Hide Fields based on site_config setting

Chude_Osiegbu · August 8, 2017, 4:50am

Hi All, What would be the best-practice way to hide a doctype field based on the value of an entry in a site’s site_config.json?

I’m thinking to call a whitelisted method on refresh and toggle_display on the field if a certain value is returned.

rmehta · August 8, 2017, 5:17am

Use case would be helpful? I don’t think what you are planning is elegant

Chude_Osiegbu · August 8, 2017, 6:10am

Use case: We’ve moved the activation/deactivation of 2FA to the site_config. If deactivated, we don’t want the 2FA-related fields to show up in System Settings.

rmehta · August 8, 2017, 6:24am

@Chude_Osiegbu maybe just add a validation in System Settings that 2FA is not enabled. I assume this is just an additional requirement (?)

You can also add the config values in onload of System Settings and then conditionally hide the fields in JS. Either ways, add both options for those who use ERPNext only via the API.

Edit: I am planning to test and merge the 2FA today. Let me know if its good to go

rmehta · August 8, 2017, 6:42am

@Chude_Osiegbu enabling 2fa via site config is a terrible idea. How does the user discover it?

Chude_Osiegbu · August 8, 2017, 7:40am

They don’t . Our philosophy is that it’s an organisational decision and not a user opt-in. We had initially put the ability to switch it on/off in the System Settings but this risks shutting the Administrator out if, for any reason, there is a problem delivering the tokens. It’s also insecure to exclude the Administrator from 2FA as we had originally done. So, we decided to activate/deactivate from the site config.

Setting in site config allows the admin intervene and deactivate 2FA when there’s an issue

Open to alternative approaches.

rmehta · August 8, 2017, 9:01am

Ok I am moving it back to System Settings

Will add a simple bench command to switch off 2FA

bench --site [sitename] execute frappe.twofactor.disable

Chude_Osiegbu · August 8, 2017, 9:15am

Ok

rmehta · August 8, 2017, 9:26am

Merged! Btw, I think I will remove it from the Setup Wizard. This is not really important to set upfront.

Chude_Osiegbu · August 8, 2017, 9:31am

Hmm… On the fence about that. One could argue that it’s a good opportunity to start secure and make the Admin/organisation aware of it from the start.

felix · August 8, 2017, 11:05am

This seems to be a good solution

And I agree with the idea of removing it from the setup wizard. In my opinion, there is already too much initially.

For discovery, maybe we can learn from Slack. When you login to slack, while the app loads, there are messages - sometimes random ones, some introducing features. Maybe we can replace the blue E with useful content for ERPNext (configurable of course).