@saltcorn/server 0.6.3-beta.2 → 0.6.4-beta.2

package/routes/admin.js

@@ -5,14 +5,19 @@
  */
 const Router = require("express-promise-router");
 
-const { isAdmin, error_catcher, getGitRevision } = require("./utils.js");
+const {
+  isAdmin,
+  error_catcher,
+  getGitRevision,
+  setTenant,
+} = require("./utils.js");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
 const File = require("@saltcorn/data/models/file");
 const { spawn } = require("child_process");
 const User = require("@saltcorn/data/models/user");
 const path = require("path");
-const { getAllTenants } = require("@saltcorn/data/models/tenant");
+const { getAllTenants } = require("@saltcorn/admin-models/models/tenant");
 const { post_btn, renderForm } = require("@saltcorn/markup");
 const {
   div,
@@ -41,7 +46,7 @@ const {
   get_process_init_time,
 } = require("@saltcorn/data/db/state");
 const { loadAllPlugins } = require("../load_plugins");
-const { create_backup, restore } = require("@saltcorn/data/models/backup");
+const { create_backup, restore } = require("@saltcorn/admin-models/models/backup");
 const fs = require("fs");
 const load_plugins = require("../load_plugins");
 const {
@@ -518,6 +523,7 @@ router.post(
  */
 router.post(
   "/restore",
+  setTenant, // TODO why is this needed?????
   isAdmin,
   error_catcher(async (req, res) => {
     const newPath = File.get_new_path();
@@ -769,6 +775,7 @@ router.post(
       for (const file of files) {
         await file.delete();
       }
+      if (db.reset_sequence) await db.reset_sequence("_sc_files");
     }
     if (form.values.plugins) {
       const ps = await Plugin.find();

package/routes/api.js

@@ -28,6 +28,7 @@ const passport = require("passport");
 const {
   stateFieldsToWhere,
   readState,
+  strictParseInt,
 } = require("@saltcorn/data/plugin-helper");
 
 /**
@@ -65,11 +66,12 @@ const limitFields = (fields) => (r) => {
  * @returns {boolean}
  */
 function accessAllowedRead(req, user, table) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= table.min_role_read;
 }
@@ -82,11 +84,12 @@ function accessAllowedRead(req, user, table) {
  * @returns {boolean}
  */
 function accessAllowedWrite(req, user, table) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= table.min_role_write;
 }
@@ -98,11 +101,12 @@ function accessAllowedWrite(req, user, table) {
  * @returns {boolean}
  */
 function accessAllowed(req, user, trigger) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= trigger.min_role;
 }
@@ -118,9 +122,13 @@ router.get(
   "/:tableName/",
   //passport.authenticate("api-bearer", { session: false }),
   error_catcher(async (req, res, next) => {
-    const { tableName } = req.params;
-    const { fields, versioncount, ...req_query } = req.query;
-    const table = await Table.findOne({ name: tableName });
+    let { tableName } = req.params;
+    const { fields, versioncount, approximate, ...req_query } = req.query;
+    const table = await Table.findOne(
+      strictParseInt(tableName)
+        ? { id: strictParseInt(tableName) }
+        : { name: tableName }
+    );
     if (!table) {
       res.status(404).json({ error: req.__("Not found") });
       return;
@@ -149,8 +157,8 @@ router.get(
             const tbl_fields = await table.getFields();
             const qstate = await stateFieldsToWhere({
               fields: tbl_fields,
-              approximate: false,
-              state: req.query,
+              approximate: !!approximate,
+              state: req_query,
             });
             rows = await table.getRows(qstate);
           } else {

package/routes/delete.js

@@ -33,7 +33,7 @@ router.post(
     const { name, id } = req.params;
     const { redirect } = req.query;
     const table = await Table.findOne({ name });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     try {
       if (role <= table.min_role_write) await table.deleteRows({ id });
       else if (table.ownership_field_id && req.user) {

package/routes/edit.js

@@ -37,7 +37,7 @@ router.post(
     const { name, id, field_name } = req.params;
     const { redirect } = req.query;
     const table = await Table.findOne({ name });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (role <= table.min_role_write) await table.toggleBool(+id, field_name);
     else
       req.flash(

package/routes/fields.js

@@ -26,6 +26,8 @@ const { isAdmin, error_catcher } = require("./utils.js");
 const expressionBlurb = require("../markup/expression_blurb");
 const { readState } = require("@saltcorn/data/plugin-helper");
 const { wizardCardTitle } = require("../markup/forms.js");
+const FieldRepeat = require("@saltcorn/data/models/fieldrepeat");
+const { applyAsync } = require("@saltcorn/data/utils");
 
