Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

Lockout this that cannot be webhooked

Lockout this that cannot be webhooked

Wekan/General · March 19, 2020 at 7:59pm

Lockout this that cannot be webhooked

Wekan / General · March 19, 2020 at 7:59pm

When you add or delete a card, or if you add or delete a swimlane you get a webhook payload regardless of how the integration was registered. If you use universal webhooks (not the one assigned by a board specific integration) you probably get a webhook showing you created a board. Either way you do get a board deletion webhook if you built that board through the api and added an integration.

But for some reason there are NO webhooks for any changes you make. If you rename a card or rename a swimlane or rename a board, you get silence. I tried tracking and watching options and still nothing. LMK if I am doing this wrong, please.

So if I cannot track the user making changes I would need instead to prevent the user from making changes I cannot track through a web hook.

I have run into this issue editing (PUT) through the api. There are not editing functions through the api to rename some things or coloring things. Simple solution was just to change things in Mongodb to rename a board or a swimlane or card or add or change a color in a swimlane.

But the reverse is not as easy. Unless I capture changes to mongo as events there is no easy solution to not getting a webhook back on a user change of something simple. If you add card NP. if you edit a card no go.

So to lockout changes...... are there methods to do that? I see many true/false values that are in the database (no that you can always edit them through the api), but if you change mongo values you can change what the user is permitted to do in the GUI with the boards?

allowsSubtasks": true, "allowsAttachments": true, "allowsChecklists": true, "allowsComments": true, "allowsDescriptionTitle": true, "allowsDescriptionText": true, "allowsActivities": true, "allowsLabels": true, "allowsAssignee": true, "allowsMembers": true, "allowsRequestedBy": true, "allowsAssignedBy": true, "allowsReceivedDate": true, "allowsStartDate": true, "allowsEndDate": true, "allowsDueDate": true,

Can I, and if so, what do I change to prevent users from renaming things that do not give you webhooks?

Thanks

Load previous messages

April 1, 2020 at 12:06pm

No, it seems I got lost in other changes. Thanks for reminding! I will find where I did have In-Progress code of disabling attributes, finish it, test it, and add to next Wekan version.

    • reply
    • like

    Thanks

      • reply
      • like

      what upgrades did you make? Mongo upgrade? I mean you know me by now, sooner or later I will get around to asking about it? :)

        • reply
        • like

        Click ChangeLog at https://wekan.github.io

          • reply
          • like

          Hehe, well, Yes I should try to get Mongo upgrade working sometime.

            • reply
            • like

            Thanks. Nice improvements

              Edited
              • reply
              • like

              April 1, 2020 at 3:32pm

              If users would not be allowed to rename Boards/Swimlanes/Cards, would they be able to add new ones?

                • reply
                • like
                • reply
                • like

                Current web UI. Changing settings works, but actual settings still need fixes so that they would not disable all.

                  • reply
                  • like

                  But I'm still thinking, is there some more general use case

                    • reply
                    • like

                    April 1, 2020 at 9:50pm

                    well right now, you do send webhooks for adding Boards/swimlanes/cards

                      • reply
                      • like

                      I have no intention of permiiting or in any way dealing with users creating boards

                        • reply
                        • like

                        But I can capture added swimlanes to and existing board or adding cards to an existing swimlane. I tested those webhooks and the work. so I can create my own remote objects that match to the construct of a swimlane and a card.

                          • reply
                          • like

                          But there are many missing PUT routines in the api that let me edit things. The way I have solved that is to use an ssh connection to mongo. Please note that if you add attriubutes to boards like you said and the the POST route does not permit adding those then I either have to use a PUT routine or use mongo to modify the attributes on those boards to block certain features.

                            • reply
                            • like

                            Could you please summarize again what you actually would like to have?

                              • reply
                              • like

                              Hmm OK you mean more PUT routines

                                • reply
                                • like

                                right now the attributes for things not supported in webhooks is all I need

                                  • reply
                                  • like

                                  anything else is great but not required

                                    • reply
                                    • like

                                    if I edit something in the GUI and there is no webhook then I do not have a solution to keep systems in sync

                                      • reply
                                      • like

                                      so the only thing essential now is to prevent users from manipulating things in the GUI that doe not webhook. Which is renaming or cards and swimlanes or Boards

                                        • reply
                                        • like

                                        the PUTS would be nice but I can work around that Lauri

                                          • reply
                                          • like

                                          Thank you again

                                            • reply
                                            • like

                                            Do you mean that webhooks for rename Board/Swimlane/Card are missing?

                                              • reply
                                              • like

                                              no PUTs on the api side and no webhooks on the other side

                                                • reply
                                                • like