@jsreport/jsreport-core 3.8.1 → 3.9.0

package/lib/main/folders/validateDuplicatedName.js

@@ -1,4 +1,3 @@
-const omit = require('lodash.omit')
 const resolveEntityPath = require('../../shared/folders/resolveEntityPath')
 
 async function findEntity (reporter, name, folder, req) {
@@ -7,18 +6,11 @@ async function findEntity (reporter, name, folder, req) {
       continue
     }
 
-    const localReq = req ? reporter.Request(req) : req
-
-    // we should validate against all entities without caring about permissions
-    if (localReq) {
-      localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-    }
-
-    const allEntities = await reporter.documentStore.collection(c).find({
+    const allEntities = await reporter.documentStore.collection(c).findAdmin({
       folder
     }, {
       name: 1
-    }, localReq)
+    }, req)
 
     const existingEntity = allEntities.find((entity) => {
       if (entity.name) {

package/lib/main/profiler.js

@@ -211,6 +211,7 @@ module.exports = (reporter) => {
     profilerRequestMap.set(req.context.rootId, req)
 
     const template = await reporter.templates.resolveTemplate(req)
+
     if (template && template._id) {
       req.context.resolvedTemplate = extend(true, {}, template)
 

package/lib/main/reporter.js

@@ -345,13 +345,14 @@ class MainReporter extends Reporter {
     }
 
     if (err.code === 'WORKER_ABORTED') {
-      err.message = 'Report cancelled'
+      err.message = 'Report cancelled by the client or closed network'
       err.weak = true
     }
 
     if (!err.logged) {
       const logFn = err.weak ? this.logger.warn : this.logger.error
-      logFn(`Report render failed: ${err.message}${err.stack != null ? ' ' + err.stack : ''}`, req)
+      const errorMessage = this.createError('Report render failed', { original: err }).message
+      logFn(`${errorMessage}${err.stack != null ? '\n' + err.stack : ''}`, req)
     }
     await this.renderErrorListeners.fire(req, res, err)
     throw err

package/lib/main/store/checkDuplicatedId.js

@@ -1,5 +1,3 @@
-const omit = require('lodash.omit')
-const Request = require('../../shared/request')
 
 module.exports = async function checkDuplicatedId (store, collectionName, idValue, req) {
   if (idValue == null) {
@@ -12,16 +10,10 @@ module.exports = async function checkDuplicatedId (store, collectionName, idValu
 }
 
 async function findEntity (store, collectionName, idValue, req) {
-  const localReq = req ? Request(req) : req
-
   // we should validate without caring about permissions
-  if (localReq) {
-    localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-  }
-
-  const existingEntity = await store.collection(collectionName).findOne({
+  const existingEntity = await store.collection(collectionName).findOneAdmin({
     _id: idValue
-  }, localReq)
+  }, req)
 
   return existingEntity
 }

package/lib/main/store/collection.js

@@ -1,6 +1,8 @@
-const createListenerCollection = require('../../shared/listenerCollection')
 const { resolvePropDefinition } = require('./typeUtils')
+const adminRequest = require('../../shared/adminRequest')
+const createListenerCollection = require('../../shared/listenerCollection')
 const createError = require('../../shared/createError')
+const Request = require('../../shared/request')
 const validateEntityName = require('../validateEntityName')
 
 module.exports = (entitySet, provider, model, validator, encryption, transactions) => ({
@@ -74,6 +76,41 @@ module.exports = (entitySet, provider, model, validator, encryption, transaction
     })
   },
 
+  findAdmin (q, p, req) {
+    if (p && p.__isJsreportRequest__ === true) {
+      req = p
+      p = {}
+    }
+
+    p = p || {}
+
+    req = adminRequest(req, Request)
+
+    return this.find(q, p, req)
+  },
+
+  async findOne (...args) {
+    const res = await this.find(...args)
+    if (res.length > 0) {
+      return res[0]
+    }
+
+    return null
+  },
+
+  findOneAdmin (q, p, req) {
+    if (p && p.__isJsreportRequest__ === true) {
+      req = p
+      p = {}
+    }
+
+    p = p || {}
+
+    req = adminRequest(req, Request)
+
+    return this.findOne(q, p, req)
+  },
+
   count (...args) {
     return this.find(...args).count()
   },
@@ -154,15 +191,6 @@ module.exports = (entitySet, provider, model, validator, encryption, transaction
     })
   },
 
