Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #13307 Add a Validation in a Tracker's Field by a regular expression
    Actions
    Infos
    #13307
    Jérôme Averty (javerty)
    2019-04-25 12:05
    2019-04-23 17:37
    14427
    Details
    Add a Validation in a Tracker's Field by a regular expression

    Hi,

    One of my users needs to control a Float field (The value must be between 0 to 10, 0,5 by 0,5).

    This fonctionnality is not cover today by Tuleap to my knowledge.

    I saw this type of validation by a regular expression in tools like Limesurvey :

    https://manual.limesurvey.org/Utilisation_des_expressions_r%C3%A9guli%C3%A8res

    • The field is validate just before sending the new artefact by the regular expression.
    • It suppose to add a field Validation in the "Manage Field Usage" page for fields which accept a validation.

    I don't know if they are other users who have the same need, my user will solve his need by a message in "Description".

    Trackers
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    New
    Empty
    Attachments
    Artifact links
    Empty
    Empty
    References
    References list is empty
    Display settings

    Follow-ups

    User avatar
    Jérôme Averty (javerty)2019-04-25 12:05
    I understand your position perfectly.

    As a survey tool user, I had appreciated the possibility offered by Limesurvey, with the documentation, I could control the results on several types of answer:
    https://manual.limesurvey.org/Using_regular_expressions

    I understand very well that this solution also creates problems of ergonomics (regular expressions are anything but easy to access to common people) or security.
    User avatar
    Thomas Gerbet (tgerbet)2019-04-25 11:41
    I'm also mostly against the use of regexes here.

    It's always a bit hard for a user to know which regex engine (and its version) is used. For example, if we decide to rely on PHP to do the regex validation we could break user configurations overnight when we move to PHP 7.3+ since the regex engine has been moved from PCRE to PCRE2.
    It's also a denial of service vector (ReDoS) and, as far as I'm aware, the tooling and researches around this topic to detect an "evil" regex is still quite new and mostly academic.
    User avatar
    Jérôme Averty (javerty)2019-04-25 11:20
    I understand that the use of regular expressions may seem scary because not very "common user", but as the TQL function, it would be an advanced feature available only to Admin, which has the advantage of allowing great freedom in the choice of expressions (digital or text like an email address, a URL etc ...). But it may be possible to do this differently in the interface.

    Putting this fonctionnality in the "global rules" part is a very good idea because it will not overload the "Manage Field Usage" page which is already very rich.
    User avatar
    Manuel Vacelet (vaceletm)2019-04-24 09:06

    I'm really unsure about using regexp to validate actual numbers.

    However, being able to to set constraint on numbers would be interesting, but it should be done as an extension of workflow "global rules" as it was done for dates.