Securedrop: Add confirmation message after updating submission preferences

Created on 20 Nov 2019  路  8Comments  路  Source: freedomofpress/securedrop

4879 made it possible to prevent sources from uploading documents by changing a setting in the Admin Interface:

Screen Shot 2019-11-19 at 16 41 15-fullpage

However, there is no confirmation message after changing this setting. At minimum, we should add a generic flashed message, which we could use when future preferences added to this page are changed, e.g., "Settings have been updated successfully."

User Story

As an admin, I want to know at a glance that my actions on the preferences page have had the desired effect, so that I don't have to re-examine the state of specific checkboxes to be sure.

admin UX good first issue help wanted

All 8 comments

Hi, first contributor to securedrop here.
I'd like to have a go at implementing this if possible!

To me it seems like the most sensible approach would be to implement this entirely with client-side Javascript, changing the behaviour of the form dynamically and including a popup or flash on successful submission.
Any suggestions are appreciated.

Hello @Petvdp, welcome!! :)

I don't believe that any Javascript is used in the Admin Interface, today; most of SecureDrop avoids Javascript dependencies, for security reasons. Technical contributors can speak more to implementation details.

I'm a UX contributor, and am in the process of finalizing the updated styling for all flash messaging. I'll be happy to share those updated styles, here, sometime next week (or sooner鈥攂ut am trying to be conservative, for my own sanity). We'd all love to see this page get pushed past the finish line with this Issue being addressed, and I'd love to see the updated messaging style get implemented.

Jen or Erik or others can speak more to timing and technical particulars. Anywhoo, glad to see you here! More later...

Hi @ninavizz, thanks for the intro! I figured this would be a good opportunity to learn a few things about security concious programming while building something that's useful.

Yeah I can definitely see why you would want to avoid Javascript wherever possible, and definitely only ever Vanilla. It would also be bad to mess up the http request somehow.

There are potential serverside approaches to this feature, but I can't think of any that don't involve modifying application state in the page's GET request, which would violate REST, since the server has to now know about whether or not the client is reloading the page after making the request.

Hi @petevdp, to resolve this issue, it should be sufficient to use the existing message flashing code and notification styling, and to add a flash upon a POST request to the /update-submission-preferences route. Check out example flashed messages in the admin routes (securedrop/journalist_app/admin.py).

Okay, I'll give that a shot, thanks!

What is the preferred way to run a linting check? make lint errors out because it's running on the host machine. Is there a preferred way to run commands in the container?

Hi @petevdp, you have to install the required python package on the host machine. See here. You can use a virtual environment dedicated to securedrop development.

Ah okay, sorry I should have read this. Thanks!

Was this page helpful?
0 / 5 - 0 ratings