@smg6511 Is this close to being ready?

@opengeek Yes, very close - been hammering away at it. It should be ready for review by early next week.

Codecov Report

Attention: Patch coverage is 12.85266% with 556 lines in your changes missing coverage. Please review.

Project coverage is 21.49%. Comparing base (b1a02c3) to head (c7a0d69).
Report is 47 commits behind head on 3.x.

@@             Coverage Diff              @@
##                3.x   #16653      +/-   ##
============================================
- Coverage     21.53%   21.49%   -0.04%     
- Complexity    10734    10775      +41     
============================================
  Files           565      566       +1     
  Lines         32540    32915     +375     
============================================
+ Hits           7007     7075      +68     
- Misses        25533    25840     +307     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@opengeek @theboxer @Mark-H - Alright, I believe this is finally ready. Hope folks can carve out some time to go through it all ;-) !

@smg6511 this is a big one—kudos on getting it to this stage! Since it's fresh on your mind and touches so many areas, it will take a while to fully review I suspect (was just discussing this with @jaygilmore and @opengeek).

Any suggestions or checklists of all the various nooks and crannies that should be tested to get this one merged?

Any suggestions or checklists of all the various nooks and crannies that should be tested to get this one merged?

Ok, here's generally how I'd suggest going through this:

Initial Runthrough

I overhauled the base grids classes (in modx.grid.js) to remove duplication of existing methods that could be shared and provide access to the new methods introduced from a new central base class; the original Grid, LocalGrid, and JsonGrid extend from this new base. As such, every grid across the app should be interacted with to ensure all works as expected.

Grids with New "Creator" Column and Protected Records

These are the grids where MODX provides built-in records to start with and/or where an Extra installs a record (which usually should only be removed by un-installing the Extra [such as in Namespaces]):

• Namespaces
• Roles
• Contexts
• Media Sources
• Dashboards
• Content Types
• ACL Policies
• ACL Policy Templates

A few notable details:

• Although System Settings type grids would qualify for the same treatment as the above grids, implementation of it is really not feasible at this juncture due to the current data design. The identification of any given record's creator is largely derived or based on some hard-coded value (in the db or in php), as opposed to there being explicit flags in the db (columns where this type of info is persisted).
• For the most part, I've set most built-in items to be fully protected (i.e., in addition to being non-removable, certain fields are also set immutable [name and sometimes description, or in Content Types the mime type]). What will be carried through separately (in a follow-up PR) is to implement translation on these immutables fields.
• Following from the above point, matching field behavior has been implemented for a protected record's editing page (i.e., any field that was immutable on the grid is also immutable in the editing page [e.g., see Media Sources and Contexts]). Additionally, a new note is shown at the top of the panel alerting users re the item being protected and that some built-in fields may not be changed.

All Editor Grids

• Buttons and button menu items are either hidden or set to disabled when permissions for their action is not granted.
• Bulk Actions button menu items should, additionally, only be active when selections have been made (this is regardless of permissions on their respective actions).
• Some grids depend on the permissions of related objects when rendering certain items. A prime example is the Template Variables grid in a Template's editing panel: it renders a link on each TV name leading to that TV's editing page (but now, only if permission to edit & save TVs is granted). The various Access Permissions grids also cross link in this way. Pay attention to these direct-linked items as you review each area.
• Pencil icon should only show for editable fields (based on permissions)
• Gear menu should only show when there is at least one action on a row that the user has permission to take; otherwise it is hidden

General Strategy

As I was working through this PR, I kept one browser open with an Admin user with full permissions and another with an alternate user with permissions I'd vary to check my work. I basically systematically went through each nav menu item and completed updates to all relevant grids for one area at a time. I'd suggest the same for reviewing. Remember there are some grids that are a couple hops away, and can be easy to miss:

• TVs: There are multiple grids within this editing page to review (primarily the links to related objects [Contexts, Templates, User Groups] is what you'll want to pay attention to)
• Trash Manager
• User Group > Access Permissions (5 grids with various cross-linked objects)

@smg6511 — I am trying to get a collaborative review session together for this PR so we can get it integrated sooner than later. If possible, could you resolve the current small conflict in modx.grid.js?

@opengeek - I fixed the conflict but, dagonit, unintentionally ended up merging instead of force pushing because I was trying to fix a minor format error at the same time as resolving the conflict ... grrr. Hopefully this'll be ok.

@opengeek - I fixed the conflict but, dagonit, unintentionally ended up merging not force pushing because I was trying to fix a minor format error at the same time as resolving the conflict ... grrr. Hopefully this'll be ok.

Unfortunately, that merge commit is problematic as it now shows completely unrelated changes in the diff.

How to back out of that is the question then :-/ Maybe I can revert the merge?