@saltcorn/server 0.7.4-beta.3 → 0.8.0-beta.0

package/routes/viewedit.js

@@ -16,6 +16,7 @@ const {
   post_dropdown_item,
   renderBuilder,
   settingsDropdown,
+  alert,
 } = require("@saltcorn/markup");
 const {
   //span,
@@ -26,11 +27,13 @@ const {
   a,
   div,
   //button,
+  script,
   text,
+  domReady,
 } = require("@saltcorn/markup/tags");
 
 const { getState } = require("@saltcorn/data/db/state");
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, addOnDoneRedirect } = require("./utils.js");
 const { setTableRefs, viewsList } = require("./common_lists");
 const Form = require("@saltcorn/data/models/form");
 const Field = require("@saltcorn/data/models/field");
@@ -39,7 +42,6 @@ const View = require("@saltcorn/data/models/view");
 const Workflow = require("@saltcorn/data/models/workflow");
 const User = require("@saltcorn/data/models/user");
 const Page = require("@saltcorn/data/models/page");
-const Tag = require("@saltcorn/data/models/tag");
 const db = require("@saltcorn/data/db");
 
 const { add_to_menu } = require("@saltcorn/admin-models/models/pack");
@@ -76,6 +78,26 @@ router.get(
 
     const viewMarkup = await viewsList(views, req);
     const tables = await Table.find();
+    const viewAccessWarning = (view) => {
+      const table = tables.find((t) => t.name === view.table);
+      if (!table) return false;
+      if (table.ownership_field_id || table.ownership_formula) return false;
+
+      return table.min_role_read < view.min_role;
+    };
+    const hasAccessWarning = views.filter(viewAccessWarning);
+    const accessWarning =
+      hasAccessWarning.length > 0
+        ? alert(
+          "danger",
+          `<p>You have views with a role to access lower than the table role to read, 
+      with no table ownership. In the next version of Saltcorn, this may cause a
+      denial of access. Users will need to have table read access to any data displayed.</p> 
+      Views potentially affected: ${hasAccessWarning
+            .map((v) => v.name)
+            .join(", ")}`
+        )
+        : "";
     res.sendWrap(req.__(`Views`), {
       above: [
         {
@@ -87,17 +109,18 @@ router.get(
           class: "mt-0",
           title: req.__("Your views"),
           contents: [
+            accessWarning,
             viewMarkup,
             tables.length > 0
               ? a(
-                  { href: `/viewedit/new`, class: "btn btn-primary" },
-                  req.__("Create view")
-                )
+                { href: `/viewedit/new`, class: "btn btn-primary" },
+                req.__("Create view")
+              )
               : p(
-                  req.__(
-                    "You must create at least one table before you can create views."
-                  )
-                ),
+                req.__(
+                  "You must create at least one table before you can create views."
+                )
+              ),
           ],
         },
       ],
@@ -129,7 +152,7 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
     .map(([k, v]) => k);
   const slugOptions = await Table.allSlugOptions();
   return new Form({
-    action: "/viewedit/save",
+    action: addOnDoneRedirect("/viewedit/save", req),
     submitLabel: req.__("Configure") + " &raquo;",
     blurb: req.__("First, please give some basic information about the view."),
     fields: [
@@ -337,7 +360,6 @@ router.post(
     const pages = await Page.find();
     const form = await viewForm(req, tableOptions, roles, pages);
     const result = form.validate(req.body);
-
     const sendForm = (form) => {
       res.sendWrap(req.__(`Edit view`), {
         above: [
@@ -397,7 +419,12 @@ router.post(
           else v.configuration = {};
           await View.create(v);
         }
-        res.redirect(`/viewedit/config/${encodeURIComponent(v.name)}`);
+        res.redirect(
+          addOnDoneRedirect(
+            `/viewedit/config/${encodeURIComponent(v.name)}`,
+            req
+          )
+        );
       }
     } else {
       sendForm(form);
@@ -414,7 +441,7 @@ router.post(
  * @returns {void}
  */
 const respondWorkflow = (view, wf, wfres, req, res) => {
-  const wrap = (contents, noCard) => ({
+  const wrap = (contents, noCard, previewURL) => ({
     above: [
       {
         type: "breadcrumbs",
@@ -430,6 +457,12 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
         title: wfres.title,
         contents,
       },
+      ...previewURL ? [{
+        type: "card",
+        title: req.__("Preview"),
+        contents: div({ id: "viewcfg-preview", "data-preview-url": previewURL },
+          script(domReady(`updateViewPreview()`))),
+      }] : []
     ],
   });
   if (wfres.flash) req.flash(wfres.flash[0], wfres.flash[1]);
@@ -452,7 +485,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
           },
         ],
       },
-      wrap(renderForm(wfres.renderForm, req.csrfToken()))
+      wrap(renderForm(wfres.renderForm, req.csrfToken()), false, wfres.previewURL)
     );
   else if (wfres.renderBuilder) {
     wfres.renderBuilder.options.view_id = view.id;
@@ -666,14 +699,14 @@ router.post(
     const view = await View.findOne({ id });
     const roles = await User.get_roles();
     const roleRow = roles.find((r) => r.id === +role);
-    if (roleRow && view)
-      req.flash(
-        "success",
-        req.__(`Minimum role for %s updated to %s`, view.name, roleRow.role)
-      );
-    else req.flash("success", req.__(`Minimum role updated`));
-
-    res.redirect("/viewedit");
+    const message =
+      roleRow && view
+        ? req.__(`Minimum role for %s updated to %s`, view.name, roleRow.role)
+        : req.__(`Minimum role updated`);
+    if (!req.xhr) {
+      req.flash("success", message);
+      res.redirect("/viewedit");
+    } else res.json({ okay: true, responseText: message });
   })
 );
 

