Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.6.10
-
Fix Version/s: 4.7.11
-
Component/s: None
-
Labels:
-
Documentation Required?:None
-
Funding Source:Paid Issue Queue
-
Payment Status:Paid
Description
We have a situation where a client using SSL client authentication can't use dashlets because they do an internal https request not using the certificate resulting in the dashlet rendering as "An authorized SSL client certificate is required to access this server."
I had a long discussion with Coleman & Tim on IRC about this and we agree that the current dashboard code could be improved and simplified. Currently the dashlets are resolved by an internal http request. As this is server to server (er yes ... the SAME server) the client side credentials are not available at this point.
We considered a few possibilities but our consensus was that we should return a url to the browser which is could load using ajax. This would allow the browser to use it's certificate & reduce server over-head.
A concern was that we would lose the current dashlet caching however this was mitigated by the fact that
a) the caching could be done in browser with the right headers
b) the caching is being done per contact anyway - so expensive reports are rendered once per contact.
We did discuss how we might cache expensive reports & that will be recorded in a related issue.
Other interesting approaches we discussed included
1) flexible retrieval options
This basically means that a url COULD be stored in the url field but alternatively it could be a reference to an api call, object or method. The Resolver class is already pretty powerful in dealing with this and this would make dashlets more flexible and powerful. There would be a need to ensure people couldn't create dashlets 'above their paygrade' e.g with the api create a dashlet that calls a scary function.
Core_Resolver (already) supports formats like:
- static function: 'CRM_Myext_Mydashlet::render'
- API: "apiv3://Mydashlet/render?foo=bar"
- service (in Civi\Core\Container): "call://service/method"
Technically I don't think there is a downside to this & the above approach doesn't preclude this happening as well. However, an extra api action to retrieve report html would be required and probably some work to deal with the report classes expectations about having a url - which would be good to do but does involve work. We would also possibly consider figuring out ways to return other api data as html & the possibilities that might open up.
As a fix this doesn't allow things like civisualise to work in a dashlet so it isn't a fl fix in itself.
2) internal invoke
This is the idea we could set up various temporary globals within a php request & call CRM_Core_Invoke. There is some precedent for this in test suite and expanding the scope of this would expand options for testing forms & pages without invoking selenium.
As the current intent of dashlet caching is basically to cache search results we discussed how that might look & I will log that to a separate ticket. IRC log attached (far to long to paste in!)
Attachments
Issue Links
Activity
Have implemented the following:
- Load dashlets directly via ajax
- Cache using localStorage
- Configurable auto-refresh per-dashlet
- Style and usability improvements
- Mass cleanup/simplification of code and schema
The upshot is a great-looking dashboard that loads almost instantly.
This is a PR submitted against this attempting to use approach 2 https://github.com/civicrm/civicrm-core/pull/7666
At this stage I'm closing out the PR as it is stalled & may not be the eventual approach but it represents useful discussion etc
Coleman Watts I'm assigning this to you. If you don't get funded for it you can unassign but it seems like a good way not to lose sight of the ticket & previous work done