 /**
  * @type {object}
@@ -161,8 +163,9 @@ const translateAttributes = (attrs, req) =>
  * @returns {object}
  */
 const translateAttribute = (attr, req) => {
-  const res = { ...attr };
+  let res = { ...attr };
   if (res.sublabel) res.sublabel = req.__(res.sublabel);
+  if (res.isRepeat) res = new FieldRepeat(res);
   return res;
 };
 
@@ -622,10 +625,38 @@ router.post(
     const { tableName, fieldName, fieldview } = req.params;
     const table = await Table.findOne({ name: tableName });
     const fields = await table.getFields();
-    const field = fields.find((f) => f.name === fieldName);
-    const formula = field.expression;
     const row = { ...req.body };
     readState(row, fields);
+
+    if (fieldName.includes(".")) {
+      //join field
+      const kpath = fieldName.split(".");
+
+      if (kpath.length === 2 && row[kpath[0]]) {
+        const field = fields.find((f) => f.name === kpath[0]);
+        const reftable = await Table.findOne({ name: field.reftable_name });
+        const targetField = (await reftable.getFields()).find(
+          (f) => f.name === kpath[1]
+        );
+        const fv = targetField.type.fieldviews[fieldview];
+        const q = { [reftable.pk_name]: row[kpath[0]] };
+        const refRow = await reftable.getRow(q);
+        const configuration = req.query;
+        let configFields = [];
+        if (fv.configFields)
+          configFields = await applyAsync(fv.configFields, targetField);
+        readState(configuration, configFields);
+        res.send(fv.run(refRow[kpath[1]], req, configuration));
+        return;
+      }
+      res.send("");
+      return;
+    }
+
+    const field = fields.find((f) => f.name === fieldName);
+
+    const formula = field.expression;
+
     let result;
     try {
       if (field.stored) {
@@ -660,7 +691,15 @@ router.post(
     if (fieldName.includes(".")) {
       const [refNm, targetNm] = fieldName.split(".");
       const ref = fields.find((f) => f.name === refNm);
+      if (!ref) {
+        res.send("");
+        return;
+      }
       const reftable = await Table.findOne({ name: ref.reftable_name });
+      if (!reftable) {
+        res.send("");
+        return;
+      }
       const reffields = await reftable.getFields();
       field = reffields.find((f) => f.name === targetNm);
       row = await reftable.getRow({});

package/routes/files.js

@@ -17,7 +17,7 @@ const {
   post_btn,
   post_delete_btn,
 } = require("@saltcorn/markup");
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, setTenant } = require("./utils.js");
 const {
   span,
   h5,
@@ -136,7 +136,7 @@ router.get(
 router.get(
   "/download/:id",
   error_catcher(async (req, res) => {
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const user_id = req.user && req.user.id;
     const { id } = req.params;
     const file = await File.findOne({ id });
@@ -160,7 +160,7 @@ router.get(
 router.get(
   "/serve/:id",
   error_catcher(async (req, res) => {
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const user_id = req.user && req.user.id;
     const { id } = req.params;
     let file;
@@ -240,10 +240,11 @@ router.post(
  */
 router.post(
   "/upload",
+  setTenant, // TODO why is this needed?????
   error_catcher(async (req, res) => {
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (role > +min_role_upload) {
       if (!req.xhr) req.flash("warning", req.__("Not authorized"));
       else jsonResp = { error: "Not authorized" };

package/routes/homepage.js

@@ -13,7 +13,7 @@ const Page = require("@saltcorn/data/models/page");
 const { link, renderForm, mkTable, post_btn } = require("@saltcorn/markup");
 const { ul, li, div, small, a, h5, p, i } = require("@saltcorn/markup/tags");
 const Table = require("@saltcorn/data/models/table");
-const { fetch_available_packs } = require("@saltcorn/data/models/pack");
+const { fetch_available_packs } = require("@saltcorn/admin-models/models/pack");
 const { restore_backup } = require("../markup/admin");
 const { get_latest_npm_version } = require("@saltcorn/data/models/config");
 const packagejson = require("../package.json");
@@ -398,7 +398,7 @@ const welcome_page = async (req) => {
  * @returns {Promise<void>}
  */
 const no_views_logged_in = async (req, res) => {
-  const role = req.isAuthenticated() ? req.user.role_id : 10;
+  const role = req.user && req.user.id ? req.user.role_id : 10;
   if (role > 1 || req.user.tenant !== db.getTenantSchema())
     res.sendWrap(req.__("Hello"), req.__("Welcome to Saltcorn!"));
   else {
@@ -463,7 +463,7 @@ module.exports =
    * @returns {Promise<void>}
    */
   async (req, res) => {
-    const isAuth = req.isAuthenticated();
+    const isAuth = req.user && req.user.id;
     const role_id = req.user ? req.user.role_id : 10;
     const cfgResp = await get_config_response(role_id, res, req);
     if (cfgResp) return;

