Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

Lockout this that cannot be webhooked

Lockout this that cannot be webhooked

Wekan/General · March 19, 2020 at 7:59pm

Lockout this that cannot be webhooked

Wekan / General · March 19, 2020 at 7:59pm

When you add or delete a card, or if you add or delete a swimlane you get a webhook payload regardless of how the integration was registered. If you use universal webhooks (not the one assigned by a board specific integration) you probably get a webhook showing you created a board. Either way you do get a board deletion webhook if you built that board through the api and added an integration.

But for some reason there are NO webhooks for any changes you make. If you rename a card or rename a swimlane or rename a board, you get silence. I tried tracking and watching options and still nothing. LMK if I am doing this wrong, please.

So if I cannot track the user making changes I would need instead to prevent the user from making changes I cannot track through a web hook.

I have run into this issue editing (PUT) through the api. There are not editing functions through the api to rename some things or coloring things. Simple solution was just to change things in Mongodb to rename a board or a swimlane or card or add or change a color in a swimlane.

But the reverse is not as easy. Unless I capture changes to mongo as events there is no easy solution to not getting a webhook back on a user change of something simple. If you add card NP. if you edit a card no go.

So to lockout changes...... are there methods to do that? I see many true/false values that are in the database (no that you can always edit them through the api), but if you change mongo values you can change what the user is permitted to do in the GUI with the boards?

allowsSubtasks": true, "allowsAttachments": true, "allowsChecklists": true, "allowsComments": true, "allowsDescriptionTitle": true, "allowsDescriptionText": true, "allowsActivities": true, "allowsLabels": true, "allowsAssignee": true, "allowsMembers": true, "allowsRequestedBy": true, "allowsAssignedBy": true, "allowsReceivedDate": true, "allowsStartDate": true, "allowsEndDate": true, "allowsDueDate": true,

Can I, and if so, what do I change to prevent users from renaming things that do not give you webhooks?

Thanks

Load previous messages

March 20, 2020 at 12:12pm

I have tha api side working as I said that is easy and yes eventually that makes sense but the issue is the webhooks that emulate PUTs (Board titles, Card titles, Swimlane titles). Not sure what else is needed but those are galring omissions if the user of wekan can do something not expressed in webhooks.

    Edited
    • reply
    • like

    as ugly as it might sound updating a title or a color in mongo remotely is painless now that I have it working

      • reply
      • like

      looking for a way to watch mongo if there are no webhooks forediting things (PUTS)

        • reply
        • like

        so yeah if I cannot block edits and I cannot watch for mongo changes then adding the missing webhooks would be a great solution

          • reply
          • like

          thanks for any advice I can do without bothering you further

            • reply
            • like

            You don't bother at all

              • reply
              • like

              It's all great that someone is interested in Wekan

                • reply
                • like

                I think its pretty clear that tying wekan into another system needs all functions you can do on either end to comunicate bidirectioallly

                  • reply
                  • like

                  In Worker role, there is a block that Worker user can only add itself as Assignee, but can not remove itself from being assingnee after that. Do you mean that kind of blocks?

                    • reply
                    • like

                    WEKAN is cool, powerful, amazingly user friendly from a GUI perspective and the internal business rules right down to the DB is what makes it so. It sports a security model we can work with is represents thousands of hours of code that works well. And if required we can reskin the CSS. Its great

                      • reply
                      • like

                      I am just trying to close the edge cases of marriying wekan to other systems,

                        • reply
                        • like

                        What kind of blocks would you like to have?

                          • reply
                          • like

                          anything PUT webhooks

                            • reply
                            • like

                            change something the user changes sending a webhook

                              • reply
                              • like

                              right now that is titles of the main widgets (boards, swimlanes and cards).

                                • reply
                                • like

                                If I get a webhook I can change the assignee/owner/members and add or remove integrations and add other values. So if you create a new card, even thougfh that card does not have all the data fields I need to create a remote task, the web hook gives me the ids so I can create them and sync the mongo or api back. If I do not get a webhook I am flying blind

                                  • reply
                                  • like

                                  I will report back if I can create the mongo watch eventing just to see if it offers and alternative. Perhaps in a few month I will be allowed to do pull requests. Right now I can adjust my code or systems but not change wekan itself

                                    • reply
                                    • like

                                    thanks again sir

                                      • reply
                                      • like

                                      Ok, so if I would create role NoRename, that is like user, but can not rename boards/swimlanes/cards, would that be OK ?

                                        • reply
                                        • like

                                        would would set that role to user with API

                                          • reply
                                          • like

                                          I mean, you could set that role with API

                                            • reply
                                            • like

                                            Hmm, other way would be to have in Board Settings options for disabling changing board/swimlane/card name. And also add that to API.

                                              • reply
                                              • like

                                              those settings would only affect users that are not BoardAdmin

                                                • reply
                                                • like

                                                yes either provide restriction attributes on the api to entities

                                                  • reply
                                                  • like

                                                  OR

                                                    • reply
                                                    • like