@saltcorn/server 0.7.4-beta.2 → 0.7.4

package/routes/fields.js

@@ -19,12 +19,13 @@ const {
   expressionValidator,
   get_async_expression_function,
   get_expression_function,
+  freeVariables,
 } = require("@saltcorn/data/models/expression");
 const db = require("@saltcorn/data/db");
 
 const { isAdmin, error_catcher } = require("./utils.js");
 const expressionBlurb = require("../markup/expression_blurb");
-const { readState } = require("@saltcorn/data/plugin-helper");
+const { readState, add_free_variables_to_joinfields } = require("@saltcorn/data/plugin-helper");
 const { wizardCardTitle } = require("../markup/forms.js");
 const FieldRepeat = require("@saltcorn/data/models/fieldrepeat");
 const { applyAsync } = require("@saltcorn/data/utils");
@@ -621,7 +622,11 @@ router.post(
     const { formula, tablename, stored } = req.body;
     const table = await Table.findOne({ name: tablename });
     const fields = await table.getFields();
-    const rows = await table.getRows({}, { orderBy: "RANDOM()", limit: 1 });
+    const freeVars = freeVariables(formula)
+    const joinFields = {}
+    if (stored)
+      add_free_variables_to_joinfields(freeVars, joinFields, fields)
+    const rows = await table.getJoinedRows({ joinFields, orderBy: "RANDOM()", limit: 1 });
     if (rows.length < 1) return "No rows in table";
     let result;
     try {
@@ -661,8 +666,12 @@ router.post(
       return;
     }
     const fields = await table.getFields();
-    const row = { ...req.body };
-    readState(row, fields);
+    let row = { ...req.body };
+    if (!row || Object.keys(row).length === 0) {
+      const { id } = req.query
+      if (id) row = await table.getRow({ id })
+    } else
+      readState(row, fields);
 
     if (fieldName.includes(".")) {
       //join field
@@ -694,7 +703,7 @@ router.post(
             return;
           }
         } else {
-          targetField.type.fieldviews[fieldview];
+          fv = targetField.type.fieldviews[fieldview];
           if (!fv)
             fv =
               targetField.type.fieldviews.show ||
@@ -743,7 +752,9 @@ router.post(
 
     let result;
     try {
-      if (field.stored) {
+      if (!field.calculated) {
+        result = row[field.name]
+      } else if (field.stored) {
         const f = get_async_expression_function(formula, fields);
         result = await f(row);
       } else {
@@ -751,7 +762,9 @@ router.post(
         result = f(row);
       }
       const fv = field.type.fieldviews[fieldview];
-      res.send(fv.run(result));
+      if (!fv)
+        res.send(text(result));
+      else res.send(fv.run(result));
     } catch (e) {
       return res.status(400).send(`Error: ${e.message}`);
     }

package/routes/index.js

@@ -72,6 +72,7 @@ const roleadmin = require("../auth/roleadmin");
 const scapi = require("./scapi");
 const tags = require("./tags");
 const tagentries = require("./tag_entries");
+const dataDiagram = require("./diagram");
 
 module.exports =
   /**
@@ -110,4 +111,5 @@ module.exports =
     app.use("/scapi", scapi);
     app.use("/tag", tags);
     app.use("/tag-entries", tagentries);
+    app.use("/diagram", dataDiagram);
   };

package/routes/pageedit.js

@@ -21,7 +21,7 @@ const { add_to_menu } = require("@saltcorn/admin-models/models/pack");
 const db = require("@saltcorn/data/db");
 const { getPageList } = require("./common_lists");
 
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, addOnDoneRedirect } = require("./utils.js");
 const {
   mkTable,
   renderForm,
@@ -54,7 +54,7 @@ const pagePropertiesForm = async (req) => {
   const roles = await User.get_roles();
 
   const form = new Form({
-    action: "/pageedit/edit-properties",
+    action: addOnDoneRedirect("/pageedit/edit-properties", req),
     fields: [
       new Field({
         label: req.__("Name"),
@@ -185,9 +185,8 @@ const pageBuilderData = async (req, context) => {
 const getRootPageForm = (pages, roles, req) => {
   const form = new Form({
     action: "/pageedit/set_root_page",
-    submitLabel: req.__("Save"),
-    submitButtonClass: "btn-outline-primary",
-    onChange: "remove_outline(this)",
+    noSubmitButton: true,
+    onChange: "saveAndContinue(this)",
     blurb: req.__(
       "The root page is the page that is served when the user visits the home location (/). This can be set for each user role."
     ),
@@ -358,7 +357,7 @@ router.post(
         if (!pageRow.fixed_states) pageRow.fixed_states = {};
         if (!pageRow.layout) pageRow.layout = {};
         await Page.create(pageRow);
-        res.redirect(`/pageedit/edit/${pageRow.name}`);
+        res.redirect(addOnDoneRedirect(`/pageedit/edit/${pageRow.name}`, req));
       }
     }
   })
@@ -417,20 +416,23 @@ router.post(
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
 
