>> CA, so the Certificates page should be disabled with self-signed CA. But
>> if self-signed CA is dropped, then it's not necessary to disable the
>> Certificates page. We may need to keep the ticket open until this is
>> resolved one way or another.
>
> Seems that the drop will land in different release. I disabled it
> similar way as in DNS. I didn't test it. Do you have installation
> without dogtag?

Yes, the cert page now doesn't appear in the self-sign mode.

>> 2. Right now the fields in the cert details page are editable although
>> there is no Update button. If you change the value an Undo button will
>> appear. If you try to leave the page it will show the Unsaved Changes
>> dialog. Since there's no cert-mod operation these fields should not be
>> editable.

The certificate field is still editable. There's an undo button and 
you'll get a 'page dirty' dialog. Could we make it read-only text field?

>> 3. In the cert details page if you revoke the cert it will work but an
>> error will appear below the revocation reason field saying 'Must be an
>> integer'.
>
> #2, #3: I forget to tell you, that this patch also depends on my patch
> #261 - Fix handling of no_update flag in Web UI. Sorry. It should fix
> it. It was pushed to master today.

Everything else is fixed except for the certificate field above.

>> 4. I think showing an empty revocation reason field on a valid cert is
>> kind of weird. It might be better to create a Status section with two
>> fields: status and revocation reason. If status is valid the revocation
>> reason will be empty or hidden. If revoked then the reason will appear
>> below the status.
>
> Fixed it by hiding the row.
>
> Showing the status is separate issue. I would like to avoid computing it
> in web ui - IIUIC it depends also on valid-until and similar fields.
> Cert-show command doesn't include the status.

OK, let's address this separately. The search page shows the status, so 
it would make sense if the details page also shows the status.

>> 5. In host/service details page the View link can be changed to go to
>> the cert details page instead of showing a dialog box.
>
> Do we want to do it?

That's probably a question for UXD whether we should stay in the 
host/service page or move to the cert page (and probably not having a 
link back to the host/service page). Also, in self-sign mode there won't 
be a cert page to link to. Let's leave it as is for now.

>> 6. It would be better to organize the fields in the cert details page
>> like the cert view dialog in host/service details page.
>
> Switched MD5fp. with SHA1fp.
>
> Do you also want to split subject and issuer as in the dialog and moved
> the fields to different sections?
>
> Currently the order is the same as in dialog except serial numbers. I
> kept them on top because issuer and subject may be very long and they
> can clash with the action panel if placed on top.

I'm OK with the current page, but maybe UXD has a different opinion. 
This can be addressed separately.

>> 7. Certificate can be added/revoked/restored via certificate pages and
>> host/service details pages. We need to make sure that if you do an
>> operation on one page, the other pages won't show outdated information.
>
> Fixed.

I added a cert via host details page. When I go to the cert search page 
the new cert doesn't appear until I click Refresh. The revoke/restore 
works though, the status are updated automatically in all pages.

>> 8. The revocation reason takes an integer. Probably the search field
>> should change into a drop down list showing all available reasons.
>>
>> 9. The date options take a certain format (YYYY-MM-DD), so we should
>> show the format probably as greyed text in the search field.
>>
>> 10. The current design only allows specifying one option at a time. Some
>> of these options are meant to be used as a pair because they represent a
>> range (min & max serial number). How about creating an Advanced Search
>> dialog that shows all search options in separate fields so they can be
>> combined? The basic search field can remain simple like the search field
>> in other entities and it will search the cert subject only.
>
> 8-10: I agree, but I don't want to complicate the patch. Originally this
> patch shouldn't really exist. Original agreement was that the search
> will be fixed to 'subject' field and that it should be replaced with
> proper implementation of #191 later. I made this patch to give users at
> least some options. Main obstacle is that there are more pressing issues
> for April release.

OK, let leave it as is for now, but some people might be reporting 
usability issue.

>> 11. The list of search options is a drop down list, but it's surrounded
>> by a rounded box like the text field next to it. This might be just a
>> personal preference but I'm not sure if it's an appropriate look for a
>> drop down list.
>
> It's just border radius. When I disable it it looks kinda inconsistent,
> weirder.

OK, this is fine.

So the remaining issues are #2 and #7. Other than that it's ACKed. Feel 
free to fix and push.

-- 
Endi S. Dewata