Merge next into feature/refactor-admin-component-theming
#1774
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This makes it easier to discover bugs like #1745 already in development
Changed `mutationReponse` to `mutationResponse` in admin generator and in demo files. --------- Co-authored-by: Phillip Lechenauer <phillip.lechenauer@vivid-planet.com>
…w URLs (#1749) ## Problem PDFs weren't shown in the DAM preview in our client projects: <img width="1083" alt="Bildschirmfoto 2024-02-24 um 14 13 23" src="https://github.com/vivid-planet/comet/assets/13380047/7f3d3ab4-f718-4eac-b123-1d7235069edf"> ## Reason In our starter (and our projects) we use [helmet](https://www.npmjs.com/package/helmet) to secure our API: https://github.com/vivid-planet/comet-starter/blob/main/api/src/main.ts#L48-L52 Helmet adds an [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options): SAMEORIGIN header to the response: <img width="355" alt="Bildschirmfoto 2024-02-24 um 14 15 27" src="https://github.com/vivid-planet/comet/assets/13380047/9ab5beef-c0ce-4dce-9c60-9123fb00bf84"> This header prevents including a PDF in an iFrame. Since helmet was only added to our starter but never to our demo project, this didn't strike in development. ## Solution Including the PDF works if the admin and API run on the same domain. This is the case (in deployed envs) if preview URLs are used because they are routed through the authproxy. Therefore, I now ensured that only preview URLs are used in the admin by - also adding the x-preview-dam-urls header to our axios client - passing the header on to `createFileUrl()` in `FilesController` and `FilesResolver` I already intended to do this in https://github.com/vivid-planet/comet/pull/1503/files but I didn't test throughly enough. I missed that the header wasn't passed to the service everywhere it's used. ### Dev Mode In dev mode we don't have an authproxy, meaning API and Admin URL are always different. As a workaround I added a [frame-ancestors CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) that allows including the files in localhost. This isn't ideal because it's different behavior in local and deployed envs. But I couldn't come up with a better solution. <img width="1920" alt="Bildschirmfoto 2024-02-26 um 09 54 18" src="https://github.com/vivid-planet/comet/assets/13380047/972dc581-85ac-4bee-8dc4-2c14d4044f53"> ### Alternative Alternatively, we could keep delivering the files via the public API url and always add a frame-ancestors CSP allowing the Admin URL. Since we decided in the past that we always want to use preview URLs in the admin, I opted for the other solution.
Notable changes: 1. AffectedEntity()-decorator is only valid for Methods, not for classes anymore 2. Every (not at least one) affected ContentScope must apply to user-permissions (was a security hole before) 3. In entities without scope-field the @ScopedEntity-decorator is now mandatory 4. The PageTreeNode must have a scope-field when AffectedEntity is used 5. Removed equality-check when using AffectedEntity() and at the same time submitting a scope argument 6. Support array of ids submitted in args 1-4 are breaking changes, but mainly in theory. Practically no project will be affected. --------- Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @comet/cms-admin@6.2.0 ### Minor Changes - 75865ca: Deprecate `isHref` validator, `IsHref` decorator and `IsHrefConstraint` class. New versions `isLinkTarget`, `IsLinkTarget` and `IsLinkTargetConstraint` are added as replacement. ### Patch Changes - ad153c9: Add the `x-preview-dam-urls` header to our axios client Now the axios client always requests preview DAM urls just like the GraphQL client. - 5dfe483: Prevent the document editor from losing its state when (re)gaining focus In v6.1.0 a loading indicator was added to the document editor (in `PagesPage`). This had an unwanted side effect: Focusing the edit page automatically causes a GraphQL request to check for a newer version of the document. This request also caused the loading indicator to render, thus unmounting the editor (`EditComponent`). Consequently, the local state of the editor was lost. - @comet/admin@6.2.0 - @comet/admin-date-time@6.2.0 - @comet/admin-icons@6.2.0 - @comet/admin-rte@6.2.0 - @comet/admin-theme@6.2.0 - @comet/blocks-admin@6.2.0 ## @comet/blocks-api@6.2.0 ### Minor Changes - 75865ca: Deprecate `isHref` validator, `IsHref` decorator and `IsHrefConstraint` class. New versions `isLinkTarget`, `IsLinkTarget` and `IsLinkTargetConstraint` are added as replacement. ## @comet/cms-api@6.2.0 ### Minor Changes - beeea1d: Remove `availablePermissions`-option in `UserPermissionsModule` Simply remove the `Permission` interface module augmentation and the `availablePermissions`-option from the application. - 151e121: Support multiple `@AffectedEntity()`-decorators for a single function ### Patch Changes - 04afb3e: Fix attached document deletion when deleting a page tree node - ad153c9: Always use preview DAM URLs in the admin application This fixes a bug where the PDF preview in the DAM wouldn't work because the file couldn't be included in an iFrame on the admin domain. We already intended to use preview URLs everywhere in [v5.3.0](https://github.com/vivid-planet/comet/releases/tag/v5.3.0#:~:text=Always%20use%20the%20/preview%20file%20URLs%20in%20the%20admin%20application). However, the `x-preview-dam-urls` header wasn't passed correctly to the `createFileUrl()` method everywhere. As a result, preview URLs were only used in blocks but not in the DAM. Now, the DAM uses preview URLs as well. - Updated dependencies [75865ca] - @comet/blocks-api@6.2.0 ## @comet/cms-site@6.2.0 ### Minor Changes - 34bb33f: Add `SeoBlock` Can be used as a drop-in replacement for `SeoBlock` defined in application code. Add a `resolveOpenGraphImageUrlTemplate` to resolve the correct image URL template when using a custom Open Graph image block. **Example Default Use Case:** ```tsx <SeoBlock data={exampleData} title={"Some Example Title"} /> ``` **Example Custom Use Case:** ```tsx <SeoBlock<SomeCustomImageBlockType> data={exampleData} title={"Some Example Title"} resolveOpenGraphImageUrlTemplate={(block) => block.some.path.to.urlTemplate} /> ``` ## @comet/admin@6.2.0 ### Patch Changes - @comet/admin-icons@6.2.0 ## @comet/admin-color-picker@6.2.0 ### Patch Changes - @comet/admin@6.2.0 - @comet/admin-icons@6.2.0 ## @comet/admin-date-time@6.2.0 ### Patch Changes - @comet/admin@6.2.0 - @comet/admin-icons@6.2.0 ## @comet/admin-react-select@6.2.0 ### Patch Changes - @comet/admin@6.2.0 ## @comet/admin-rte@6.2.0 ### Patch Changes - @comet/admin@6.2.0 - @comet/admin-icons@6.2.0 ## @comet/admin-theme@6.2.0 ### Patch Changes - @comet/admin-icons@6.2.0 ## @comet/blocks-admin@6.2.0 ### Patch Changes - @comet/admin@6.2.0 - @comet/admin-icons@6.2.0 ## @comet/eslint-config@6.2.0 ### Patch Changes - @comet/eslint-plugin@6.2.0 ## @comet/admin-babel-preset@6.2.0 ## @comet/admin-icons@6.2.0 ## @comet/cli@6.2.0 ## @comet/eslint-plugin@6.2.0 Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
The `UserPermissionsGuard` didn't allow requests when using a system user (e.g., basic authorization during site build).
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @comet/admin@6.2.1 ### Patch Changes - @comet/admin-icons@6.2.1 ## @comet/admin-color-picker@6.2.1 ### Patch Changes - @comet/admin@6.2.1 - @comet/admin-icons@6.2.1 ## @comet/admin-date-time@6.2.1 ### Patch Changes - @comet/admin@6.2.1 - @comet/admin-icons@6.2.1 ## @comet/admin-react-select@6.2.1 ### Patch Changes - @comet/admin@6.2.1 ## @comet/admin-rte@6.2.1 ### Patch Changes - @comet/admin@6.2.1 - @comet/admin-icons@6.2.1 ## @comet/admin-theme@6.2.1 ### Patch Changes - @comet/admin-icons@6.2.1 ## @comet/blocks-admin@6.2.1 ### Patch Changes - @comet/admin@6.2.1 - @comet/admin-icons@6.2.1 ## @comet/cms-admin@6.2.1 ### Patch Changes - @comet/admin@6.2.1 - @comet/admin-date-time@6.2.1 - @comet/admin-icons@6.2.1 - @comet/admin-rte@6.2.1 - @comet/admin-theme@6.2.1 - @comet/blocks-admin@6.2.1 ## @comet/cms-api@6.2.1 ### Patch Changes - f145730: Ignore user permissions when using system user The `UserPermissionsGuard` didn't allow requests when using a system user (e.g., basic authorization during site build). - @comet/blocks-api@6.2.1 ## @comet/eslint-config@6.2.1 ### Patch Changes - @comet/eslint-plugin@6.2.1 ## @comet/admin-babel-preset@6.2.1 ## @comet/admin-icons@6.2.1 ## @comet/blocks-api@6.2.1 ## @comet/cli@6.2.1 ## @comet/eslint-plugin@6.2.1 ## @comet/cms-site@6.2.1 Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
COM-485
Added a `<Divider />` before any `<RowActionsItem icon={<Delete />} />`
inside a `RowActionsMenu` that didn't have one. The now are all uniform.
<img width="300"
src="https://github.com/vivid-planet/comet/assets/69114037/6355fc6e-3247-4d97-a2e6-e1b70578af56">
Co-authored-by: Phillip Lechenauer <phillip.lechenauer@vivid-planet.com>
- `draft-js` is required by `@comet/admin-rte` - `react-select` is required by `@comet/admin-react-select`
Need an update to create-pull-request@v6 to fix [an issue with the GitHub API](peter-evans/create-pull-request#2790).
Merge main into next
johnnyomair
approved these changes
Feb 28, 2024
d1244dc
into
feature/refactor-admin-component-theming
2 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.