+    let redirectTarget = req.query.on_done_redirect
+      ? `/${req.query.on_done_redirect}`
+      : "/pageedit";
     const page = await Page.findOne({ name: pagename });
     if (!page) {
       req.flash("error", req.__(`Page %s not found`, pagename));
-      res.redirect(`/pageedit`);
+      res.redirect(redirectTarget);
     } else if (req.body.layout) {
       await Page.update(page.id, {
         layout: decodeURIComponent(req.body.layout),
       });
 
       req.flash("success", req.__(`Page %s saved`, pagename));
-      res.redirect(`/pageedit`);
+      res.redirect(redirectTarget);
     } else {
       req.flash("error", req.__(`Error processing page`));
-      res.redirect(`/pageedit`);
+      res.redirect(redirectTarget);
     }
   })
 );

package/routes/plugins.js

@@ -455,7 +455,7 @@ const store_actions_dropdown = (req) =>
         {
           class: "dropdown-item",
           href: `/plugins/upgrade`,
-          onClick: `notifyAlert('Upgrading modules...', true)`,
+          onClick: `notifyAlert('${req.__("Upgrading modules...")}', true)`,
         },
         '<i class="far fa-arrow-alt-circle-up"></i>&nbsp;' +
         req.__("Upgrade installed modules")
@@ -551,7 +551,7 @@ router.get(
     const { name } = req.params;
     const plugin = await Plugin.findOne({ name: decodeURIComponent(name) });
     if (!plugin) {
-      req.flash("warning", "Plugin not found");
+      req.flash("warning", req.__("Module not found"));
       res.redirect("/plugins");
       return;
     }
@@ -792,7 +792,7 @@ router.get(
       pkgjson = require(path.join(mod.location, "package.json"));
 
     if (!plugin_db) {
-      req.flash("warning", "Plugin not found");
+      req.flash("warning", "Module not found");
       res.redirect("/plugins");
       return;
     }
@@ -817,7 +817,7 @@ router.get(
         ),
         mod.plugin_module.dependencies
           ? tr(
-            th(req.__("Plugin dependencies")),
+            th(req.__("Module dependencies")),
             td(
               mod.plugin_module.dependencies.map((d) =>
                 span({ class: "badge bg-primary me-1" }, d)
@@ -933,7 +933,7 @@ router.get(
 
     const plugin = await Plugin.findOne({ name });
     await plugin.upgrade_version((p, f) => load_plugins.loadPlugin(p, f));
-    req.flash("success", req.__(`Plugin up-to-date`));
+    req.flash("success", req.__(`Module up-to-date`));
 
     res.redirect(`/plugins/info/${plugin.name}`);
   })
@@ -954,7 +954,7 @@ router.post(
     if (schema !== db.connectObj.default_schema) {
       req.flash(
         "error",
-        req.__(`Only store plugins can be installed on tenant instances`)
+        req.__(`Only store modules can be installed on tenant instances`)
       );
       res.redirect(`/plugins`);
     } else {
@@ -963,12 +963,12 @@ router.post(
           plugin,
           schema === db.connectObj.default_schema || plugin.source === "github"
         );
-        req.flash("success", req.__(`Plugin %s installed`, plugin.name));
+        req.flash("success", req.__(`Module %s installed`, plugin.name));
         res.redirect(`/plugins`);
       } catch (e) {
         req.flash("error", `${e.message}`);
         const form = pluginForm(req, plugin);
-        res.sendWrap(req.__(`Edit Plugin`), renderForm(form, req.csrfToken()));
+        res.sendWrap(req.__(`Edit Module`), renderForm(form, req.csrfToken()));
       }
     }
   })
@@ -988,7 +988,7 @@ router.post(
 
