🔮 Admin overview / Security Guard #40160
Comments
jancborchardt
added
design
|
@jancborchardt @AndyScherzinger and @szaimen can we have a kickoff quick meeting to better define what's needed?
Wouldn't this be too much already?
|
|
Related: #29439 |
|
Other updates from the design call:
|
|
Very much interested ! Since NC 26, we had a lot of performances issues, due to config problems but also outdated sync clients. I don't know how big companies handles this but in our cooperative company, we had to (and still does) call every person and update sync clients after solving false conflicts etc. Hugh amount of work that could be really be easier with such a feature that permits to identify quickly which accounts use old sync clients that causes problems. Thanks for all the work ! |
|
Hi all, here are a couple of wireframes for 2 approaches, a card dashboard-like layout and a list that one can filter with toggle tags. I personally think that the list solves the problem in a much better way than the dashboard-like approach, and there's more space to show a preview of the warning in the subline of the list item component
|
|
Very cool! I would vote for the dashboard though, right off the bat gives you an overview without clicking anywhere. With the list view, the switcher can get kind of lost because that kind of interaction isn't common within the settings, what do you think? |
|
From an admin perspective it might be useful to show the count of total entries Like 30 of 300 total clients have sync issues. |
|
@nimishavijay I forgot to include the "all" category in the previous mockup. That would be the overview. Either of these patterns would be new in the settings and I think that the list view just works better for admins. 
|
|
design review comments:
|
|
Hi! A few questions to help us decide how to best proceed :) What are we expecting to see in the list of Sync Problem? Is it something like "LDAP connectivity connecting correctly" or more about showing information that we store before? Do we want to have custom widgets for the admin dashboard like in the dashboard app? A good starting point might be to start with the info that we are already storing. Maybe we can work out a list. For example, are some sync problems already being recorded? (cc @icewind1991 ) |
|
Would agree with @marcoambrosini that the tabbed view with number indicator (proposal 2) is better for admins, rather than the "Dashboard"-like view which works mostly well for few entries. Also since the default tab will be "All" there will be an overview anyway. :) |
|
(big) update on the requirements: The goal is to merge the code from the Nextcloud Guard app into core and use its capabilities from there. The infos and checks that are provided via guard should be displayed in the Admin overview, for the ones possible. Anything else not initially provided in the Guard app we should discuss to either be drop, delay, offer them for cli only, or as cron since it requires root permissions. (because of the limited time) Frontend should reflect the tabbed-view provided by @marcoambrosini instead of the Dashboard/Widget one. For the first steps, it would be good to have a first executable mockup for the admin overview and the first, already available server infos displayed. |
|
Seeing that the checks from Guard were meant to be triggered on cli or per-cron basis, is the expectation that all these checks are triggered everytime we open the Admin overview? What would be the performance impact as we add more and more? |
|
Outdated clients: this info can be retrieved on server as all clients send an user agent with their version number.
|
|
API:
|
An admin would then have to scroll down to see if there are some problems worth investigating... In this case I think that it would be nice to have some kind of indicator on top to directly gain the attention of an admin. Just my two cents... 😉 |
|
Had another meeting with @karlitschek @AndyScherzinger @schiessle and this is the outcome:
Server status
Security
Accounts
Can we have a judgement about the complexity of each of the topics here, so we can look for quick wins? @come-nc @tobiasKaminsky @susnux, cc @sorbaugh |
|
For "me" with "sync problems" it stays the same, I think. |
|
I’m gonna continue on #32550 which accounts for having an API to register and display setup checks in a nice way. I am not sure why this would not replace existing setup checks, but we can keep both for the transition period if wanted?
For me this should go through its own feature ticket and specifications, benchmarks are a complicated beast and cannot (or should not?) be done live.
I expect adding a check for this should be straightforward, only tricky thing is to avoid false-positive in some setups (like readonly full local drive and all data in s3 or something)
As mentionned in #40659 (comment) , this is already checked by the setup checks, maybe the check is not good enough? Does this point come from a specific usecase?
What does crucial means, can we have more detailed specifications for this one?
For database I think it’s not possible to load admin settings without it. For the rest it can be added.
Is that a new feature or do we already have some integrations of password leak databases?
This would be an integration of https://github.com/nextcloud/suspicious_login , right?