-  async findOne (...args) {
-    const res = await this.find(...args)
-    if (res.length > 0) {
-      return res[0]
-    }
-
-    return null
-  },
-
   async serializeProperties (docs, customTypeDef) {
     let typeDef
 

package/lib/main/store/mainActions.js

@@ -1,15 +1,34 @@
+
 module.exports = (reporter) => {
   reporter.registerMainAction('documentStore.collection.find', async (spec, originalReq) => {
     const localReq = reporter.Request(originalReq)
+
     localReq.context.userFindCall = true
-    const res = await reporter.documentStore.collection(spec.collection).find(spec.query, localReq)
+
+    const collection = reporter.documentStore.collection(spec.collection)
+    let method = 'find'
+
+    if (spec.admin) {
+      method = 'findAdmin'
+    }
+
+    const res = await collection[method](spec.query, localReq)
     return res
   })
 
   reporter.registerMainAction('documentStore.collection.findOne', async (spec, originalReq) => {
     const localReq = reporter.Request(originalReq)
+
     localReq.context.userFindCall = true
-    const res = await reporter.documentStore.collection(spec.collection).findOne(spec.query, localReq)
+
+    const collection = reporter.documentStore.collection(spec.collection)
+    let method = 'findOne'
+
+    if (spec.admin) {
+      method = 'findOneAdmin'
+    }
+
+    const res = await collection[method](spec.query, localReq)
     return res
   })
 

package/lib/main/store/setupValidateShortid.js

@@ -1,4 +1,3 @@
-const omit = require('lodash.omit')
 
 module.exports = (reporter) => {
   reporter.initializeListeners.add('core-validate-shortid', () => {
@@ -60,16 +59,10 @@ async function validateShortid (reporter, collectionName, doc, originalIdValue,
 }
 
 async function findEntity (reporter, collectionName, shortid, req) {
-  const localReq = req ? reporter.Request(req) : req
-
   // we should validate without caring about permissions
-  if (localReq) {
-    localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-  }
-
-  const existingEntity = await reporter.documentStore.collection(collectionName).findOne({
+  const existingEntity = await reporter.documentStore.collection(collectionName).findOneAdmin({
     shortid
-  }, localReq)
+  }, req)
 
   return existingEntity
 }

package/lib/shared/adminRequest.js

@@ -0,0 +1,17 @@
+const omit = require('lodash.omit')
+
+module.exports = function adminRequest (req, Request) {
+  if (req == null) {
+    return req
+  }
+
+  let targetReq = req
+
+  if (Request != null) {
+    targetReq = Request(targetReq)
+  }
+
+  targetReq.context = targetReq.context ? omit(targetReq.context, 'user') : targetReq.context
+
+  return targetReq
+}

package/lib/shared/createError.js

@@ -1,4 +1,4 @@
-const _omit = require('lodash.omit')
+const normalizeError = require('./normalizeError')
 
 module.exports = function (message, options = {}) {
   const { original } = options
@@ -10,23 +10,37 @@ module.exports = function (message, options = {}) {
     error = new Error(message)
 
     if (original != null) {
-      error.entity = original.entity
-      error.lineNumber = original.lineNumber
-      error.property = original.property
+      // because in js you can throw <anything>, not specifically Error
+      const originalNormalized = normalizeError(original)
+
+      error.entity = originalNormalized.entity
+      error.lineNumber = originalNormalized.lineNumber
+      error.property = originalNormalized.property
+
+      if (originalNormalized.statusCode != null) {
+        error.statusCode = originalNormalized.statusCode
+      }
+
+      if (originalNormalized.weak != null) {
+        error.weak = originalNormalized.weak
+      }
 
       if (error.message == null || error.message === '') {
-        error.message = `${original.message}`
+        error.message = `${originalNormalized.message}`
       } else {
-        error.message += `. ${original.message}`
+        error.message += `\n(because) ${lowerCaseFirstLetter(originalNormalized.message)}`
       }
 
-      if (error.stack != null && original.stack != null) {
-        error.stack += `\ncaused by: ${original.stack}`
+      // stack is printed in reverse order (from cause to more high level error)
+      if (error.stack != null && originalNormalized.stack != null) {
+        error.stack = `${originalNormalized.stack}\nwrapped by:\n${error.stack}`
       }
     }
   }
 
-  Object.assign(error, _omit(options, 'original'))
+  const { original: originalInOptions, ...restOfOptions } = options
+
+  Object.assign(error, restOfOptions)
 
   if ((error.statusCode === 400 || error.statusCode === 404) && error.weak == null) {
     error.weak = true
@@ -34,3 +48,11 @@ module.exports = function (message, options = {}) {
 
   return error
 }
+
+function lowerCaseFirstLetter (str) {
+  if (str === '' || typeof str !== 'string') {
+    return str
+  }
+
+  return str.charAt(0).toLowerCase() + str.slice(1)
+}

package/lib/shared/normalizeError.js

@@ -0,0 +1,31 @@
+
+module.exports = function normalizeError (errValue, normalizedErrorPrefix = 'User code threw with non-Error: ') {
+  let newError
+
+  const isErrorObj = (
+    typeof errValue === 'object' &&
+      typeof errValue.hasOwnProperty === 'function' &&
+      Object.prototype.hasOwnProperty.call(errValue, 'message')
+  )
+
+  const isValidError = (
+    isErrorObj ||
+      typeof errValue === 'string'
+  )
+
+  if (!isValidError) {
+    if (Object.prototype.toString.call(errValue) === '[object Object]') {
+      newError = new Error(`${normalizedErrorPrefix}${JSON.stringify(errValue)}`)
+    } else {
+      newError = new Error(`${normalizedErrorPrefix}${errValue}`)
+    }
+  } else {
+    if (typeof errValue === 'string') {
+      newError = new Error(errValue)
+    } else {
+      newError = errValue
+    }
+  }
+
+  return newError
+}

package/lib/shared/reporter.js

@@ -6,7 +6,8 @@ const Folders = require('./folders')
 const createOrExtendError = require('./createError')
 const tempFilesHandler = require('./tempFilesHandler')
 const encryption = require('./encryption')
-const generateRequestId = require('../shared/generateRequestId')
+const generateRequestId = require('./generateRequestId')
+const adminRequest = require('./adminRequest')
 
 class Reporter extends EventEmitter {
   constructor (options) {
@@ -14,6 +15,7 @@ class Reporter extends EventEmitter {
 
     this.options = options || {}
     this.Request = Request
+    this.adminRequest = adminRequest
 
     // since `reporter` instance will be used for other extensions,
     // it will quickly reach the limit of `10` listeners,

package/lib/shared/request.js

@@ -1,5 +1,6 @@
 const extend = require('node.extend.without.arrays')
 const omit = require('lodash.omit')
+const createError = require('./createError')
 
 module.exports = (obj, parent) => {
   if (parent && !parent.__isJsreportRequest__) {
@@ -57,7 +58,14 @@ module.exports = (obj, parent) => {
 
 function normalizeJSONData (data) {
   if (typeof data === 'string') {
-    return JSON.parse(data)
+    try {
+      return JSON.parse(data)
+    } catch (parseError) {
+      throw createError('Unable to parse request data', {
+        weak: true,
+        original: parseError
+      })
+    }
   }
 
   return data

package/lib/worker/documentStore.js

@@ -2,14 +2,10 @@ module.exports = ({ model, collections }, executeMainAction) => {
   const store = {
     model,
     collection: (name) => ({
-      find: (q, req) => executeMainAction('documentStore.collection.find', {
-        query: q,
-        collection: name
-      }, req),
-      findOne: (q, req) => executeMainAction('documentStore.collection.findOne', {
-        query: q,
-        collection: name
-      }, req),
+      find: findMethod('documentStore.collection.find', name, false, executeMainAction),
+      findOne: findMethod('documentStore.collection.findOne', name, false, executeMainAction),
+      findAdmin: findMethod('documentStore.collection.find', name, true, executeMainAction),
+      findOneAdmin: findMethod('documentStore.collection.findOne', name, true, executeMainAction),
       insert: async (doc, req) => {
         const entity = await executeMainAction('documentStore.collection.insert', {
           doc,
@@ -47,3 +43,18 @@ module.exports = ({ model, collections }, executeMainAction) => {
 
   return store
 }
+
+function findMethod (actionName, collectionName, admin, executeMainAction) {
+  return async (q, req) => {
+    const payload = {
+      query: q,
+      collection: collectionName
+    }
+
+    if (admin) {
+      payload.admin = admin
+    }
+
+    return executeMainAction(actionName, payload, req)
+  }
+}

package/lib/worker/render/executeEngine.js

@@ -203,10 +203,13 @@ module.exports = (reporter) => {
       const wrappedTopLevelFunctions = {}
 
       for (const h of Object.keys(topLevelFunctions)) {
+        // extra wrapping for enhance the error with the helper name
+        wrappedTopLevelFunctions[h] = wrapHelperForHelperNameWhenError(topLevelFunctions[h], h)
+
         if (engine.getWrappingHelpersEnabled && engine.getWrappingHelpersEnabled(req) === false) {
-          wrappedTopLevelFunctions[h] = engine.wrapHelper(topLevelFunctions[h], { context })
+          wrappedTopLevelFunctions[h] = engine.wrapHelper(wrappedTopLevelFunctions[h], { context })
         } else {
-          wrappedTopLevelFunctions[h] = wrapHelperForAsyncSupport(topLevelFunctions[h], asyncResultMap)
+          wrappedTopLevelFunctions[h] = wrapHelperForAsyncSupport(wrappedTopLevelFunctions[h], asyncResultMap)
         }
       }
 
@@ -279,10 +282,14 @@ module.exports = (reporter) => {
       const nestedErrorWithEntity = e.entity != null
 
       const templatePath = req.template._id ? await reporter.folders.resolveEntityPath(req.template, 'templates', req) : 'anonymous'
+
+      const newError = reporter.createError(`Error when evaluating engine ${engine.name} for template ${templatePath}`, { original: e })
+
       if (templatePath !== 'anonymous' && !nestedErrorWithEntity) {
         const templateFound = await reporter.folders.resolveEntityFromPath(templatePath, 'templates', req)
+
         if (templateFound != null) {
-          e.entity = {
+          newError.entity = {
             shortid: templateFound.entity.shortid,
             name: templateFound.entity.name,
             content
@@ -290,24 +297,29 @@ module.exports = (reporter) => {
         }
       }
 
-      e.message = `Error when evaluating engine ${engine.name} for template ${templatePath}\n` + e.message
-
       if (!nestedErrorWithEntity && e.property !== 'content') {
-        e.property = 'helpers'
+        newError.property = 'helpers'
       }
 
       if (nestedErrorWithEntity) {
         // errors from nested assets evals needs an unwrap for some reason
-        e.entity = { ...e.entity }
+        newError.entity = { ...e.entity }
       }
 
-      throw e
+      // we remove the decoratedSuffix (created from sandbox) from the stack trace (if it is there) because it
+      // just creates noise and duplication when printing the error,
+      // we just want the decoration on the message not in the stack trace
+      if (e.decoratedSuffix != null && newError.stack.includes(e.decoratedSuffix)) {
+        newError.stack = newError.stack.replace(e.decoratedSuffix, '')
+      }
+
+      throw newError
     }
   }
 
   function wrapHelperForAsyncSupport (fn, asyncResultMap) {
     return function (...args) {
-    // important to call the helper with the current this to preserve the same behavior
+      // important to call the helper with the current this to preserve the same behavior
       const fnResult = fn.call(this, ...args)
 
       if (fnResult == null || typeof fnResult.then !== 'function') {
@@ -320,4 +332,27 @@ module.exports = (reporter) => {
       return `{#asyncHelperResult ${asyncResultId}}`
     }
   }
+
+  function wrapHelperForHelperNameWhenError (fn, helperName) {
+    return function (...args) {
+      let fnResult
+
+      const getEnhancedHelperError = (e) => reporter.createError(`"${helperName}" helper call failed`, { original: e })
+
+      try {
+        // important to call the helper with the current this to preserve the same behavior
+        fnResult = fn.call(this, ...args)
+      } catch (syncError) {
+        throw getEnhancedHelperError(syncError)
+      }
+
+      if (fnResult == null || typeof fnResult.then !== 'function') {
+        return fnResult
+      }
+
+      return fnResult.catch((asyncError) => {
+        throw getEnhancedHelperError(asyncError)
+      })
+    }
+  }
 }

package/lib/worker/render/profiler.js

@@ -126,8 +126,9 @@ class Profiler {
 
     if (parentReq) {
       template = await this.reporter.templates.resolveTemplate(req)
+
       // store a copy to prevent side-effects
-      req.context.resolvedTemplate = extend(true, {}, template)
+      req.context.resolvedTemplate = template != null ? extend(true, {}, template) : template
     } else {
       template = req.context.resolvedTemplate
     }

package/lib/worker/render/render.js

@@ -130,7 +130,7 @@ module.exports = (reporter) => {
         reporter.requestModulesCache.set(request.context.rootId, Object.create(null))
       }
 
