-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pico CMS for Nextcloud v1.1 (WIP) #99
Conversation
Signed-off-by: Daniel Rudolf <[email protected]>
Would be nice to have a Pico icon up in NC's nav bar at the top. |
@artelse Since we can't possibly decide which website to show there, you better simply use Nextcloud's |
The idea Pico for Nextcloud is cool! I'm looking forward to version 1.1! #83 (hosting websites using different domains) would also be very important to me! Thank you for now! When will v1.1 be roughly expected? |
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Adding Pico's DummyPlugin as example plugin hopefully encourages users to develop their own plugins 😃 Signed-off-by: Daniel Rudolf <[email protected]>
61db061
to
0932f9f
Compare
Signed-off-by: Daniel Rudolf <[email protected]>
Hi, I've been using pico CMS for two days now, starting from zero knowledge about pico (and very little web development/CSS/PHP/whatnot). I don't have admin rights. Initially getting a web site to run was simple, but the majority of the time got sunk in trying to make customizations to themes work. IMHO, customizability of themes without admin rights, in some safe-ish way, would be very valuable. No-one is gonna want to publish their stuff with the default theme at the end, and making anything else work requires too much work from the admin IMO. In particular, a viable solution must allow tweaking of colors, details of the template, etc by the user. Another observation: I was unable to embed an .svg from the assets directory into the default theme as a logo -- this was always served as text MIME type. Only the .svg included in the default theme worked properly. This probably has something to do with configuration of the web server on nextcloud -- but i would expect something as basic as including an .svg to work without tweaking of config files by the admin? otherwise, great work and highly appreciated! |
The greatest limitation of Pico CMS for Nextcloud are security considerations: We must not allow users to include active content, because otherwise we'd end up allowing users to perform XSS attacks on your Nextcloud. Thus we can't allow users to include custom themes. However, that's not all - it also has some rather weird side-effects, like not being able to use Since these security considerations apply to Pico CMS for Nextcloud only and not to Pico itself, most theme developers never had this in mind. There's simply a higher number of web developers within the Pico userbase than the Pico CMS for Nextcloud userbase. Thus there's indeed some trouble to make these themes work with Pico CMS for Nextcloud and its specific limitations. However, we can't do much about that. Those themes were made by 3rd-party developers. If one chooses to create a feature-rich theme specifically for Pico CMS for Nextcloud I'm more than happy to promote it on Pico's website or even include it as a system theme in Pico CMS for Nextcloud. The only way to mitigate the security concerns is to use distinct domains for your websites (see #83). This is indeed planned for Pico CMS for Nextcloud v1.1. However, this definitly requires some advanced webserver config. So it makes the setup even more difficult. We are faced with a classic conflict of aims here... 😒 |
I see, thanks for the explanation. Things being as they are, I think that pico on Nextcloud currently slightly oversells itself. Reading the docs, it sounds like it should work like any other CMS (Pico, Jekyll etc) while in fact, the customizability is strongly limited. Reading the Pico docs on their standard theme, they encourage you to modify it to your needs. As a newcomer, you don't know that this is not possible on NC. To avoid false expectations, I think it would be good to have a section "Limitations compared to standard Pico" or some such right on the landing page in the docs. The information that |
I second both ideas, the latter being more important (and I'd assume a bit more trivial to implement) |
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Is there any way to track progress on this rather bigger issue? Especially the #83 support would be interesting. I'm new to pico CMS, but I'd try to help if I knew there are some smaller points left I could help out with 😉. |
Besides some code cleanup and updating to PHP 7.2 this PR currently just includes the following:
That's it right now I'm afraid. So, you can basically choose to work on any new feature you want 😃 Please don't hesitate to open a new PR on the My ideas about #83 resemble around some sort of But as I said, you can basically choose to work on any new feature you want. So, if you want to start with something smaller it's still very, very appreciated! You don't even have to stick to the list above. If you feel like any other feature might be useful - go ahead! 👍 |
Ah, ok. I was hoping for something smaller 😉. Anyway, I'll look around a bit and if I'll ever come up with some patch, I'll definitely make a PR despite it being unfinished. And thanks for the prompt response and welcoming attitude. |
Hm, thinking about this, shouldn't this be alleviated by imposing this restriction only on certain users (e.g. all non-administrator users)? From what I've seen the usual use case for pico CMS is not private (user-specific) pages, but pages prepared by administrators and they should by definition know what they do (there should though still be a warning somewhere). Not having SVG support is very painful (it also undermines the current and future web principles where SVG plays increasingly important role). |
Unfortunately not, for the same reason we can't manage themes from within Nextcloud: It would allow Nextcloud admins to include arbitrary active content, something that is not possible for an Nextcloud admin otherwise (i.e. a privilege escalation). The only solution is to serve contents using a different domain. |
Hi, I am not sure this is the right way to help, but I have opened this issue at nexcloud server |
Unfortunately the subdomain request on upstream NC was rejected. What now? I see more and more people asking for "web page maintained through OC" functionality. |
Spelling unification in Transifex. Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Signed-off-by: Valdnet <[email protected]>
61c9ec3
to
071be97
Compare
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Daniel Rudolf <[email protected]>
Since I simply don't have time to work on the more advanced features I'm going to release the existing bits soon, even though the most requested feature (accessing sites via other domains) isn't included. I simply don't have enough time to implement this... 😒 There's a lot more code towards allowing website owners to share websites with arbitrary users, groups, and by email with a more generalized Shares API. As soon as Pico CMS for Nextcloud 1.1 is released (and the groups-only approach implemented in this PR) I'll push the existing (but not yet working) code to a Regarding the By the way: Custom The following features were implemented and thus will be included in Pico CMS for Nextcloud 1.1:
Please give it a try (see https://github.com/nextcloud/cms_pico#manually for install instructions, just checkout the |
Signed-off-by: Daniel Rudolf <[email protected]>
Signed-off-by: Valdnet <[email protected]>
Thanks @PhrozenByte ! I'm also out of time, but it's very important you've specified what exactly is needed, what are the next steps, what are the obstackles etc. So thanks again! |
l10n: Spelling unification
🎉 Development of Pico CMS for Nextcloud v1.1 has started 🎉
This PR is work in progress!It's great to see that the community accepted Pico CMS for Nextcloud v1.0 so well (> 1'000 downloads for
v1.0.2
👏 👏). It looks like that most upgrades went pretty well, too - that's great news! We had some minor issues of course, but I guess it would have been a bad sign if we would have had no issues at all - that's only possible if we would have got no users 😆Anyway, Pico CMS for Nextcloud follows Semantic Versioning, thus adding new features yields a new minor release - and since I just implemented sharing websites with groups, development of Pico CMS for Nextcloud v1.1 has officially begun.
I didn't make any decision about what to implement yet, I'm very open to suggestions. Specifically I'm thinking about implementing #30 (custom
config.yml
files per website) and #83 (hosting websites using different domains). Optionally using user IDs as sort of "namespace" might be a good idea, too (#114; however, we should still support "global" websites). Both could be incorporated in some sort of aCNAME
feature. When logging in after accessing a private website, users should get redirected to the website they initially requested (help.nextcloud.com). Changing a website's title might be a good idea, too (#123). My current implementation of sharing websites with groups feels pretty "incomplete" - Nextcloud should have got some generic interfaces for sharing arbitrary contents with not just groups, but also users and circles. However, I couldn't find any documentation. It would be great if somebody could point me to the right place.Anyway, feedback is highly appreciated! ❤️ This also includes code reviews, PRs to my fork, suggestions and any other comment 👍
Closes #123