     const plugin = await Plugin.findOne({ name: decodeURIComponent(name) });
     if (!plugin) {
-      req.flash("warning", "Plugin not found");
+      req.flash("warning", "Module not found");
       res.redirect("/plugins");
       return;
     }
@@ -998,11 +998,11 @@ router.post(
       getState().getConfig("development_mode", false)
     ) {
       await plugin.delete();
-      req.flash("success", req.__(`Plugin %s removed.`, plugin.name));
+      req.flash("success", req.__(`Module %s removed.`, plugin.name));
     } else {
       req.flash(
         "error",
-        req.__(`Cannot remove plugin: views %s depend on it`, depviews.join())
+        req.__(`Cannot remove module: views %s depend on it`, depviews.join())
       );
     }
     res.redirect(`/plugins`);
@@ -1025,7 +1025,7 @@ router.post(
     if (!plugin) {
       req.flash(
         "error",
-        req.__(`Plugin %s not found`, text(decodeURIComponent(name)))
+        req.__(`Module %s not found`, text(decodeURIComponent(name)))
       );
       res.redirect(`/plugins`);
       return;
@@ -1034,7 +1034,7 @@ router.post(
     if (!isRoot && plugin.unsafe) {
       req.flash(
         "error",
-        req.__("Cannot install unsafe plugins on subdomain tenants")
+        req.__("Cannot install unsafe modules on subdomain tenants")
       );
       res.redirect(`/plugins`);
       return;
@@ -1047,14 +1047,14 @@ router.post(
       req.flash(
         "success",
         req.__(
-          `Plugin %s installed, please complete configuration.`,
+          `Module %s installed, please complete configuration.`,
           plugin_db.name
         )
       );
       await sleep(1000); // Allow other workers to load this plugin
       res.redirect(`/plugins/configure/${plugin_db.name}`);
     } else {
-      req.flash("success", req.__(`Plugin %s installed`, plugin.name));
+      req.flash("success", req.__(`Module %s installed`, plugin.name));
       res.redirect(`/plugins`);
     }
   })

package/routes/tables.js

@@ -1013,7 +1013,6 @@ router.get(
     const getRole = (rid) => roles.find((r) => r.id === rid).role;
     const mainCard = await tablesList(rows, req);
     const createCard = div(
-      h5(req.__("Create table")),
       a(
         { href: `/table/new`, class: "btn btn-primary mt-1 me-3" },
         i({ class: "fas fa-plus-square me-1" }),
@@ -1029,8 +1028,13 @@ router.get(
       ),
       !db.isSQLite &&
       a(
-        { href: `/table/discover`, class: "btn btn-secondary mt-1" },
+        {
+          href: `/table/discover`,
+          class: "btn btn-secondary mt-1",
+          title: req.__("Discover tables that are already in the Database, but not known to Saltcorn"),
+        },
         i({ class: "fas fa-map-signs me-1" }),
+
         req.__("Discover tables")
       )
     );

package/routes/tag_entries.js

@@ -105,7 +105,7 @@ router.get(
         },
         {
           type: "card",
-          title: `Add entries to tag`,
+          title: req.__(`Add entries to tag`),
           contents: buildForm(
             entry_type,
             tag_id,
@@ -143,7 +143,7 @@ router.post(
     const { entry_type, tag_id } = req.params;
     const { ids } = req.body;
     if (!ids) {
-      req.flash("error", req.__("Please select at least on item"));
+      req.flash("error", req.__("Please select at least one item"));
       return res.redirect(`/tag-entries/add/${entry_type}/${tag_id}`);
     }
     const fieldName = idField(entry_type);

package/routes/tags.js

@@ -6,7 +6,7 @@ const Form = require("@saltcorn/data/models/form");
 const User = require("@saltcorn/data/models/user");
 
 const { isAdmin, error_catcher, csrfField } = require("./utils");
-const { send_admin_page } = require("../markup/admin");
+const { send_infoarch_page } = require("../markup/admin");
 
 const {
   mkTable,
@@ -31,34 +31,38 @@ router.get(
   isAdmin,
   error_catcher(async (req, res) => {
     const rows = await Tag.find();
-    send_admin_page({
+    send_infoarch_page({
       res,
       req,
       active_sub: "Tags",
-      contents: [
-        mkTable(
-          [
-            {
-              label: req.__("Tagname"),
-              key: (r) =>
-                link(`/tag/${r.id || r.name}?show_list=tables`, text(r.name)),
-            },
+      contents: {
+        type: "card",
+        title: req.__("Tags"),
+        contents: [
+          mkTable(
+            [
+              {
+                label: req.__("Tagname"),
+                key: (r) =>
+                  link(`/tag/${r.id || r.name}?show_list=tables`, text(r.name)),
+              },
+              {
+                label: req.__("Delete"),
+                key: (r) => post_delete_btn(`/tag/delete/${r.id}`, req, r.name),
+              },
+            ],
+            rows,
+            {}
+          ),
+          a(
             {
-              label: req.__("Delete"),
-              key: (r) => post_delete_btn(`/tag/delete/${r.id}`, req, r.name),
+              href: `/tag/new`,
+              class: "btn btn-primary",
             },
-          ],
-          rows,
-          {}
-        ),
-        a(
-          {
-            href: `/tag/new`,
-            class: "btn btn-primary",
-          },
-          req.__("Create tag")
-        ),
-      ],
+            req.__("Create tag")
+          ),
+        ],
+      },
     });
   })
 );
@@ -199,7 +203,7 @@ router.get(
                 href: `/tag-entries/add/pages/${tag.id}`,
                 class: "btn btn-primary",
               },
-              req.__("Add tages")
+              req.__("Add pages")
             ),
           ],
         },
@@ -222,7 +226,7 @@ router.get(
                 href: `/tag-entries/add/trigger/${tag.id}`,
                 class: "btn btn-primary",
               },
-              req.__("Add trigger")
+              req.__("Add triggers")
             ),
           ],
         },

package/routes/utils.js

@@ -113,37 +113,62 @@ const get_tenant_from_req = (req) => {
 };
 
 /**
+ * middleware to extract the tenant domain and call runWithtenant()
  * @param {object} req
  * @param {object} res
  * @param {function} next
  */
 const setTenant = (req, res, next) => {
   if (db.is_it_multi_tenant()) {
-    const other_domain = get_other_domain_tenant(req.hostname);
-    if (other_domain) {
-      const state = getTenant(other_domain);
-      if (!state) {
-        setLanguage(req, res);
-        next();
-      } else {
-        db.runWithTenant(other_domain, () => {
-          setLanguage(req, res, state);
-          state.log(5, `${req.method} ${req.originalUrl}`);
+    // for a saltcorn mobile request use 'req.user.tenant'
+    if (req.smr) {
+      if (
+        req.user?.tenant &&
+        req.user.tenant !== db.connectObj.default_schema
+      ) {
+        const state = getTenant(req.user.tenant);
+        if (!state) {
+          setLanguage(req, res);
           next();
-        });
+        } else {
+          db.runWithTenant(req.user.tenant, () => {
+            setLanguage(req, res, state);
+            state.log(5, `${req.method} ${req.originalUrl}`);
+            next();
+          });
+        }
       }
-    } else {
-      const ten = get_tenant_from_req(req);
-      const state = getTenant(ten);
-      if (!state) {
+      else {
         setLanguage(req, res);
         next();
+      }
+    } else {
+      const other_domain = get_other_domain_tenant(req.hostname);
+      if (other_domain) {
+        const state = getTenant(other_domain);
+        if (!state) {
+          setLanguage(req, res);
+          next();
+        } else {
+          db.runWithTenant(other_domain, () => {
+            setLanguage(req, res, state);
+            state.log(5, `${req.method} ${req.originalUrl}`);
+            next();
+          });
+        }
       } else {
-        db.runWithTenant(ten, () => {
-          setLanguage(req, res, state);
-          state.log(5, `${req.method} ${req.originalUrl}`);
+        const ten = get_tenant_from_req(req);
+        const state = getTenant(ten);
+        if (!state) {
+          setLanguage(req, res);
           next();
-        });
+        } else {
+          db.runWithTenant(ten, () => {
+            setLanguage(req, res, state);
+            state.log(5, `${req.method} ${req.originalUrl}`);
+            next();
+          });
+        }
       }
     }
   } else {
@@ -232,6 +257,20 @@ const getSessionStore = () => {
   }
 };
 
+/**
+ * appends 'req.query.on_done_redirect' to 'oldPath' if it exists
+ * @param {string} oldPath path without 'on_done_redirect'
+ * @param {any} req express request
+ * @returns a new string with or without on_done_redirect=...
+ */
+const addOnDoneRedirect = (oldPath, req) => {
+  const separator = oldPath.indexOf("?") > -1 ? "&" : "?";
+  if (req.query.on_done_redirect) {
+    return `${oldPath}${separator}on_done_redirect=${req.query.on_done_redirect}`;
+  }
+  return oldPath;
+};
+
 module.exports = {
   sqlsanitize,
   csrfField,
@@ -243,5 +282,6 @@ module.exports = {
   getGitRevision,
   getSessionStore,
   setTenant,
-  get_tenant_from_req
+  get_tenant_from_req,
+  addOnDoneRedirect,
 };

package/routes/viewedit.js

@@ -16,6 +16,7 @@ const {
   post_dropdown_item,
   renderBuilder,
   settingsDropdown,
+  alert
 } = require("@saltcorn/markup");
 const {
   //span,
@@ -30,7 +31,7 @@ const {
 } = require("@saltcorn/markup/tags");
 
 const { getState } = require("@saltcorn/data/db/state");
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, addOnDoneRedirect } = require("./utils.js");
 const { setTableRefs, viewsList } = require("./common_lists");
 const Form = require("@saltcorn/data/models/form");
 const Field = require("@saltcorn/data/models/field");
@@ -76,6 +77,20 @@ router.get(
 
     const viewMarkup = await viewsList(views, req);
     const tables = await Table.find();
+    const viewAccessWarning = view => {
+      const table = tables.find(t => t.name === view.table)
+      if (!table) return false
+      if (table.ownership_field_id || table.ownership_formula) return false
+
+      return table.min_role_read < view.min_role
+    }
+    const hasAccessWarning = views.filter(viewAccessWarning)
+    const accessWarning = hasAccessWarning.length > 0
+      ? alert("danger", `<p>You have views with a role to access lower than the table role to read, 
+      with no table ownership. In the next version of Saltcorn, this may cause a
+      denial of access. Users will need to have table read access to any data displayed.</p> 
+      Views potentially affected: ${hasAccessWarning.map(v => v.name).join(", ")}`)
+      : ''
     res.sendWrap(req.__(`Views`), {
       above: [
         {
@@ -87,17 +102,18 @@ router.get(
           class: "mt-0",
           title: req.__("Your views"),
           contents: [
+            accessWarning,
             viewMarkup,
             tables.length > 0
               ? a(
-                  { href: `/viewedit/new`, class: "btn btn-primary" },
-                  req.__("Create view")
-                )
+                { href: `/viewedit/new`, class: "btn btn-primary" },
+                req.__("Create view")
+              )
               : p(
-                  req.__(
-                    "You must create at least one table before you can create views."
-                  )
-                ),
+                req.__(
+                  "You must create at least one table before you can create views."
+                )
+              ),
           ],
         },
       ],
@@ -129,7 +145,7 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
     .map(([k, v]) => k);
   const slugOptions = await Table.allSlugOptions();
   return new Form({
-    action: "/viewedit/save",
+    action: addOnDoneRedirect("/viewedit/save", req),
     submitLabel: req.__("Configure") + " &raquo;",
     blurb: req.__("First, please give some basic information about the view."),
     fields: [
@@ -209,15 +225,15 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
       }),
       ...(isEdit
         ? [
-          new Field({
-            name: "viewtemplate",
-            input_type: "hidden",
-          }),
-          new Field({
-            name: "table_name",
-            input_type: "hidden",
-          }),
-        ]
+            new Field({
+              name: "viewtemplate",
+              input_type: "hidden",
+            }),
+            new Field({
+              name: "table_name",
+              input_type: "hidden",
+            }),
+          ]
         : []),
     ],
     values,
@@ -337,7 +353,6 @@ router.post(
     const pages = await Page.find();
     const form = await viewForm(req, tableOptions, roles, pages);
     const result = form.validate(req.body);
-
     const sendForm = (form) => {
       res.sendWrap(req.__(`Edit view`), {
         above: [
@@ -397,7 +412,12 @@ router.post(
           else v.configuration = {};
           await View.create(v);
         }
-        res.redirect(`/viewedit/config/${encodeURIComponent(v.name)}`);
+        res.redirect(
+          addOnDoneRedirect(
+            `/viewedit/config/${encodeURIComponent(v.name)}`,
+            req
+          )
+        );
       }
     } else {
       sendForm(form);

package/tests/page.test.js

@@ -146,6 +146,15 @@ describe("pageedit", () => {
       .send("id=1")
       .expect(toRedirect("/pageedit/"));
   });
+  it("show builder", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .get("/pageedit/edit/a_page")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("<script>builder.renderBuilder"));
+
+  });
 
   it("sets root page", async () => {
     const app = await getApp({ disableCsrf: true });

package/tests/viewedit.test.js

@@ -43,6 +43,22 @@ describe("viewedit edit endpoint", () => {
       .set("Cookie", loginCookie)
       .expect(toInclude("author"));
   });
+  it("show list editor", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/viewedit/config/authorlist")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("author"));
+  });
+  it("show builder", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/viewedit/config/authorshow")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("<script>builder.renderBuilder"));
+  });
 });
 
 describe("viewedit new List", () => {