For accounts it looks like we would still need #40744 only without the UI. I would love a bit more specifications about the UI elements expected for each check result. Currently in #32550 there is a description (plain text), a title, a status (success/info/warning/error), and a link to related documentation (sometimes nextcloud documentation, sometimes something else like PHP or apache documentation). From your description we would need to add a link to related settings page in Nextcloud, and in some cases a link to detailed UI (userlist and things like that?). |
|
Small update:
|
Should it not be in core? Especially with the new mockup by @marcoambrosini (please post it here :) the security & setup checks could eventually be replaced by that much nicer UI? |
That was the original plan, but there were a few requirement changes. The most significant being that this feature should be a separate app. However as I understand it it will still be possible to display everything where we want it. |
|
Here's the updated dashboard mockup 
If there are problems, like in the case of sync problems in the mockup, it would be possible to click on the item and open a list of problems in a modal window. If, like in this case there are further nested "problem categories" we can add those in the form of a tabbed navigation in the modal, like in the mockup below 
|
|
I think for this we would need an other way of grouping, the current categorization is too loose. Otherwise it looks like this: vokoscreenNG-2023-10-25_00-08-54.mp4(yes I now not perfect, it is just a testing version, and especially the subtitles need to be shrunk, but you see the Problem) |
|
I think would be good to show this section below security & setup warnings right @nextcloud/designers ? |
|
@szaimen Those warnings will be present in the dashboard too if the app is available so I think it's fine to display it above everything else |
|
@marcoambrosini can you update your mockup to include some more specific examples with wording, and what to do when there is more text like in @susnux’s video? Could also be succinct text in the overview and the ability to expand or having details in a modal. And yes @szaimen @marcoambrosini ideally this section replaces the "Security & setup warnings" and all of the contents within are present inside here. Question is whether that is possible in the first version. |
Or adjust the existing checks to only include the name and not a full description within the name. And then use the description for explanation. Otherwise the name it self will take all space where the subtitle / description should be.
Maybe just show like x chars / words (summarize it) and show the full description in the modal? Like some websites do it with "read more" or something like this. |
|
@jancborchardt @susnux In the mock-up I thought about showing only the number of problems in the dashboard, while the full text of the warning would appear only once the warning itself is clicked. |
|
Hey, so some informations:
@marcoambrosini Data structure as returned to the frontend (pardon my french): {
"dav": {
"Vérification du carnet d'adresses système DAV": {
"severity": "success",
"description": "No outstanding DAV system address book sync.",
"linkToDoc": null
}
},
"security": {
"Vérification de l'ancien certificat utilisateur importé": {
"severity": "success",
"description": null,
"linkToDoc": null
},
"Vérification de la désactivation de l'ancien chiffrement côté serveur": {
"severity": "success",
"description": null,
"linkToDoc": null
},
"Vérification de la version de PHP": {
"severity": "warning",
"description": "Vous exécutez actuellement PHP 8.0.30. PHP 8.0 est maintenant obsolète pour Nextcloud 27. Nextcloud 28 nécessite au moins PHP 8.1. Veuillez mettre à jour vers l'une des versions PHP officiellement compatibles fournies par le PHP Group dès que possible.",
"linkToDoc": "https://secure.php.net/supported-versions.php"
}
},
"config": {
"Vérification du préfixe de région par défaut": {
"severity": "info",
"description": "Votre installation n’a pas de préfixe de région par défaut. C’est nécessaire pour valider les numéros de téléphone dans les paramètres du profil sans code pays. Pour autoriser les numéros sans code pays, veuillez ajouter \"default_phone_region\" avec le code ISO 3166-1 respectif de la région dans votre fichier de configuration.",
"linkToDoc": "https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements"
},
"Vérification des droits d'accès au fichier de configuration": {
"severity": "success",
"description": "Le fichier de configuration Nextcloud est modifiable",
"linkToDoc": null
}
},
"network": {
"Connexion Internet": {
"severity": "success",
"description": null,
"linkToDoc": null
}
},
"php": {
"Vérification du jeu de caractères par défaut de PHP": {
"severity": "success",
"description": null,
"linkToDoc": null
},
"Vérification de l'option « output_buffering » de PHP": {
"severity": "success",
"description": null,
"linkToDoc": null
}
},
"database": {
"Vérification de la version de la base de données": {
"severity": "success",
"description": null,
"linkToDoc": null
}
},
"ldap": {
"Vérification des UUID LDAP invalides": {
"severity": "success",
"description": null,
"linkToDoc": null
}
}
} |
|
One problem I see here with the data structure is that categories are not fixed but random strings. Meaning:
Especially 3 is bad, thats why fixed categories are better -> we can provide translations for them. But we could also group them like: But this would still require something like For the UI this would also quite easy to implement without changing the current data structure, For grouping we can define the categories to be grouped in the |
This is out of scope for current feature, let’s keep it simple, there is enough to do. I propose that for now we stay with fixed list of categories in admin_overview |
Yes but adding this API afterwards seems to be more complicated? |
|
Okay, given the complexity of this, I would introduce a horizontal navigation between 2 modal screens:
In case there's an additional level of nesting I would show the tabbed navigation we introduced in previous designs. So in total, we have 3 levels where to organize all this data: Dashboard buckets (system/security/accounts)
|
|
De-scoping #40661 to be worked on as it's own feature for the future |
In the settings it would be great to have a sort of a "Admin dashboard" / overview where you can quickly see some health info regarding your cloud. Like the following:
Admin dashboard
Further ideas:
We have to watch out to not go into the field of too much tracking though.
Task breakdown
The text was updated successfully, but these errors were encountered: