npm - @saltcorn/data - Versions diffs - 1.6.0-alpha.9 → 1.6.0-beta.10 - Mend

@saltcorn/data 1.6.0-alpha.9 → 1.6.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (298) hide show

package/dist/base-plugin/actions.d.ts +194 -65
package/dist/base-plugin/actions.d.ts.map +1 -1
package/dist/base-plugin/actions.js +220 -80
package/dist/base-plugin/actions.js.map +1 -1
package/dist/base-plugin/fieldviews.d.ts +1 -0
package/dist/base-plugin/fieldviews.d.ts.map +1 -1
package/dist/base-plugin/fieldviews.js +5 -2
package/dist/base-plugin/fieldviews.js.map +1 -1
package/dist/base-plugin/fileviews.d.ts +6 -0
package/dist/base-plugin/fileviews.d.ts.map +1 -1
package/dist/base-plugin/fileviews.js +14 -0
package/dist/base-plugin/fileviews.js.map +1 -1
package/dist/base-plugin/index.d.ts +220 -70
package/dist/base-plugin/index.d.ts.map +1 -1
package/dist/base-plugin/types.d.ts +26 -11
package/dist/base-plugin/types.d.ts.map +1 -1
package/dist/base-plugin/types.js +47 -13
package/dist/base-plugin/types.js.map +1 -1
package/dist/base-plugin/viewtemplates/edit.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/edit.js +15 -11
package/dist/base-plugin/viewtemplates/edit.js.map +1 -1
package/dist/base-plugin/viewtemplates/feed.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/feed.js +1 -1
package/dist/base-plugin/viewtemplates/feed.js.map +1 -1
package/dist/base-plugin/viewtemplates/filter.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/filter.js +13 -5
package/dist/base-plugin/viewtemplates/filter.js.map +1 -1
package/dist/base-plugin/viewtemplates/list.d.ts +2 -1
package/dist/base-plugin/viewtemplates/list.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/list.js +20 -2
package/dist/base-plugin/viewtemplates/list.js.map +1 -1
package/dist/base-plugin/viewtemplates/room.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/room.js +1 -1
package/dist/base-plugin/viewtemplates/room.js.map +1 -1
package/dist/base-plugin/viewtemplates/show.d.ts.map +1 -1
package/dist/base-plugin/viewtemplates/show.js +3 -0
package/dist/base-plugin/viewtemplates/show.js.map +1 -1
package/dist/db/fixtures.d.ts.map +1 -1
package/dist/db/fixtures.js +31 -1
package/dist/db/fixtures.js.map +1 -1
package/dist/db/state.d.ts +9 -3
package/dist/db/state.d.ts.map +1 -1
package/dist/db/state.js +63 -16
package/dist/db/state.js.map +1 -1
package/dist/migrate.d.ts.map +1 -1
package/dist/migrate.js +12 -5
package/dist/migrate.js.map +1 -1
package/dist/migrations/202603101553.d.ts +4 -0
package/dist/migrations/202603101553.d.ts.map +1 -0
package/dist/migrations/202603101553.js +22 -0
package/dist/migrations/202603101553.js.map +1 -0
package/dist/migrations/202604091531.d.ts +2 -0
package/dist/migrations/202604091531.d.ts.map +1 -0
package/dist/migrations/202604091531.js +9 -0
package/dist/migrations/202604091531.js.map +1 -0
package/dist/migrations/202604111200.d.ts +2 -0
package/dist/migrations/202604111200.d.ts.map +1 -0
package/dist/migrations/202604111200.js +15 -0
package/dist/migrations/202604111200.js.map +1 -0
package/dist/migrations/202604141200.d.ts +2 -0
package/dist/migrations/202604141200.d.ts.map +1 -0
package/dist/migrations/202604141200.js +14 -0
package/dist/migrations/202604141200.js.map +1 -0
package/dist/mobile-mocks/node/assert.d.ts +1 -0
package/dist/mobile-mocks/node/assert.d.ts.map +1 -0
package/dist/mobile-mocks/node/assert.js +2 -0
package/dist/mobile-mocks/node/assert.js.map +1 -0
package/dist/mobile-mocks/node/fs/promises.d.ts +1 -0
package/dist/mobile-mocks/node/fs/promises.d.ts.map +1 -1
package/dist/mobile-mocks/node/fs/promises.js +4 -0
package/dist/mobile-mocks/node/fs/promises.js.map +1 -1
package/dist/mobile-mocks/node/fs.d.ts +2 -0
package/dist/mobile-mocks/node/fs.d.ts.map +1 -1
package/dist/mobile-mocks/node/fs.js +36 -0
package/dist/mobile-mocks/node/fs.js.map +1 -1
package/dist/mobile-mocks/npm/npm-registry-fetch.d.ts +3 -0
package/dist/mobile-mocks/npm/npm-registry-fetch.d.ts.map +1 -0
package/dist/mobile-mocks/npm/npm-registry-fetch.js +3 -0
package/dist/mobile-mocks/npm/npm-registry-fetch.js.map +1 -0
package/dist/mobile-mocks/saltcorn/admin-models-tenant.d.ts +1 -0
package/dist/mobile-mocks/saltcorn/admin-models-tenant.d.ts.map +1 -0
package/dist/mobile-mocks/saltcorn/admin-models-tenant.js +2 -0
package/dist/mobile-mocks/saltcorn/admin-models-tenant.js.map +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-plugin-installer.d.ts +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-plugin-installer.d.ts.map +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-plugin-installer.js +2 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-plugin-installer.js.map +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-stable-versioning.d.ts +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-stable-versioning.d.ts.map +1 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-stable-versioning.js +2 -0
package/dist/mobile-mocks/saltcorn/plugins-loader-stable-versioning.js.map +1 -0
package/dist/models/config.d.ts.map +1 -1
package/dist/models/config.js +46 -1
package/dist/models/config.js.map +1 -1
package/dist/models/discovery.d.ts +14 -0
package/dist/models/discovery.d.ts.map +1 -1
package/dist/models/discovery.js +63 -0
package/dist/models/discovery.js.map +1 -1
package/dist/models/expression.d.ts +8 -5
package/dist/models/expression.d.ts.map +1 -1
package/dist/models/expression.js +77 -28
package/dist/models/expression.js.map +1 -1
package/dist/models/field.d.ts.map +1 -1
package/dist/models/field.js +106 -19
package/dist/models/field.js.map +1 -1
package/dist/models/index.d.ts +13 -3
package/dist/models/index.d.ts.map +1 -1
package/dist/models/index.js +1 -1
package/dist/models/index.js.map +1 -1
package/dist/models/internal/push_message_helper.d.ts.map +1 -1
package/dist/models/internal/push_message_helper.js +5 -2
package/dist/models/internal/push_message_helper.js.map +1 -1
package/dist/models/metadata.d.ts +2 -1
package/dist/models/metadata.d.ts.map +1 -1
package/dist/models/metadata.js +5 -0
package/dist/models/metadata.js.map +1 -1
package/dist/models/page.d.ts +1 -0
package/dist/models/page.d.ts.map +1 -1
package/dist/models/page.js +37 -19
package/dist/models/page.js.map +1 -1
package/dist/models/plugin.d.ts +59 -2
package/dist/models/plugin.d.ts.map +1 -1
package/dist/models/plugin.js +324 -3
package/dist/models/plugin.js.map +1 -1
package/dist/models/scheduler.d.ts.map +1 -1
package/dist/models/scheduler.js +15 -5
package/dist/models/scheduler.js.map +1 -1
package/dist/models/table.d.ts +11 -1
package/dist/models/table.d.ts.map +1 -1
package/dist/models/table.js +344 -127
package/dist/models/table.js.map +1 -1
package/dist/models/trigger.d.ts +3 -1
package/dist/models/trigger.d.ts.map +1 -1
package/dist/models/trigger.js +38 -13
package/dist/models/trigger.js.map +1 -1
package/dist/models/user.d.ts.map +1 -1
package/dist/models/user.js +5 -0
package/dist/models/user.js.map +1 -1
package/dist/models/view.d.ts +1 -0
package/dist/models/view.d.ts.map +1 -1
package/dist/models/view.js +74 -14
package/dist/models/view.js.map +1 -1
package/dist/models/workflow.d.ts.map +1 -1
package/dist/models/workflow.js +6 -0
package/dist/models/workflow.js.map +1 -1
package/dist/models/workflow_run.d.ts.map +1 -1
package/dist/models/workflow_run.js +3 -2
package/dist/models/workflow_run.js.map +1 -1
package/dist/models/workflow_step.d.ts +1 -1
package/dist/models/workflow_step.d.ts.map +1 -1
package/dist/models/workflow_step.js +2 -1
package/dist/models/workflow_step.js.map +1 -1
package/dist/plugin-helper.d.ts +3 -11
package/dist/plugin-helper.d.ts.map +1 -1
package/dist/plugin-helper.js +106 -60
package/dist/plugin-helper.js.map +1 -1
package/dist/standard-menu.d.ts.map +1 -1
package/dist/standard-menu.js +19 -0
package/dist/standard-menu.js.map +1 -1
package/dist/tests/remote_query_helper.js +1 -1
package/dist/tests/remote_query_helper.js.map +1 -1
package/dist/utils.d.ts +15 -0
package/dist/utils.d.ts.map +1 -1
package/dist/utils.js +102 -5
package/dist/utils.js.map +1 -1
package/dist/viewable_fields.d.ts +3 -3
package/dist/viewable_fields.d.ts.map +1 -1
package/dist/viewable_fields.js +60 -16
package/dist/viewable_fields.js.map +1 -1
package/dist/web-mobile-commons.d.ts.map +1 -1
package/dist/web-mobile-commons.js +2 -1
package/dist/web-mobile-commons.js.map +1 -1
package/package.json +12 -9
package/webpack.config.js +12 -0
package/dist/tests/actions.test.d.ts +0 -2
package/dist/tests/actions.test.d.ts.map +0 -1
package/dist/tests/actions.test.js +0 -936
package/dist/tests/actions.test.js.map +0 -1
package/dist/tests/auth.test.d.ts +0 -2
package/dist/tests/auth.test.d.ts.map +0 -1
package/dist/tests/auth.test.js +0 -824
package/dist/tests/auth.test.js.map +0 -1
package/dist/tests/auxtest.test.d.ts +0 -2
package/dist/tests/auxtest.test.d.ts.map +0 -1
package/dist/tests/auxtest.test.js +0 -562
package/dist/tests/auxtest.test.js.map +0 -1
package/dist/tests/base.test.d.ts +0 -2
package/dist/tests/base.test.d.ts.map +0 -1
package/dist/tests/base.test.js +0 -30
package/dist/tests/base.test.js.map +0 -1
package/dist/tests/calc.test.d.ts +0 -2
package/dist/tests/calc.test.d.ts.map +0 -1
package/dist/tests/calc.test.js +0 -1081
package/dist/tests/calc.test.js.map +0 -1
package/dist/tests/composite_pk.test.d.ts +0 -2
package/dist/tests/composite_pk.test.d.ts.map +0 -1
package/dist/tests/composite_pk.test.js +0 -98
package/dist/tests/composite_pk.test.js.map +0 -1
package/dist/tests/config.test.d.ts +0 -2
package/dist/tests/config.test.d.ts.map +0 -1
package/dist/tests/config.test.js +0 -86
package/dist/tests/config.test.js.map +0 -1
package/dist/tests/db.test.d.ts +0 -2
package/dist/tests/db.test.d.ts.map +0 -1
package/dist/tests/db.test.js +0 -178
package/dist/tests/db.test.js.map +0 -1
package/dist/tests/discover.test.d.ts +0 -2
package/dist/tests/discover.test.d.ts.map +0 -1
package/dist/tests/discover.test.js +0 -245
package/dist/tests/discover.test.js.map +0 -1
package/dist/tests/edit.test.d.ts +0 -2
package/dist/tests/edit.test.d.ts.map +0 -1
package/dist/tests/edit.test.js +0 -1161
package/dist/tests/edit.test.js.map +0 -1
package/dist/tests/email.test.d.ts +0 -2
package/dist/tests/email.test.d.ts.map +0 -1
package/dist/tests/email.test.js +0 -255
package/dist/tests/email.test.js.map +0 -1
package/dist/tests/exact_views.test.d.ts +0 -2
package/dist/tests/exact_views.test.d.ts.map +0 -1
package/dist/tests/exact_views.test.js +0 -1363
package/dist/tests/exact_views.test.js.map +0 -1
package/dist/tests/field.test.d.ts +0 -2
package/dist/tests/field.test.d.ts.map +0 -1
package/dist/tests/field.test.js +0 -588
package/dist/tests/field.test.js.map +0 -1
package/dist/tests/fieldviews.test.d.ts +0 -2
package/dist/tests/fieldviews.test.d.ts.map +0 -1
package/dist/tests/fieldviews.test.js +0 -74
package/dist/tests/fieldviews.test.js.map +0 -1
package/dist/tests/file.test.d.ts +0 -2
package/dist/tests/file.test.d.ts.map +0 -1
package/dist/tests/file.test.js +0 -148
package/dist/tests/file.test.js.map +0 -1
package/dist/tests/filter.test.d.ts +0 -2
package/dist/tests/filter.test.d.ts.map +0 -1
package/dist/tests/filter.test.js +0 -496
package/dist/tests/filter.test.js.map +0 -1
package/dist/tests/form.test.d.ts +0 -2
package/dist/tests/form.test.d.ts.map +0 -1
package/dist/tests/form.test.js +0 -264
package/dist/tests/form.test.js.map +0 -1
package/dist/tests/list.test.d.ts +0 -2
package/dist/tests/list.test.d.ts.map +0 -1
package/dist/tests/list.test.js +0 -1037
package/dist/tests/list.test.js.map +0 -1
package/dist/tests/models.test.d.ts +0 -2
package/dist/tests/models.test.d.ts.map +0 -1
package/dist/tests/models.test.js +0 -417
package/dist/tests/models.test.js.map +0 -1
package/dist/tests/page.test.d.ts +0 -2
package/dist/tests/page.test.d.ts.map +0 -1
package/dist/tests/page.test.js +0 -26
package/dist/tests/page.test.js.map +0 -1
package/dist/tests/page_group.test.d.ts +0 -2
package/dist/tests/page_group.test.d.ts.map +0 -1
package/dist/tests/page_group.test.js +0 -51
package/dist/tests/page_group.test.js.map +0 -1
package/dist/tests/plugin.test.d.ts +0 -2
package/dist/tests/plugin.test.d.ts.map +0 -1
package/dist/tests/plugin.test.js +0 -60
package/dist/tests/plugin.test.js.map +0 -1
package/dist/tests/show.test.d.ts +0 -2
package/dist/tests/show.test.d.ts.map +0 -1
package/dist/tests/show.test.js +0 -561
package/dist/tests/show.test.js.map +0 -1
package/dist/tests/state.test.d.ts +0 -2
package/dist/tests/state.test.d.ts.map +0 -1
package/dist/tests/state.test.js +0 -82
package/dist/tests/state.test.js.map +0 -1
package/dist/tests/table.test.d.ts +0 -2
package/dist/tests/table.test.d.ts.map +0 -1
package/dist/tests/table.test.js +0 -2717
package/dist/tests/table.test.js.map +0 -1
package/dist/tests/table_history.test.d.ts +0 -2
package/dist/tests/table_history.test.d.ts.map +0 -1
package/dist/tests/table_history.test.js +0 -413
package/dist/tests/table_history.test.js.map +0 -1
package/dist/tests/tag.test.d.ts +0 -2
package/dist/tests/tag.test.d.ts.map +0 -1
package/dist/tests/tag.test.js +0 -97
package/dist/tests/tag.test.js.map +0 -1
package/dist/tests/user.test.d.ts +0 -2
package/dist/tests/user.test.d.ts.map +0 -1
package/dist/tests/user.test.js +0 -441
package/dist/tests/user.test.js.map +0 -1
package/dist/tests/view.test.d.ts +0 -2
package/dist/tests/view.test.d.ts.map +0 -1
package/dist/tests/view.test.js +0 -699
package/dist/tests/view.test.js.map +0 -1
package/dist/tests/workflow.test.d.ts +0 -2
package/dist/tests/workflow.test.d.ts.map +0 -1
package/dist/tests/workflow.test.js +0 -303
package/dist/tests/workflow.test.js.map +0 -1
package/dist/tests/workflow_run.test.d.ts +0 -2
package/dist/tests/workflow_run.test.d.ts.map +0 -1
package/dist/tests/workflow_run.test.js +0 -922
package/dist/tests/workflow_run.test.js.map +0 -1

package/dist/models/table.js CHANGED Viewed

@@ -47,7 +47,7 @@ const field_1 = __importDefault(require("./field"));
 const common_types_1 = require("@saltcorn/types/common_types");
 const trigger_1 = __importDefault(require("./trigger"));
 const expression_1 = __importDefault(require("./expression"));
-const { apply_calculated_fields, apply_calculated_fields_stored, recalculate_for_stored, get_expression_function, eval_expression, freeVariables, add_free_variables_to_joinfields, removeComments, jsexprToWhere, } = expression_1.default;
+const { apply_calculated_fields, apply_calculated_fields_stored, recalculate_for_stored, get_expression_function, get_async_expression_function, eval_expression, freeVariables, add_free_variables_to_joinfields, removeComments, jsexprToWhere, } = expression_1.default;
 const uuid_1 = require("uuid");
 const csvtojson_1 = __importDefault(require("csvtojson"));
 const moment_1 = __importDefault(require("moment"));
@@ -201,6 +201,17 @@ class Table {
         this.provider_cfg = stringToJSON(o.provider_cfg);
         this.provider_name = o.provider_name;
         this.fields = o.fields.map((f) => new field_1.default(f));
+        this.updated_at = ["string", "number"].includes(typeof o.updated_at)
+            ? new Date(o.updated_at)
+            : o.updated_at;
+    }
+    static subClass({ user, read_only, } = {}) {
+        var _a;
+        return _a = class extends this {
+            },
+            _a.fixed_user = user || undefined,
+            _a.read_only = !!read_only,
+            _a;
     }
     get to_json() {
         return {
@@ -234,6 +245,7 @@ class Table {
             const { fields, constraints, ...updDB } = upd_rec;
             if (updDB.ownership_field_id === "")
                 delete updDB.ownership_field_id;
+            updDB.updated_at = new Date();
             await db_1.default.update("_sc_tables", updDB, tbl.id);
             //limited refresh if we do not have a client
             if (!db_1.default.getRequestContext()?.client)
@@ -247,6 +259,7 @@ class Table {
             if (!db_1.default.getRequestContext()?.client)
                 await Table.state_refresh(true);
         };
+        //console.log({tbl});
         return t;
     }
     /**
@@ -263,9 +276,9 @@ class Table {
             return where;
         // todo add string & number as possible types for where
         if (typeof where === "string")
-            return Table.findOne({ name: where });
+            return this.findOne({ name: where });
         if (typeof where === "number")
-            return Table.findOne({ id: where });
+            return this.findOne({ id: where });
         if (typeof where === "undefined")
             return null;
         if (where === null)
@@ -283,10 +296,10 @@ class Table {
                 ? (v) => v.name === where.name
                 : satisfies(where));
         if (tbl?.provider_name) {
-            return new Table(structuredClone(tbl)).to_provided_table();
+            return new this(structuredClone(tbl)).to_provided_table();
         }
         else
-            return tbl ? new Table(structuredClone(tbl)) : null;
+            return tbl ? new this(structuredClone(tbl)) : null;
     }
     /**
      * Find Tables
@@ -298,7 +311,7 @@ class Table {
         if (selectopts.cached) {
             const { getState } = require("../db/state");
             return getState()
-                .tables.map((t) => new Table(structuredClone(t)))
+                .tables.map((t) => new this(structuredClone(t)))
                 .filter(satisfies(where || {}));
         }
         if (where?.name) {
@@ -316,7 +329,7 @@ class Table {
                 const { getState } = require("../db/state");
                 const provider = getState().table_providers[t.provider_name];
                 if (provider)
-                    t.fields = await applyAsync(provider.fields, t.provider_cfg);
+                    t.fields = await applyAsync(provider.fields, stringToJSON(t.provider_cfg));
                 else
                     t.fields = [];
             }
@@ -327,7 +340,7 @@ class Table {
             t.constraints = constraints
                 .filter((f) => f.table_id === t.id)
                 .map((f) => new _TableConstraint(f));
-            const tbl = new Table(t);
+            const tbl = new this(t);
             return tbl.to_provided_table();
         });
     }
@@ -355,7 +368,7 @@ class Table {
                 t.fields = flds
                     .filter((f) => f.table_id === t.id)
                     .map((f) => new field_1.default(f));
-                return new Table(t);
+                return new this(t);
             });
         }
         return [...dbs, ...externals];
@@ -401,18 +414,19 @@ class Table {
      * @returns {boolean}
      */
     is_owner(user, row) {
-        if (!user)
+        let use_user = this.constructor.fixed_user || user;
+        if (!use_user)
             return false;
         if (this.ownership_formula && this.fields) {
             const f = get_expression_function(this.ownership_formula, this.fields);
-            return !!f(row, user);
+            return !!f(row, use_user);
         }
         const field_name = this.owner_fieldname();
         // users are owners of their own row in users table
         if (this.name === "users" && !field_name)
-            return !!user.id && `${row?.id}` === `${user.id}`;
+            return !!use_user.id && `${row?.id}` === `${use_user.id}`;
         return (typeof field_name === "string" &&
-            (row[field_name] === user.id || row[field_name]?.id === user.id));
+            (row[field_name] === use_user.id || row[field_name]?.id === use_user.id));
     }
     /**
      * get Ownership options
@@ -553,6 +567,8 @@ class Table {
         if (pk_type !== "Integer") {
             const { getState } = require("../db/state");
             const type = getState().types[pk_type];
+            if (!type)
+                throw new Error(`Cannot find primary key type ${pk_type} in fields ${JSON.stringify(fields)}`);
             pk_sql_type = type.sql_name;
             if (type.primaryKey?.default_sql)
                 pk_sql_type = `${type.sql_name} default ${type.primaryKey?.default_sql}`;
@@ -568,7 +584,11 @@ class Table {
      */
     static async create(name, options = {}, //TODO not selectoptions
     id) {
-        const { pk_type, pk_sql_type } = Table.pkSqlType(options.fields);
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
+        const { pk_type, pk_sql_type } = options.provider_name
+            ? {}
+            : Table.pkSqlType(options.fields);
         const schema = db_1.default.getTenantSchemaPrefix();
         // create table in database
         if (!options.provider_name)
@@ -585,6 +605,7 @@ class Table {
             description: options.description || "",
             provider_name: options.provider_name,
             provider_cfg: options.provider_cfg,
+            updated_at: new Date(),
         };
         let pk_fld_id;
         if (!id) {
@@ -645,6 +666,8 @@ class Table {
      * @param table
      */
     static async createInDb(table) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const is_sqlite = db_1.default.isSQLite;
         const schema = db_1.default.getTenantSchemaPrefix();
         const { pk_sql_type } = Table.pkSqlType(table.fields);
@@ -676,6 +699,8 @@ class Table {
      */
     // tbd check all other tables related to table description
     async delete(only_forget = false) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const schema = db_1.default.getTenantSchemaPrefix();
         const is_sqlite = db_1.default.isSQLite;
         await this.update({ ownership_field_id: null });
@@ -708,6 +733,8 @@ class Table {
      * Reset Sequence
      */
     async resetSequence() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const fields = this.fields;
         const pk = fields.find((f) => f.primary_key);
         if (!pk) {
@@ -726,13 +753,14 @@ class Table {
      * @param forRead
      */
     updateWhereWithOwnership(where, user, forRead) {
-        const role = user?.role_id;
+        let use_user = this.constructor.fixed_user || user;
+        const role = use_user?.role_id;
         const min_role = forRead ? this.min_role_read : this.min_role_write;
         if (role &&
             role > min_role &&
             ((!this.ownership_field_id && !this.ownership_formula) || role === 100))
             return { notAuthorized: true };
-        if (user &&
+        if (use_user &&
             role &&
             role < 100 &&
             role > min_role &&
@@ -741,16 +769,16 @@ class Table {
             if (!owner_field)
                 throw new Error(`Owner field in table ${this.name} not found`);
             mergeIntoWhere(where, {
-                [owner_field.name]: user.id,
+                [owner_field.name]: use_user.id,
             });
         }
-        else if (user &&
+        else if (use_user &&
             role &&
             role < 100 &&
             role > min_role &&
             this.ownership_formula) {
             try {
-                mergeIntoWhere(where, this.ownership_formula_where(user));
+                mergeIntoWhere(where, this.ownership_formula_where(use_user));
             }
             catch (e) {
                 //ignore, ownership formula is too difficult to merge with where
@@ -758,23 +786,50 @@ class Table {
             }
         }
     }
-    async addDeleteSyncInfo(ids, timestamp) {
+    async addDeleteSyncInfo(ids, timestamp, ownerFieldName, ownershipFormula) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
+        // Top-level keys referenced by the formula (strip join path suffixes,
+        // drop "user"). Stored in owner_fields so is_owner() can re-evaluate later.
+        const formulaTopKeys = ownershipFormula
+            ? [
+                ...new Set([...freeVariables(ownershipFormula)]
+                    .map((v) => v.split(/[.Ⱶ]/)[0])
+                    .filter((v) => v !== "user")),
+            ]
+            : null;
         await db_1.default.tryCatchInTransaction(async () => {
             if (ids.length > 0) {
                 const schema = db_1.default.getTenantSchemaPrefix();
                 const pkName = this.pk_name || "id";
                 if (isNode()) {
-                    await db_1.default.query(`delete from ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info" where ref in (
-            ${ids.map((row) => row[pkName]).join(",")})`);
-                    await db_1.default.query(`insert into ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info" (ref, last_modified, deleted)
-              values ${ids
-                        .map((row) => `(${row[pkName]}, date_trunc('milliseconds', to_timestamp( ${timestamp.valueOf() / 1000.0} ) ), true)`)
-                        .join(",")}`);
+                    const pkVals = ids.map((row) => String(row[pkName]));
+                    await db_1.default.query(`delete from ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info" where ref = ANY($1::text[])`, [pkVals]);
+                    const tsParam = timestamp.valueOf() / 1000.0;
+                    const insertParams = [tsParam];
+                    const valueClauses = pkVals.map((pkVal, i) => {
+                        const ownerVal = ownerFieldName
+                            ? (ids[i][ownerFieldName] ?? null)
+                            : null;
+                        const ownerFieldsVal = formulaTopKeys && formulaTopKeys.length > 0
+                            ? JSON.stringify(Object.fromEntries(formulaTopKeys.map((k) => [k, ids[i][k] ?? null])))
+                            : null;
+                        insertParams.push(pkVal);
+                        insertParams.push(ownerVal);
+                        insertParams.push(ownerFieldsVal);
+                        return `($${insertParams.length - 2}::text, date_trunc('milliseconds', to_timestamp($1)), true, $${insertParams.length - 1}, $${insertParams.length})`;
+                    });
+                    await db_1.default.query(`insert into ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info" (ref, last_modified, deleted, owner_id, owner_fields)
+              values ${valueClauses.join(",")}`, insertParams);
                 }
                 else {
+                    const pkVals = ids.map((row) => String(row[pkName]));
+                    const placeholders = pkVals
+                        .map((_, i) => `$${i + 1}`)
+                        .join(",");
                     await db_1.default.query(`update "${db_1.default.sqlsanitize(this.name)}_sync_info"
            set deleted = true, modified_local = true
-           where ref in (${ids.map((row) => row[pkName]).join(",")})`);
+           where ref in (${placeholders})`, pkVals);
                 }
             }
         }, (e) => {
@@ -797,9 +852,12 @@ class Table {
      * @returns
      */
     async deleteRows(where, user, noTrigger, resultCollector) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         //Fast truncate if user is admin and where is blank
         const cfields = await field_1.default.find({ reftable_name: this.name }, { cached: true });
-        if ((!user || user?.role_id === 1) &&
+        if ((!use_user || use_user?.role_id === 1) &&
             Object.keys(where).length == 0 &&
             db_1.default.truncate &&
             noTrigger &&
@@ -815,7 +873,13 @@ class Table {
         // get triggers on delete
         const triggers = await trigger_1.default.getTableTriggers("Delete", this);
         const fields = this.fields;
-        if (this.updateWhereWithOwnership(where, user)?.notAuthorized) {
+        const ownerFieldName = (() => {
+            if (!this.has_sync_info || !this.ownership_field_id)
+                return null;
+            const f = fields?.find((f) => f.id === this.ownership_field_id);
+            return f?.name ?? null;
+        })();
+        if (this.updateWhereWithOwnership(where, use_user)?.notAuthorized) {
             const state = require("../db/state").getState();
             state.log(4, `Not authorized to deleteRows in table ${this.name}.`);
             return;
@@ -827,13 +891,23 @@ class Table {
             expression: "__aggregation",
             attributes: { json: { table: this.name } },
         }, { cached: true });
+        // Join fields needed to snapshot ownership_formula values into sync_info.
+        // Computed once here; used either via the existing rows fetch (if it runs)
+        // or via a separate minimal fetch in the else branch below.
+        const ownershipJoinFields = {};
+        if (this.has_sync_info && this.ownership_formula) {
+            add_free_variables_to_joinfields(freeVariables(this.ownership_formula), ownershipJoinFields, fields);
+        }
         let rows;
         if (calc_agg_fields.length ||
-            (user && user.role_id > this.min_role_write && this.ownership_formula)) {
+            (use_user &&
+                use_user.role_id > this.min_role_write &&
+                this.ownership_formula)) {
             rows = await this.getJoinedRows({
                 where,
-                forUser: user,
-                forPublic: user?.role_id === 100,
+                forUser: use_user,
+                forPublic: use_user?.role_id === 100,
+                joinFields: ownershipJoinFields,
             });
         }
         const deleteFileFields = fields.filter((f) => f.type === "File" && f.attributes?.also_delete_file);
@@ -843,15 +917,15 @@ class Table {
             if (!rows)
                 rows = await this.getJoinedRows({
                     where,
-                    forUser: user,
-                    forPublic: user?.role_id === 100,
+                    forUser: use_user,
+                    forPublic: use_user?.role_id === 100,
                 });
             for (const trigger of triggers) {
                 for (const row of rows) {
                     // run triggers on delete
-                    if (trigger.haltOnOnlyIf?.(row, user))
+                    if (trigger.haltOnOnlyIf?.(row, use_user))
                         continue;
-                    const runres = await trigger.run(row, { user });
+                    const runres = await trigger.run(row, { user: use_user });
                     if (runres && resultCollector)
                         mergeActionResults(resultCollector, runres);
                 }
@@ -871,32 +945,47 @@ class Table {
         }
         await db_1.default.tryCatchInTransaction(async () => {
             if (rows) {
-                const delIds = rows.map((r) => r[this.pk_name]);
+                const pkIds = rows.map((r) => r[this.pk_name]);
                 if (!db_1.default.isSQLite) {
                     await db_1.default.deleteWhere(this.name, {
-                        [this.pk_name]: { in: delIds },
+                        [this.pk_name]: { in: pkIds },
                     });
                 }
                 else {
-                    await db_1.default.query(`delete from "${db_1.default.sqlsanitize(this.name)}" where "${db_1.default.sqlsanitize(this.pk_name)}" in (${delIds.join(",")})`);
+                    await db_1.default.query(`delete from "${db_1.default.sqlsanitize(this.name)}" where "${db_1.default.sqlsanitize(this.pk_name)}" in (${pkIds.join(",")})`);
                 }
                 for (const row of rows)
                     await this.auto_update_calc_aggregations(row);
                 if (this.has_sync_info) {
                     const dbTime = await db_1.default.time();
-                    await this.addDeleteSyncInfo(rows, dbTime);
+                    await this.addDeleteSyncInfo(rows, dbTime, ownerFieldName, this.ownership_formula);
                 }
             }
             else {
-                const delIds = this.has_sync_info
-                    ? await db_1.default.select(this.name, where, {
-                        fields: [this.pk_name],
-                    })
-                    : null;
-                await db_1.default.deleteWhere(this.name, where);
+                let preDeleteRows = null;
                 if (this.has_sync_info) {
+                    if (this.ownership_formula) {
+                        // ownership_formula: fetch all fields (including join fields) so
+                        // addDeleteSyncInfo can snapshot them into owner_fields.
+                        preDeleteRows = await this.getJoinedRows({
+                            where,
+                            joinFields: ownershipJoinFields,
+                        });
+                    }
+                    else {
+                        // Simple case: fetch only the pk (and owner field if present).
+                        const selectFields = ownerFieldName
+                            ? [this.pk_name, ownerFieldName]
+                            : [this.pk_name];
+                        preDeleteRows = await db_1.default.select(this.name, where, {
+                            fields: selectFields,
+                        });
+                    }
+                }
+                await db_1.default.deleteWhere(this.name, where);
+                if (this.has_sync_info && preDeleteRows) {
                     const dbTime = await db_1.default.time();
-                    await this.addDeleteSyncInfo(delIds, dbTime);
+                    await this.addDeleteSyncInfo(preDeleteRows, dbTime, ownerFieldName, this.ownership_formula);
                 }
             }
             //if (fields.find((f) => f.primary_key)) await this.resetSequence();
@@ -932,7 +1021,7 @@ class Table {
         if (this.fields) {
             for (const f of this.fields) {
                 if (f.type && (0, common_types_1.instanceOfType)(f.type) && f.type.readFromDB)
-                    row[f.name] = f.type.readFromDB(row[f.name]);
+                    row[f.name] = f.type.readFromDB(row[f.name], f);
             }
         }
         return row;
@@ -972,7 +1061,8 @@ class Table {
     async getRow(where = {}, selopts = {}) {
         const fields = this.fields;
         const { forUser, forPublic, ...selopts1 } = selopts;
-        const role = forUser ? forUser.role_id : forPublic ? 100 : null;
+        const use_forUser = this.constructor.fixed_user || forUser;
+        const role = use_forUser ? use_forUser.role_id : forPublic ? 100 : null;
         this.normalise_fkey_values(where);
         const row = await db_1.default.selectMaybeOne(this.name, where, this.processSelectOptions(selopts1));
         if (!row || !this.fields)
@@ -985,11 +1075,11 @@ class Table {
                 const owner_field = fields.find((f) => f.id === this.ownership_field_id);
                 if (!owner_field)
                     throw new Error(`Owner field in table ${this.name} not found`);
-                if (row[owner_field.name] !== forUser.id)
+                if (row[owner_field.name] !== use_forUser.id)
                     return null;
             }
             else if (this.ownership_formula || this.name === "users") {
-                if (!this.is_owner(forUser, row))
+                if (!this.is_owner(use_forUser, row))
                     return null;
             }
             else
@@ -1027,10 +1117,10 @@ class Table {
         if (!this.fields)
             return [];
         const { forUser, forPublic, ...selopts1 } = selopts;
-        const role = forUser ? forUser.role_id : forPublic ? 100 : null;
+        const use_forUser = this.constructor.fixed_user || forUser;
+        const role = use_forUser ? use_forUser.role_id : forPublic ? 100 : null;
         if (role &&
-            this.updateWhereWithOwnership(where, forUser || { role_id: 100 }, true)
-                ?.notAuthorized) {
+            this.updateWhereWithOwnership(where, use_forUser || { role_id: 100 }, true)?.notAuthorized) {
             return [];
         }
         this.normalise_fkey_values(where);
@@ -1043,7 +1133,8 @@ class Table {
                 //already dealt with by changing where
             }
             else if (this.ownership_formula || this.name === "users") {
-                rows = rows.filter((row) => this.is_owner(forUser, row));
+                if (!selopts?.disable_ownership_postqfilter)
+                    rows = rows.filter((row) => this.is_owner(use_forUser, row));
             }
             else
                 return []; //no ownership
@@ -1093,9 +1184,20 @@ class Table {
      * @param fieldnm
      * @returns {Promise<Object[]>}
      */
-    async distinctValues(fieldnm, whereObj) {
-        if (whereObj) {
-            const { where, values } = (0, internal_1.mkWhere)(whereObj, db_1.default.isSQLite);
+    async distinctValues(fieldnm, whereObj, user) {
+        const useWhere = { ...(whereObj || {}) };
+        if (user &&
+            user.role_id > this.min_role_read &&
+            !(this.ownership_field_id || this.ownership_formula)) {
+            return [];
+        }
+        if (user &&
+            user.role_id > this.min_role_read &&
+            (this.ownership_field_id || this.ownership_formula)) {
+            this.updateWhereWithOwnership(useWhere, user, true);
+        }
+        if (Object.keys(useWhere).length) {
+            const { where, values } = (0, internal_1.mkWhere)(useWhere, db_1.default.isSQLite);
             const res = await db_1.default.query(`select distinct "${db_1.default.sqlsanitize(fieldnm)}" from ${this.sql_name} ${where} order by "${db_1.default.sqlsanitize(fieldnm)}" limit 1000`, values);
             return res.rows.map((r) => r[fieldnm]);
         }
@@ -1155,6 +1257,9 @@ class Table {
      * @returns
      */
     async updateRow(v_in, id_in, user, noTrigger, resultCollector, restore_of_version, syncTimestamp, additionalTriggerValues, autoRecalcIterations, extraArgs) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         // migrating to options arg
         if (typeof noTrigger === "object") {
             const extraOptions = noTrigger;
@@ -1188,7 +1293,7 @@ class Table {
         ]);
         const fields = this.fields;
         const pk_name = this.pk_name;
-        const role = user?.role_id;
+        const role = use_user?.role_id;
         const state = require("../db/state").getState();
         let stringified = false;
         const sqliteJsonCols = !isNode()
@@ -1206,7 +1311,7 @@ class Table {
         }
         if (this.ownership_formula)
             add_free_variables_to_joinfields(freeVariables(this.ownership_formula), joinFields, fields);
-        if (user &&
+        if (use_user &&
             role &&
             (role > this.min_role_write || role > this.min_role_read)) {
             if (role === 100)
@@ -1215,19 +1320,19 @@ class Table {
                 const owner_field = fields.find((f) => f.id === this.ownership_field_id);
                 if (!owner_field)
                     throw new Error(`Owner field in table ${this.name} not found`);
-                if (v[owner_field.name] && v[owner_field.name] != user.id) {
-                    state.log(4, `Not authorized to updateRow in table ${this.name}. ${user.id} does not match owner field in updates`);
+                if (v[owner_field.name] && v[owner_field.name] != use_user.id) {
+                    state.log(4, `Not authorized to updateRow in table ${this.name}. ${use_user.id} does not match owner field in updates`);
                     return "Not authorized";
                 }
                 //need to check existing
                 if (!existing)
                     existing = await this.getJoinedRow({
                         where: { [pk_name]: id },
-                        forUser: user,
+                        forUser: use_user,
                         joinFields,
                     });
-                if (!existing || existing?.[owner_field.name] !== user.id) {
-                    state.log(4, `Not authorized to updateRow in table ${this.name}. ${user.id} does not match owner field in exisiting`);
+                if (!existing || existing?.[owner_field.name] !== use_user.id) {
+                    state.log(4, `Not authorized to updateRow in table ${this.name}. ${use_user.id} does not match owner field in exisiting`);
                     return "Not authorized";
                 }
             }
@@ -1235,11 +1340,11 @@ class Table {
                 if (!existing)
                     existing = await this.getJoinedRow({
                         where: { [pk_name]: id },
-                        forUser: user,
+                        forUser: use_user,
                         joinFields,
                     });
-                if (!existing || !this.is_owner(user, existing)) {
-                    state.log(4, `Not authorized to updateRow in table ${this.name}. User does not match formula: ${JSON.stringify(user)}`);
+                if (!existing || !this.is_owner(use_user, existing)) {
+                    state.log(4, `Not authorized to updateRow in table ${this.name}. User does not match formula: ${JSON.stringify(use_user)}`);
                     return "Not authorized";
                 }
             }
@@ -1252,7 +1357,7 @@ class Table {
             if (!existing)
                 existing = await this.getJoinedRow({
                     where: { [pk_name]: id },
-                    forUser: user,
+                    forUser: use_user,
                     joinFields,
                 });
             const newRow = { ...existing, ...v };
@@ -1260,8 +1365,8 @@ class Table {
             if (constraint_check)
                 return constraint_check;
         }
-        if (user) {
-            let field_write_check = this.check_field_write_role(v, user);
+        if (use_user) {
+            let field_write_check = this.check_field_write_role(v, use_user);
             if (field_write_check)
                 return field_write_check;
         }
@@ -1270,11 +1375,11 @@ class Table {
             if (!existing)
                 existing = await this.getJoinedRow({
                     where: { [pk_name]: id },
-                    forUser: user,
+                    forUser: use_user,
                     joinFields,
                 });
             const valResCollector = resultCollector || {};
-            await trigger_1.default.runTableTriggers("Validate", this, { ...(additionalTriggerValues || {}), ...existing, ...v }, valResCollector, user, { old_row: existing, updated_fields: v_in, ...(extraArgs || {}) });
+            await trigger_1.default.runTableTriggers("Validate", this, { ...(additionalTriggerValues || {}), ...existing, ...v }, valResCollector, use_user, { old_row: existing, updated_fields: v_in, ...(extraArgs || {}) });
             if ("error" in valResCollector)
                 return valResCollector.error;
             if ("set_fields" in valResCollector)
@@ -1286,7 +1391,7 @@ class Table {
             let need_to_update = Object.keys(v_in).some((k) => freeVarFKFields.has(k));
             existing = await this.getJoinedRow({
                 where: { [pk_name]: id },
-                forUser: user,
+                forUser: use_user,
                 joinFields,
             });
             let updated;
@@ -1300,11 +1405,11 @@ class Table {
                 });
                 updated = await this.getJoinedRow({
                     where: { [pk_name]: id },
-                    forUser: user,
+                    forUser: use_user,
                     joinFields,
                 });
             }
-            let calced = await apply_calculated_fields_stored(need_to_update ? updated || {} : { ...existing, ...v_in }, this.fields, this);
+            let calced = await apply_calculated_fields_stored(need_to_update ? updated || {} : { ...existing, ...v_in }, this.fields, this, use_user);
             for (const f of fields)
                 if (f.calculated && f.stored) {
                     if (typeof f.type !== "string" &&
@@ -1334,7 +1439,7 @@ class Table {
                         pk_name,
                     },
                     _time: new Date(),
-                    _userid: user?.id,
+                    _userid: use_user?.id,
                     _restore_of_version: restore_of_version || null,
                 });
         }
@@ -1343,7 +1448,7 @@ class Table {
             if (triggers.length > 0)
                 existing = await this.getJoinedRow({
                     where: { [pk_name]: id },
-                    forUser: user,
+                    forUser: use_user,
                     joinFields,
                 });
         }
@@ -1364,7 +1469,7 @@ class Table {
         if (!existing && really_changed_field_names.size && keyChanged)
             existing = await this.getJoinedRow({
                 where: { [pk_name]: id },
-                forUser: user,
+                forUser: use_user,
                 joinFields,
             });
         await db_1.default.update(this.name, v, id, {
@@ -1387,10 +1492,12 @@ class Table {
                 await this.auto_update_calc_aggregations(existing, !existing, (autoRecalcIterations || 0) + 1, really_changed_field_names, keyChanged);
         }
         if (!noTrigger) {
-            await trigger_1.default.runTableTriggers("Update", this, { ...(additionalTriggerValues || {}), ...newRow }, resultCollector, role === 100 ? undefined : user, { old_row: existing, updated_fields: v_in, ...(extraArgs || {}) });
+            await trigger_1.default.runTableTriggers("Update", this, { ...(additionalTriggerValues || {}), ...newRow }, resultCollector, role === 100 ? undefined : use_user, { old_row: existing, updated_fields: v_in, ...(extraArgs || {}) });
         }
     }
     static async analyze_all_indexed_tables() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const tables = await Table.find({}, { cached: true });
         const schemaPrefix = db_1.default.getTenantSchemaPrefix();
         for (const table of tables)
@@ -1398,6 +1505,8 @@ class Table {
                 await db_1.default.query(`analyze ${schemaPrefix}"${(0, internal_1.sqlsanitize)(table.name)}";`);
     }
     async insert_history_row(v0, retry = 0) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         // sometimes there is a race condition in history inserts
         // https://dba.stackexchange.com/questions/212580/concurrent-transactions-result-in-race-condition-with-unique-constraint-on-inser
         // solution: retry 3 times, if fails run with on conflict do nothing
@@ -1442,7 +1551,8 @@ class Table {
   SELECT MAX(last_modified) "last_modified", ref
   FROM ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info"
   GROUP BY ref HAVING ref = ($1)`;
-            const result = await db_1.default.query(sql, db_1.default.isSQLite ? ids : [ids]);
+            const strIds = ids.map((id) => String(id));
+            const result = await db_1.default.query(sql, db_1.default.isSQLite ? strIds : [strIds]);
             return result.rows;
         }, (e) => {
             require("../db/state")
@@ -1452,6 +1562,8 @@ class Table {
         });
     }
     async insertSyncInfo(id, updates, syncTimestamp) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         await db_1.default.tryCatchInTransaction(async () => {
             const schema = db_1.default.getTenantSchemaPrefix();
             if (isNode()) {
@@ -1462,15 +1574,15 @@ class Table {
                 }
                 await db_1.default.query(`insert into ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info" (ref, last_modified, updated_fields)
             values(
-              $1,
+              $1::text,
               date_trunc('milliseconds', to_timestamp($2)),
               $3::jsonb
             )`, [id, timestamp.valueOf() / 1000.0, JSON.stringify(fieldTimestamps)]);
             }
             else {
                 await db_1.default.query(`insert into "${db_1.default.sqlsanitize(this.name)}_sync_info"
-         (ref, modified_local, deleted)
-         values('${id}', true, false)`);
+         (ref, modified_local, deleted)
+         values(CAST($1 AS TEXT), true, false)`, [id]);
             }
         }, (e) => {
             require("../db/state")
@@ -1479,6 +1591,8 @@ class Table {
         });
     }
     async updateSyncInfo(id, v, oldLastModified, syncTimestamp) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         await db_1.default.tryCatchInTransaction(async () => {
             const schema = db_1.default.getTenantSchemaPrefix();
             if (!db_1.default.isSQLite) {
@@ -1489,13 +1603,13 @@ class Table {
                 for (const k of Object.keys(v).filter((key) => key !== this.pk_name)) {
                     fieldTimestamps[k] = timestamp;
                 }
-                await db_1.default.query(`update ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info"
-            set
+                await db_1.default.query(`update ${schema}"${db_1.default.sqlsanitize(this.name)}_sync_info"
+            set
               last_modified=date_trunc('milliseconds', to_timestamp($1)),
               updated_fields =
                 coalesce(updated_fields, '{}'::jsonb) || $4::jsonb
-            where
-              ref=$2 and last_modified = to_timestamp($3)`, [
+            where
+              ref=$2::text and last_modified = to_timestamp($3)`, [
                     timestamp.valueOf() / 1000.0,
                     id,
                     oldLastModified.valueOf() / 1000.0,
@@ -1503,8 +1617,8 @@ class Table {
                 ]);
             }
             else {
-                await db_1.default.query(`update "${db_1.default.sqlsanitize(this.name)}_sync_info" set modified_local = true
-         where ref = ${id} and last_modified = ${oldLastModified ? oldLastModified.valueOf() : "null"}`);
+                await db_1.default.query(`update "${db_1.default.sqlsanitize(this.name)}_sync_info" set modified_local = true
+         where ref = CAST($1 AS TEXT) and last_modified = $2`, [id, oldLastModified ? oldLastModified.valueOf() : null]);
             }
         }, (e) => {
             require("../db/state")
@@ -1521,8 +1635,11 @@ class Table {
      * @returns {Promise<{error}|{success: boolean}>}
      */
     async tryUpdateRow(v, id, user, resultCollector, extraArgs) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
+        let use_user = this.constructor.fixed_user || user;
         try {
-            const maybe_err = await this.updateRow(v, id, user, {
+            const maybe_err = await this.updateRow(v, id, use_user, {
                 noTrigger: false,
                 resultCollector,
                 extraArgs,
@@ -1543,9 +1660,12 @@ class Table {
      * @returns {Promise<void>}
      */
     async toggleBool(id, field_name, user) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const row = await this.getRow({ [this.pk_name]: id });
         if (row)
-            await this.updateRow({ [field_name]: !row[field_name] }, id, user);
+            await this.updateRow({ [field_name]: !row[field_name] }, id, use_user);
     }
     delete_url(row, moreQuery) {
         const comppk = this.composite_pk_names;
@@ -1608,10 +1728,11 @@ class Table {
      * @param user
      */
     check_field_write_role(row, user) {
+        let use_user = this.constructor.fixed_user || user;
         for (const field of this.fields) {
             if (typeof row[field.name] !== "undefined" &&
                 field.attributes?.min_role_write &&
-                user.role_id > +field.attributes?.min_role_write)
+                use_user.role_id > +field.attributes?.min_role_write)
                 return "Not authorized";
         }
         return undefined;
@@ -1627,6 +1748,15 @@ class Table {
                     v_in[field.name] = v_in[field.name][pk];
             }
     }
+    async run_trigger(trigger_name, row, user, extraArgs) {
+        let use_user = this.constructor.fixed_user || user;
+        const trigger = trigger_1.default.findOne({ name: trigger_name });
+        return await trigger.runWithoutRow({
+            row,
+            user: use_user,
+            ...(extraArgs || {}),
+        });
+    }
     /**
      * Insert row into the table. By passing in the user as
      * the second argument, it will check write rights. If a user object is not
@@ -1651,6 +1781,9 @@ class Table {
      * @returns
      */
     async insertRow(v_in0, user, resultCollector, noTrigger, syncTimestamp) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const v_in = { ...v_in0 };
         const fields = this.fields;
         const pk_name = this.pk_name;
@@ -1667,13 +1800,13 @@ class Table {
             }
             : {};
         this.normalise_fkey_values(v_in);
-        if (user && user.role_id > this.min_role_write) {
+        if (use_user && use_user.role_id > this.min_role_write) {
             if (this.ownership_field_id) {
                 const owner_field = fields.find((f) => f.id === this.ownership_field_id);
                 if (!owner_field)
                     throw new Error(`Owner field in table ${this.name} not found`);
-                if (v_in[owner_field.name] != user.id) {
-                    state.log(4, `Not authorized to insertRow in table ${this.name}. ${user.id} does not match owner field`);
+                if (v_in[owner_field.name] != use_user.id) {
+                    state.log(4, `Not authorized to insertRow in table ${this.name}. ${use_user.id} does not match owner field`);
                     return;
                 }
             }
@@ -1685,27 +1818,53 @@ class Table {
         let constraint_check = this.check_table_constraints(v_in);
         if (constraint_check)
             throw new Error(constraint_check);
-        if (user) {
-            let field_write_check = this.check_field_write_role(v_in, user);
+        if (use_user) {
+            let field_write_check = this.check_field_write_role(v_in, use_user);
             if (field_write_check)
                 return field_write_check;
         }
         //check validate here based on v_in
         const valResCollector = resultCollector || {};
-        await trigger_1.default.runTableTriggers("Validate", this, { ...v_in }, valResCollector, user);
+        await trigger_1.default.runTableTriggers("Validate", this, { ...v_in }, valResCollector, use_user);
         if ("error" in valResCollector)
             return valResCollector; //???
         if ("set_fields" in valResCollector)
             Object.assign(v_in, valResCollector.set_fields);
+        // Apply expression defaults for fields not provided or left null by the caller
+        for (const field of fields) {
+            if (!field.primary_key &&
+                field.attributes?.default_expression &&
+                (!(field.name in v_in) || v_in[field.name] == null)) {
+                try {
+                    const exprFn = get_async_expression_function(field.attributes.default_expression, fields, {});
+                    v_in[field.name] = await exprFn(v_in, use_user);
+                }
+                catch (_e) {
+                    state.log(4, `Error applying default_expression for field ${field.name}: ${_e.message}`);
+                }
+            }
+        }
+        // On mobile (SQLite), PKs with a client-side default (e.g. UUID via the
+        // uuid-type plugin's default_js) must be generated before the insert.
+        if (!isNode() && v_in[pk_name] == null) {
+            const pkField = fields?.find((f) => f.primary_key && !f.is_fkey);
+            const defaultJs = pkField?.type?.primaryKey?.default_js;
+            if (typeof defaultJs === "function") {
+                v_in[pk_name] = defaultJs();
+            }
+        }
         if (Object.keys(joinFields).length > 0 ||
             fields.some((f) => f.expression === "__aggregation")) {
             state.log(6, `Inserting ${this.name} because join fields: ${JSON.stringify(v_in)}`);
             this.prepare_row_for_writing(v_in);
             id = await db_1.default.insert(this.name, v_in, { pk_name, ...sqliteJsonCols });
+            // db.insert returns SQLite rowid, not the PK for non-integer PK types
+            if (!isNode() && v_in[pk_name] != null)
+                id = v_in[pk_name];
             let existing = await this.getJoinedRows({
                 where: { [pk_name]: id },
                 joinFields,
-                forUser: user,
+                forUser: use_user,
             });
             if (!existing?.[0]) {
                 //failed ownership test
@@ -1714,7 +1873,7 @@ class Table {
                 state.log(4, `Not authorized to insertRow in table ${this.name}. Inserted row not retrieved.`);
                 return;
             }
-            let calced = await apply_calculated_fields_stored(existing[0], fields, this);
+            let calced = await apply_calculated_fields_stored(existing[0], fields, this, use_user);
             v = { ...v_in };
             for (const f of fields)
                 if (f.calculated && f.stored)
@@ -1723,23 +1882,28 @@ class Table {
             await db_1.default.update(this.name, v, id, { pk_name, ...sqliteJsonCols });
         }
         else {
-            v = await apply_calculated_fields_stored(v_in, fields, this);
+            v = await apply_calculated_fields_stored(v_in, fields, this, use_user);
             this.prepare_row_for_writing(v);
             state.log(6, `Inserting ${this.name} row: ${JSON.stringify(v)}`);
             id = await db_1.default.insert(this.name, v, {
                 pk_name,
                 ...sqliteJsonCols,
             });
+            // db.insert returns SQLite rowid, not the PK for non-integer PK types
+            if (!isNode() && v[pk_name] != null)
+                id = v[pk_name];
         }
-        if (user && user.role_id > this.min_role_write && this.ownership_formula) {
+        if (use_user &&
+            use_user.role_id > this.min_role_write &&
+            this.ownership_formula) {
             let existing = await this.getJoinedRow({
                 where: { [pk_name]: id },
                 joinFields,
-                forUser: user,
+                forUser: use_user,
             });
-            if (!existing || !this.is_owner(user, existing)) {
+            if (!existing || !this.is_owner(use_user, existing)) {
                 await this.deleteRows({ [pk_name]: id });
-                state.log(4, `Not authorized to insertRow in table ${this.name}. User does not match formula: ${JSON.stringify(user)}`);
+                state.log(4, `Not authorized to insertRow in table ${this.name}. User does not match formula: ${JSON.stringify(use_user)}`);
                 return;
             }
         }
@@ -1751,7 +1915,7 @@ class Table {
                     next_version_by_id: id,
                     pk_name,
                 },
-                _userid: user?.id,
+                _userid: use_user?.id,
                 _time: new Date(),
             });
         if (this.has_sync_info) {
@@ -1759,15 +1923,15 @@ class Table {
                 if (isNode()) {
                     // sync_info for insert
                     const schemaPrefix = db_1.default.getTenantSchemaPrefix();
+                    const tsParam = (syncTimestamp ? syncTimestamp : await db_1.default.time()).valueOf() /
+                        1000.0;
                     await db_1.default.query(`insert into ${schemaPrefix}"${db_1.default.sqlsanitize(this.name)}_sync_info"
-              (ref, last_modified) values(
-              ${id}, date_trunc('milliseconds', to_timestamp(${(syncTimestamp ? syncTimestamp : await db_1.default.time()).valueOf() /
-                        1000.0})))`);
+              (ref, last_modified) values($1::text, date_trunc('milliseconds', to_timestamp($2)))`, [id, tsParam]);
                 }
                 else {
                     await db_1.default.query(`insert into "${db_1.default.sqlsanitize(this.name)}_sync_info"
            (last_modified, ref, modified_local, deleted)
-           values(NULL, ${id}, true, false)`);
+           values(NULL, CAST($1 AS TEXT), true, false)`, [id]);
                 }
             }, (e) => {
                 state.log(2, `Error inserting sync info for table ${this.name}: ${e.message}`);
@@ -1779,11 +1943,13 @@ class Table {
         await this.auto_update_calc_aggregations(newRow);
         if (!noTrigger) {
             apply_calculated_fields([newRow], this.fields);
-            await trigger_1.default.runTableTriggers("Insert", this, newRow, resultCollector, user);
+            await trigger_1.default.runTableTriggers("Insert", this, newRow, resultCollector, use_user);
         }
         return id;
     }
     async auto_update_calc_aggregations(v0, refetch, iterations = 1, changedFields, keyChanged = false) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const state = require("../db/state").getState();
         const pk_name = this.pk_name;
         state.log(6, `auto_update_calc_aggregations table=${this.name} id=${v0[pk_name]} iters=${iterations}${changedFields ? ` changedFields=${[...(changedFields || [])]}` : ""}`);
@@ -1915,8 +2081,11 @@ class Table {
      * @returns {Promise<{error}|{success: *}>}
      */
     async tryInsertRow(v, user, resultCollector) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         try {
-            const id = await this.insertRow(v, user, resultCollector);
+            const id = await this.insertRow(v, use_user, resultCollector);
             if (!id)
                 return { error: "Not authorized" };
             if (id?.includes?.("Not authorized"))
@@ -2064,6 +2233,8 @@ class Table {
           );`);
     }
     async create_sync_info_table() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         await db_1.default.tryCatchInTransaction(async () => {
             const schemaPrefix = db_1.default.getTenantSchemaPrefix();
             const fields = this.fields;
@@ -2072,10 +2243,12 @@ class Table {
                 throw new Error("Unable to find a field with a primary key.");
             }
             await db_1.default.query(`create table ${schemaPrefix}"${(0, internal_1.sqlsanitize)(this.name)}_sync_info" (
-            ref integer,
+            ref text not null,
             last_modified timestamp,
             deleted boolean default false,
-            updated_fields jsonb)`);
+            updated_fields jsonb,
+            owner_id integer,
+            owner_fields jsonb)`);
             await db_1.default.query(`create index "${(0, internal_1.sqlsanitize)(this.name)}_sync_info_ref_index" on ${schemaPrefix}"${(0, internal_1.sqlsanitize)(this.name)}_sync_info"(ref)`);
             await db_1.default.query(`create index "${(0, internal_1.sqlsanitize)(this.name)}_sync_info_lm_index" on ${schemaPrefix}"${(0, internal_1.sqlsanitize)(this.name)}_sync_info"(last_modified)`);
             await db_1.default.query(`create index "${(0, internal_1.sqlsanitize)(this.name)}_sync_info_deleted_index" on ${schemaPrefix}"${(0, internal_1.sqlsanitize)(this.name)}_sync_info"(deleted)`);
@@ -2086,6 +2259,8 @@ class Table {
         });
     }
     async drop_sync_table() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         await db_1.default.tryCatchInTransaction(async () => {
             const schemaPrefix = db_1.default.getTenantSchemaPrefix();
             await db_1.default.query(`
@@ -2103,6 +2278,9 @@ class Table {
      * @param user
      */
     async restore_row_version(id, version, user) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const row = await db_1.default.selectOne(`${db_1.default.sqlsanitize(this.name)}__history`, {
             [this.pk_name]: id,
             _version: version,
@@ -2113,7 +2291,7 @@ class Table {
                 r[f.name] = row[f.name];
         });
         //console.log("restore_row_version", r);
-        await this.updateRow(r, id, user, false, undefined, version);
+        await this.updateRow(r, id, use_user, false, undefined, version);
     }
     /**
      * Undo row chnages
@@ -2121,6 +2299,9 @@ class Table {
      * @param user
      */
     async undo_row_changes(id, user) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const current_version_row = await db_1.default.selectMaybeOne(`${(0, internal_1.sqlsanitize)(this.name)}__history`, { [this.pk_name]: id }, { orderBy: "_version", orderDesc: true, limit: 1 });
         //get max that is not a restore
         const last_non_restore = await db_1.default.selectMaybeOne(`${(0, internal_1.sqlsanitize)(this.name)}__history`, {
@@ -2132,7 +2313,7 @@ class Table {
             },
         }, { orderBy: "_version", orderDesc: true, limit: 1 });
         if (last_non_restore) {
-            await this.restore_row_version(id, last_non_restore._version, user);
+            await this.restore_row_version(id, last_non_restore._version, use_user);
         }
     }
     /**
@@ -2141,6 +2322,9 @@ class Table {
      * @param user
      */
     async redo_row_changes(id, user) {
+        let use_user = this.constructor.fixed_user || user;
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const current_version_row = await db_1.default.selectMaybeOne(`${(0, internal_1.sqlsanitize)(this.name)}__history`, { [this.pk_name]: id }, { orderBy: "_version", orderDesc: true, limit: 1 });
         if (current_version_row._restore_of_version) {
             const next_version = await db_1.default.selectMaybeOne(`${(0, internal_1.sqlsanitize)(this.name)}__history`, {
@@ -2150,7 +2334,7 @@ class Table {
                 },
             }, { orderBy: "_version", limit: 1 });
             if (next_version) {
-                await this.restore_row_version(id, next_version._version, user);
+                await this.restore_row_version(id, next_version._version, use_user);
             }
         }
     }
@@ -2159,6 +2343,8 @@ class Table {
      * with options object, or just minimal interval for legacy code
      */
     async compress_history(options) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const interval_secs = typeof options === "number" ? options : options?.interval_secs;
         const schemaPrefix = db_1.default.getTenantSchemaPrefix();
         const pk = this.pk_name;
@@ -2205,6 +2391,8 @@ class Table {
      */
     async drop_history_table() {
         const schemaPrefix = db_1.default.getTenantSchemaPrefix();
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         await db_1.default.query(`
       drop table ${schemaPrefix}"${(0, internal_1.sqlsanitize)(this.name)}__history";`);
     }
@@ -2214,6 +2402,8 @@ class Table {
      * @returns {Promise<void>}
      */
     async rename(new_name) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         //in transaction
         if (db_1.default.isSQLite)
             throw new InvalidAdminAction("Cannot rename table on SQLite");
@@ -2238,6 +2428,8 @@ class Table {
      * @returns {Promise<void>}
      */
     async update(new_table_rec) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         if (new_table_rec.ownership_field_id === "")
             delete new_table_rec.ownership_field_id;
         const existing = Table.findOne({ id: this.id });
@@ -2245,6 +2437,7 @@ class Table {
             throw new Error(`Unable to find table with id: ${this.id}`);
         }
         const { external, fields, constraints, ...upd_rec } = new_table_rec;
+        upd_rec.updated_at = new Date();
         await db_1.default.update("_sc_tables", upd_rec, this.id);
         //limited refresh if we do not have a client
         if (!db_1.default.getRequestContext()?.client)
@@ -2290,6 +2483,8 @@ class Table {
      * @returns {Promise<void>}
      */
     async enable_fkey_constraints() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const fields = this.fields;
         for (const f of fields)
             await f.enable_fkey_constraint(this);
@@ -2301,6 +2496,8 @@ class Table {
      * @returns {Promise<{error: string}|{error: string}|{error: string}|{error: string}|{error: string}|{success: string}|{error: (string|string|*)}>}
      */
     static async create_from_csv(name, filePath) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         let rows;
         const state = await require("../db/state").getState();
         try {
@@ -2472,6 +2669,9 @@ class Table {
      * @returns {Promise<{error: string}|{success: string}>}
      */
     async import_csv_file(filePath, options) {
+        //todo user check
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         if (typeof options === "boolean") {
             options = { recalc_stored: options };
         }
@@ -2556,6 +2756,10 @@ class Table {
         // start sql transaction
         if (!options?.no_transaction)
             await client.query("BEGIN");
+        if (db_1.default.isSQLite)
+            await client.query("PRAGMA defer_foreign_keys = ON");
+        else
+            await client.query("SET CONSTRAINTS ALL DEFERRED");
         const readStream = (0, fs_1.createReadStream)(filePath);
         const returnedRows = [];
         try {
@@ -2801,6 +3005,8 @@ ${rejectDetails}`,
         return v1;
     }
     async import_json_history_file(filePath) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         return await (0, async_json_stream_1.default)(filePath, async (row) => {
             await this.insert_history_row(row);
         });
@@ -2812,6 +3018,8 @@ ${rejectDetails}`,
      * @returns {Promise<{error: string}|{success: string}>}
      */
     async import_json_file(filePath, skip_first_data_row) {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const fields = this.fields;
         const pk_name = this.pk_name;
         const { readState } = require("../plugin-helper");
@@ -3087,10 +3295,10 @@ ${rejectDetails}`,
     async aggregationQuery(aggregations, options) {
         const { forUser, forPublic } = options || {};
         const role = forUser ? forUser.role_id : forPublic ? 100 : null;
+        const use_forUser = this.constructor.fixed_user || forUser;
         const where = { ...(options?.where || {}) };
         if (role &&
-            this.updateWhereWithOwnership(where, forUser || { role_id: 100 }, true)
-                ?.notAuthorized) {
+            this.updateWhereWithOwnership(where, use_forUser || { role_id: 100 }, true)?.notAuthorized) {
             const emptyRet = {};
             Object.entries(aggregations).forEach(([nm, aggObj]) => {
                 const agg = aggObj?.aggregate?.toLowerCase?.() || "count";
@@ -3114,9 +3322,10 @@ ${rejectDetails}`,
         return res.rows[0];
     }
     ownership_formula_where(user) {
+        let use_user = this.constructor.fixed_user || user;
         if (!this.ownership_formula)
             return {};
-        const wh = jsexprToWhere(this.ownership_formula, { user }, this.fields);
+        const wh = jsexprToWhere(this.ownership_formula, { user: use_user }, this.fields);
         if (wh.eq && Array.isArray(wh.eq)) {
             let arr = wh.eq;
             for (let index = 0; index < arr.length; index++) {
@@ -3152,7 +3361,8 @@ ${rejectDetails}`,
             ? `"${opts.schema}".`
             : db_1.default.getTenantSchemaPrefix();
         const { forUser, forPublic } = opts;
-        const role = forUser ? forUser.role_id : forPublic ? 100 : null;
+        const use_forUser = this.constructor.fixed_user || forUser;
+        const role = use_forUser ? use_forUser.role_id : forPublic ? 100 : null;
         if (role && role > this.min_role_read && this.ownership_formula) {
             const freeVars = freeVariables(this.ownership_formula);
             add_free_variables_to_joinfields(freeVars, joinFields, fields);
@@ -3166,17 +3376,17 @@ ${rejectDetails}`,
             if (!owner_field)
                 throw new Error(`Owner field in table ${this.name} not found`);
             mergeIntoWhere(opts.where, {
-                [owner_field.name]: forUser.id,
+                [owner_field.name]: use_forUser.id,
             });
         }
-        else if (forUser &&
+        else if (use_forUser &&
             role &&
             role > this.min_role_read &&
             this.ownership_formula) {
             if (forPublic || role === 100)
                 return { notAuthorized: true }; //TODO may not be true
             try {
-                mergeIntoWhere(opts.where, this.ownership_formula_where(forUser));
+                mergeIntoWhere(opts.where, this.ownership_formula_where(use_forUser));
             }
             catch (e) {
                 //ignore, ownership formula is too difficult to merge with where
@@ -3353,7 +3563,8 @@ ${rejectDetails}`,
     async getJoinedRows(opts = {}) {
         const fields = this.fields;
         const { forUser, forPublic, ...selopts1 } = opts;
-        const role = forUser ? forUser.role_id : forPublic ? 100 : null;
+        const use_forUser = this.constructor.fixed_user || forUser;
+        const role = use_forUser ? use_forUser.role_id : forPublic ? 100 : null;
         const { sql, values, notAuthorized, joinFields, aggregations } = await this.getJoinedQuery(opts);
         if (notAuthorized)
             return [];
@@ -3394,7 +3605,7 @@ ${rejectDetails}`,
                 //already dealt with by changing where
             }
             else if (this.ownership_formula || this.name === "users") {
-                calcRow = calcRow.filter((row) => this.is_owner(forUser, row));
+                calcRow = calcRow.filter((row) => this.is_owner(use_forUser, row));
             }
             else
                 return []; //no ownership
@@ -3466,6 +3677,8 @@ ${rejectDetails}`,
         return (0, table_helper_1.get_formula_examples)(typename, this.fields.filter((f) => !f.calculated));
     }
     async repairCompositePrimary() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const primaryKeys = this.fields.filter((f) => f.primary_key);
         const nonSerialPKS = primaryKeys.some((f) => f.attributes?.NonSerial);
         const schemaPrefix = db_1.default.getTenantSchemaPrefix();
@@ -3507,6 +3720,8 @@ where table_schema = '${db_1.default.getTenantSchema() || "public"}'
             await Table.state_refresh(true);
     }
     async move_include_fts_to_search_context() {
+        if (this.constructor.read_only)
+            throw new Error("Read-only access");
         const include_fts_fields = this.fields.filter((f) => f.attributes?.include_fts);
         if (!include_fts_fields.length)
             return;
@@ -3543,6 +3758,8 @@ where table_schema = '${db_1.default.getTenantSchema() || "public"}'
             }
     }
 }
+Table.fixed_user = undefined;
+Table.read_only = false;
 async function dump_table_to_json_file(filePath, tableName) {
     const writeStream = (0, fs_1.createWriteStream)(filePath);
     const client = db_1.default.isSQLite ? db_1.default : await db_1.default.getClient();