-      reporter.logger.info(`Starting rendering request ${request.context.reportCounter} (user: ${(request.context.user ? request.context.user.name : 'null')})`, request)
+      reporter.logger.info(`Starting rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)}${userMsgDecorate(request)}`, request)
 
       // TODO
       /* if (reporter.entityTypeValidator.getSchema('TemplateType') != null) {
@@ -147,7 +147,7 @@ module.exports = (reporter) => {
       await invokeRender(reporter, request, response)
       await afterRender(reporter, request, response)
 
-      reporter.logger.info(`Rendering request ${request.context.reportCounter} finished in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
+      reporter.logger.info(`Rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)} finished in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
 
       response.meta.logs = request.context.logs
 
@@ -164,9 +164,11 @@ module.exports = (reporter) => {
 
       const logFn = e.weak ? reporter.logger.warn : reporter.logger.error
 
-      logFn(`Error when processing render request ${request.context.reportCounter} ${e.message}${e.stack != null ? ' ' + e.stack : ''}`, request)
+      const errorMessage = reporter.createError(`Error when processing${childMsgDecorate(request)} render request${counterMsgDecorate(request)}`, { original: e }).message
 
-      logFn(`Rendering request ${request.context.reportCounter} finished with error in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
+      logFn(`${errorMessage}${e.stack != null ? '\n' + e.stack : ''}`, request)
+
+      logFn(`Rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)} finished with error in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
 
       if (
         parentReq &&
@@ -196,3 +198,27 @@ module.exports = (reporter) => {
     }
   }
 }
+
+function childMsgDecorate (req) {
+  if (!req.context.isChildRequest) {
+    return ''
+  }
+
+  return ' (child)'
+}
+
+function counterMsgDecorate (req) {
+  if (req.context.isChildRequest) {
+    return ''
+  }
+
+  return ` ${req.context.reportCounter}`
+}
+
+function userMsgDecorate (req) {
+  if (!req.context.user) {
+    return ''
+  }
+
+  return ` (user: ${req.context.user.name})`
+}

package/lib/worker/sandbox/createSandbox.js

@@ -372,7 +372,11 @@ function decorateErrorMessage (e, sourceFilesInfo) {
     }
 
     if (suffix !== '') {
-      e.message = `${e.message}\n\n${suffix}`
+      suffix = `\n\n${suffix}`
+      e.message = `${e.message}${suffix}`
+      // we store the suffix we added to the message so we can use it later
+      // to detect if we need to strip this from the stack or not
+      e.decoratedSuffix = suffix
     }
   }
 

package/lib/worker/sandbox/runInSandbox.js

@@ -1,8 +1,9 @@
 const LRU = require('lru-cache')
 const stackTrace = require('stack-trace')
 const { customAlphabet } = require('nanoid')
-const createSandbox = require('./createSandbox')
 const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz', 10)
+const createSandbox = require('./createSandbox')
+const normalizeError = require('../../shared/normalizeError')
 
 module.exports = (reporter) => {
   const functionsCache = LRU(reporter.options.sandbox.cache)
@@ -36,7 +37,16 @@ module.exports = (reporter) => {
       onLog: (log) => {
         // we mark any log done in sandbox as userLevel: true, this allows us to detect which logs belongs to user
         // and can potentially contain sensitive information
-        reporter.logger[log.level](log.message, { ...req, timestamp: log.timestamp, userLevel: true })
+
+        let consoleType = log.level
+
+        if (consoleType === 'debug') {
+          consoleType = 'log'
+        } else if (consoleType === 'warn') {
+          consoleType = 'warning'
+        }
+
+        reporter.logger.debug(`(console:${consoleType}) ${log.message}`, { ...req, timestamp: log.timestamp, userLevel: true })
       },
       formatError: (error, moduleName) => {
         error.message += ` To be able to require custom modules you need to add to configuration { "trustUserCode": true } or enable just specific module using { sandbox: { allowedModules": ["${moduleName}"] }`
@@ -135,10 +145,14 @@ module.exports = (reporter) => {
       const initScriptInfo = await initFn(_getTopLevelFunctions, compileScript)
 