package/routes/list.js

@@ -155,6 +155,10 @@ const typeToJsGridType = (t, field) => {
     jsgField.editing = false;
     jsgField.inserting = false;
   }
+  if (field.primary_key) {
+    jsgField.inserting = false;
+    jsgField.editing = false;
+  }
   return jsgField;
 };
 

package/routes/packs.js

@@ -30,7 +30,7 @@ const {
   fetch_pack_by_name,
   can_install_pack,
   uninstall_pack,
-} = require("@saltcorn/data/models/pack");
+} = require("@saltcorn/admin-models/models/pack");
 const { h5, pre, code, p, text, text_attr } = require("@saltcorn/markup/tags");
 const Library = require("@saltcorn/data/models/library");
 const Trigger = require("@saltcorn/data/models/trigger");

package/routes/page.js

@@ -37,7 +37,7 @@ router.get(
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
 
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       const contents = await db_page.run(req.query, { res, req });
@@ -73,7 +73,7 @@ router.post(
   "/:pagename/action/:rndid",
   error_catcher(async (req, res) => {
     const { pagename, rndid } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       let col;

package/routes/pageedit.js

@@ -17,7 +17,7 @@ const Form = require("@saltcorn/data/models/form");
 const File = require("@saltcorn/data/models/file");
 const Trigger = require("@saltcorn/data/models/trigger");
 const { getViews, traverseSync } = require("@saltcorn/data/models/layout");
-const { add_to_menu } = require("@saltcorn/data/models/pack");
+const { add_to_menu } = require("@saltcorn/admin-models/models/pack");
 const db = require("@saltcorn/data/db");
 
 const { isAdmin, error_catcher } = require("./utils.js");
@@ -157,9 +157,12 @@ const pageBuilderData = async (req, context) => {
   const images = await File.find({ mime_super: "image" });
   const roles = await User.get_roles();
   const stateActions = getState().actions;
-  const actions = Object.entries(stateActions)
-    .filter(([k, v]) => !v.requireRow && !v.disableInBuilder)
-    .map(([k, v]) => k);
+  const actions = [
+    "GoBack",
+    ...Object.entries(stateActions)
+      .filter(([k, v]) => !v.requireRow && !v.disableInBuilder)
+      .map(([k, v]) => k),
+  ];
   const triggers = await Trigger.find({
     when_trigger: { or: ["API call", "Never"] },
   });

package/routes/plugins.js

@@ -18,7 +18,7 @@ const { getState } = require("@saltcorn/data/db/state");
 const Form = require("@saltcorn/data/models/form");
 const Field = require("@saltcorn/data/models/field");
 const Plugin = require("@saltcorn/data/models/plugin");
-const { fetch_available_packs } = require("@saltcorn/data/models/pack");
+const { fetch_available_packs } = require("@saltcorn/admin-models/models/pack");
 const { getConfig, setConfig } = require("@saltcorn/data/models/config");
 const db = require("@saltcorn/data/db");
 const {

package/routes/scapi.js

@@ -16,7 +16,7 @@ const Page = require("@saltcorn/data/models/page");
 const File = require("@saltcorn/data/models/file");
 const Trigger = require("@saltcorn/data/models/trigger");
 const Role = require("@saltcorn/data/models/role");
-const Tenant = require("@saltcorn/data/models/tenant");
+const Tenant = require("@saltcorn/admin-models/models/tenant");
 const Plugin = require("@saltcorn/data/models/plugin");
 const Config = require("@saltcorn/data/models/config");
 const passport = require("passport");
@@ -44,11 +44,12 @@ module.exports = router;
  * @returns {boolean}
  */
 function accessAllowedRead(req, user) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   if (role === 1) return true;
   return false;

package/routes/tables.js

@@ -22,7 +22,7 @@ const {
   post_dropdown_item,
 } = require("@saltcorn/markup");
 const { recalculate_for_stored } = require("@saltcorn/data/models/expression");
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, setTenant } = require("./utils.js");
 const Form = require("@saltcorn/data/models/form");
 const {
   span,
@@ -352,6 +352,7 @@ router.get(
  */
 router.post(
   "/create-from-csv",
+  setTenant, // TODO why is this needed?????
   isAdmin,
   error_catcher(async (req, res) => {
     if (req.body.name && req.files && req.files.file) {
@@ -1367,6 +1368,7 @@ router.post(
  */
 router.post(
   "/upload_to_table/:name",
+  setTenant, // TODO why is this needed?????
   isAdmin,
   error_catcher(async (req, res) => {
     const { name } = req.params;

package/routes/tenant.js

@@ -6,12 +6,15 @@
 
 const Router = require("express-promise-router");
 const Form = require("@saltcorn/data/models/form");
-const { getState, create_tenant } = require("@saltcorn/data/db/state");
+const { getState, add_tenant } = require("@saltcorn/data/db/state");
+const { create_tenant } = require("@saltcorn/admin-models/models/tenant");
 const {
   getAllTenants,
   domain_sanitize,
   deleteTenant,
-} = require("@saltcorn/data/models/tenant");
+  switchToTenant,
+  insertTenant,
+} = require("@saltcorn/admin-models/models/tenant");
 const {
   renderForm,
   link,
@@ -45,6 +48,10 @@ const {
   save_config_from_form,
 } = require("../markup/admin.js");
 const { getConfig } = require("@saltcorn/data/models/config");
+const {
+  create_backup,
+  restore,
+} = require("@saltcorn/admin-models/models/backup");
 
 /**
  * @type {object}
@@ -249,13 +256,16 @@ router.post(
         );
       } else {
         const newurl = getNewURL(req, subdomain);
-        await create_tenant(
-          subdomain,
-          loadAllPlugins,
-          newurl,
-          false,
-          loadAndSaveNewPlugin
-        );
+        const tenant_template = getState().getConfig("tenant_template");
+        await switchToTenant(await insertTenant(subdomain), newurl);
+        add_tenant(subdomain);
+        await create_tenant({
+          t: subdomain,
+          plugin_loader: loadAllPlugins,
+          noSignalOrDB: false,
+          loadAndSaveNewPlugin: loadAndSaveNewPlugin,
+          tenant_template,
+        });
         let new_url_create = newurl;
         const hasTemplate = getState().getConfig("tenant_template");
         if (hasTemplate) {

package/routes/utils.js

@@ -49,7 +49,13 @@ function isAdmin(req, res, next) {
     next();
   } else {
     req.flash("danger", req.__("Must be admin"));
-    res.redirect(req.user ? "/" : "/auth/login");
+    res.redirect(
+      req.user && req.user.pending_user
+        ? "/auth/twofa/login/totp"
+        : req.user
+        ? "/"
+        : "/auth/login"
+    );
   }
 }
 

package/routes/view.js

@@ -16,6 +16,7 @@ const {
   isAdmin,
   error_catcher,
   scan_for_page_title,
+  setTenant,
 } = require("../routes/utils.js");
 const { add_edit_bar } = require("../markup/admin.js");
 const { InvalidConfiguration } = require("@saltcorn/data/utils");
@@ -42,8 +43,7 @@ router.get(
     const { viewname } = req.params;
     const query = { ...req.query };
     const view = await View.findOne({ name: viewname });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
-
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (!view) {
       req.flash("danger", req.__(`No such view: %s`, text(viewname)));
       res.redirect("/");
@@ -122,7 +122,7 @@ router.post(
   "/:viewname/:route",
   error_catcher(async (req, res) => {
     const { viewname, route } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
 
     const view = await View.findOne({ name: viewname });
     if (!view) {
@@ -145,9 +145,10 @@ router.post(
  */
 router.post(
   ["/:viewname", "/:viewname/*"],
+  setTenant,
   error_catcher(async (req, res) => {
     const { viewname } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const query = { ...req.query };
 
     const view = await View.findOne({ name: viewname });

package/routes/viewedit.js

@@ -39,7 +39,7 @@ const Workflow = require("@saltcorn/data/models/workflow");
 const User = require("@saltcorn/data/models/user");
 const Page = require("@saltcorn/data/models/page");
 
-const { add_to_menu } = require("@saltcorn/data/models/pack");
+const { add_to_menu } = require("@saltcorn/admin-models/models/pack");
 const { editRoleForm } = require("../markup/forms.js");
 
 /**

package/serve.js

@@ -11,9 +11,10 @@ const db = require("@saltcorn/data/db");
 const {
   getState,
   init_multi_tenant,
-  create_tenant,
   restart_tenant,
+  add_tenant,
 } = require("@saltcorn/data/db/state");
+const { create_tenant } = require("@saltcorn/admin-models/models/tenant");
 
 const path = require("path");
 
@@ -38,7 +39,10 @@ const {
   getRelevantPackages,
   getPluginDirectories,
 } = require("./restart_watcher");
-const { spawnSync } = require("child_process");
+const {
+  eachTenant,
+  getAllTenants,
+} = require("@saltcorn/admin-models/models/tenant");
 
 // helpful https://gist.github.com/jpoehls/2232358
 /**
@@ -72,7 +76,8 @@ const initMaster = async ({ disableMigrate }, useClusterAdaptor = true) => {
   // switch on sql logging - but it was initiated before???
   if (getState().getConfig("log_sql", false)) db.set_sql_logging();
   if (db.is_it_multi_tenant()) {
-    await init_multi_tenant(loadAllPlugins, disableMigrate);
+    const tenants = await getAllTenants();
+    await init_multi_tenant(loadAllPlugins, disableMigrate, tenants);
   }
   if (useClusterAdaptor) setupPrimary();
 };
@@ -95,7 +100,14 @@ const workerDispatchMsg = ({ tenant, ...msg }) => {
   }
   if (msg.refresh) getState()[`refresh_${msg.refresh}`](true);
   if (msg.createTenant) {
-    create_tenant(msg.createTenant, loadAllPlugins, "", true);
+    const tenant_template = getState().getConfig("tenant_template");
+    add_tenant(msg.createTenant);
+    create_tenant({
+      t: msg.createTenant,
+      plugin_loader: loadAllPlugins,
+      noSignalOrDB: true,
+      tenant_template,
+    });
     db.runWithTenant(msg.createTenant, async () => {
       getState().refresh(true);
     });
@@ -117,29 +129,28 @@ const workerDispatchMsg = ({ tenant, ...msg }) => {
  * @param {number} opts.pid
  * @returns {function}
  */
-const onMessageFromWorker = (
-  masterState,
-  { port, watchReaper, disableScheduler, pid }
-) => (msg) => {
-  //console.log("worker msg", typeof msg, msg);
-  if (msg === "Start" && !masterState.started) {
-    masterState.started = true;
-    runScheduler({ port, watchReaper, disableScheduler });
-    require("./systemd")({ port });
-    return true;
-  } else if (msg === "RestartServer") {
-    process.exit(0);
-    return true;
-  } else if (msg.tenant || msg.createTenant) {
-    ///ie from saltcorn
-    //broadcast
-    Object.entries(cluster.workers).forEach(([wpid, w]) => {
-      if (wpid !== pid) w.send(msg);
-    });
-    workerDispatchMsg(msg); //also master
-    return true;
-  }
-};
+const onMessageFromWorker =
+  (masterState, { port, watchReaper, disableScheduler, pid }) =>
+  (msg) => {
+    //console.log("worker msg", typeof msg, msg);
+    if (msg === "Start" && !masterState.started) {
+      masterState.started = true;
+      runScheduler({ port, watchReaper, disableScheduler, eachTenant });
+      require("./systemd")({ port });
+      return true;
+    } else if (msg === "RestartServer") {
+      process.exit(0);
+      return true;
+    } else if (msg.tenant || msg.createTenant) {
+      ///ie from saltcorn
+      //broadcast
+      Object.entries(cluster.workers).forEach(([wpid, w]) => {
+        if (wpid !== pid) w.send(msg);
+      });
+      workerDispatchMsg(msg); //also master
+      return true;
+    }
+  };
 
 module.exports =
   /**
@@ -163,9 +174,6 @@ module.exports =
     ...appargs
   } = {}) => {
     if (dev && cluster.isMaster) {
-      spawnSync("npm", ["run", "tsc"], {
-        stdio: "inherit",
-      });
       listenForChanges(getRelevantPackages(), await getPluginDirectories());
     }
     const useNCpus = process.env.SALTCORN_NWORKERS