       if (initScriptInfo) {
-        await run(initScriptInfo.script, {
-          filename: initScriptInfo.filename || 'sandbox-init.js',
-          source: initScriptInfo.source
-        })
+        try {
+          await run(initScriptInfo.script, {
+            filename: initScriptInfo.filename || 'sandbox-init.js',
+            source: initScriptInfo.source
+          })
+        } catch (e) {
+          handleError(reporter, e)
+        }
       }
     }
 
@@ -162,43 +176,29 @@ module.exports = (reporter) => {
           })
         }).catch(__handleError);`
 
-    return run(executionCode, {
-      filename: 'sandbox.js',
-      source: userCode,
-      errorLineNumberOffset
-    })
+    try {
+      return await run(executionCode, {
+        filename: 'sandbox.js',
+        source: userCode,
+        errorLineNumberOffset
+      })
+    } catch (e) {
+      handleError(reporter, e)
+    }
   }
 }
 
 function handleError (reporter, errValue) {
-  let newError
-
-  const isErrorObj = (
-    typeof errValue === 'object' &&
-      typeof errValue.hasOwnProperty === 'function' &&
-      Object.prototype.hasOwnProperty.call(errValue, 'message')
-  )
-
-  const isValidError = (
-    isErrorObj ||
-      typeof errValue === 'string'
-  )
-
-  if (!isValidError) {
-    if (Object.prototype.toString.call(errValue) === '[object Object]') {
-      newError = new Error(`User code threw with non-Error: ${JSON.stringify(errValue)}`)
-    } else {
-      newError = new Error(`User code threw with non-Error: ${errValue}`)
-    }
-  } else {
-    if (typeof errValue === 'string') {
-      newError = new Error(errValue)
-    } else {
-      newError = new Error(errValue.message)
-      Object.assign(newError, errValue)
-      if (errValue.stack) {
-        newError.stack = errValue.stack
-      }
+  let newError = normalizeError(errValue)
+
+  if (newError === errValue) {
+    // here it means the original error was valid in the first place,
+    // so it was not normalized
+    newError = new Error(errValue.message)
+    Object.assign(newError, errValue)
+
+    if (errValue.stack) {
+      newError.stack = errValue.stack
     }
   }
 

package/lib/worker/templates.js

@@ -28,12 +28,43 @@ module.exports = (reporter) => {
     const template = req.context.resolvedTemplate
 
     if (!template && !req.template.content) {
-      throw reporter.createError(`Unable to find specified template or user does not have permissions to read it: ${
-        (req.template._id || req.template.shortid || req.template.name)
-      }`, {
-        weak: true,
-        statusCode: 404
-      })
+      let error
+
+      if (
+        req.template._id ||
+        req.template.shortid ||
+        req.template.name
+      ) {
+        const query = {}
+
+        if (req.template._id) {
+          query._id = req.template._id
+        } else if (req.template.shortid) {
+          query.shortid = req.template.shortid
+        } else if (req.template.name) {
+          query.name = req.template.name
+        }
+
+        const templateFromLocal = await reporter.documentStore.collection('templates').findOneAdmin(query, req)
+
+        if (templateFromLocal == null) {
+          error = reporter.createError(`Unable to find specified template (${
+            (req.template.name || req.template.shortid || req.template._id)
+          })`, {
+            weak: true,
+            statusCode: 404
+          })
+        } else {
+          error = reporter.createError(`User does not have permissions to read template (${
+            (req.template.name || req.template.shortid || req.template._id)
+          })`, {
+            weak: true,
+            statusCode: 403
+          })
+        }
+      }
+
+      throw error
     }
 
     // store a copy to prevent side-effects, we ignore name from the req.template because it can be path "/path/to/template"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jsreport/jsreport-core",
-  "version": "3.8.1",
+  "version": "3.9.0",
   "description": "javascript based business reporting",
   "keywords": [
     "report",