package/serve.js

@@ -99,11 +99,16 @@ const workerDispatchMsg = ({ tenant, ...msg }) => {
     db.runWithTenant(tenant, () => workerDispatchMsg(msg));
     return;
   }
+
   if (msg.refresh_plugin_cfg) {
     Plugin.findOne({ name: msg.refresh_plugin_cfg }).then((plugin) => {
       if (plugin) loadPlugin(plugin);
     });
   }
+  if (!getState()) {
+    console.error("no State for tenant", tenant)
+    return
+  }
   if (msg.refresh) getState()[`refresh_${msg.refresh}`](true);
   if (msg.createTenant) {
     const tenant_template = getState().getConfig("tenant_template");

package/tests/admin.test.js

@@ -68,9 +68,11 @@ describe("admin page", () => {
       .expect(toInclude("Site identity settings"));
   });
   adminPageContains([
+    ["/admin", "Site identity"],
     ["/admin/backup", "Download a backup"],
     ["/admin/email", "Email settings"],
     ["/admin/system", "Restart server"],
+    ["/admin/dev", "Development"],
   ]);
   adminPageContains([
     ["/useradmin", "Create user"],

package/tests/auth.test.js

@@ -18,6 +18,7 @@ const { getState } = require("@saltcorn/data/db/state");
 const { get_reset_link, generate_email } = require("../auth/resetpw");
 const i18n = require("i18n");
 const path = require("path");
+const fs = require("fs")
 
 afterAll(db.close);
 beforeAll(async () => {
@@ -602,3 +603,22 @@ describe("signup with custom login form", () => {
     expect(userrow.height).toBe(15);
   });
 });
+
+describe("Locale files", () => {
+  it("should be valid JSON", async () => {
+
+    const localeFiles =
+      await fs.promises.readdir(path.join(__dirname, "..", "/locales"));
+    expect(localeFiles.length).toBeGreaterThan(3)
+    expect(localeFiles).toContain("en.json")
+    for (const fnm of localeFiles) {
+      const conts = await fs.promises.readFile(
+        path.join(__dirname, "..", "/locales", fnm)
+      )
+      expect(conts.length).toBeGreaterThan(1)
+
+      const j = JSON.parse(conts)
+      expect(Object.keys(j).length).toBeGreaterThan(1)
+    }
+  })
+})

package/tests/files.test.js

@@ -39,22 +39,13 @@ describe("files admin", () => {
     await request(app)
       .get("/files")
       .set("Cookie", loginCookie)
-      .expect(toInclude("Size (KiB)"));
+      .expect(toInclude("Upload file"));
   });
   it("download file", async () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getStaffLoginCookie();
     await request(app)
-      .get("/files/download/2")
-      .set("Cookie", loginCookie)
-      .expect(toSucceed());
-  });
-
-  it("serve file", async () => {
-    const app = await getApp({ disableCsrf: true });
-    const loginCookie = await getStaffLoginCookie();
-    await request(app)
-      .get("/files/serve/2")
+      .get("/files/download/rick.png")
       .set("Cookie", loginCookie)
       .expect(toSucceed());
   });
@@ -71,38 +62,38 @@ describe("files admin", () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getStaffLoginCookie();
     await request(app)
-      .get("/files/serve/22")
+      .get("/files/serve/missingfile.foo")
       .set("Cookie", loginCookie)
       .expect(404);
   });
   it("not serve file to public", async () => {
     const app = await getApp({ disableCsrf: true });
-    await request(app).get("/files/serve/2").expect(toRedirect("/"));
+    await request(app).get("/files/serve/rick.png").expect(404);
   });
   it("not download file to public", async () => {
     const app = await getApp({ disableCsrf: true });
-    await request(app).get("/files/download/2").expect(toRedirect("/"));
+    await request(app).get("/files/download/rick.png").expect(404);
   });
   it("set file min role", async () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getAdminLoginCookie();
     await request(app)
-      .post("/files/setrole/2")
+      .post("/files/setrole/rick.png")
       .set("Cookie", loginCookie)
       .send("role=10")
-      .expect(toRedirect("/files"));
+      .expect(toRedirect("/files?dir=."));
   });
   it("serve file to public after role change", async () => {
     const app = await getApp({ disableCsrf: true });
-    await request(app).get("/files/serve/2").expect(toSucceed());
+    await request(app).get("/files/serve/rick.png").expect(toSucceed());
   });
   it("delete file", async () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getAdminLoginCookie();
     await request(app)
-      .post("/files/delete/2")
+      .post("/files/delete/rick.png")
       .set("Cookie", loginCookie)
-      .expect(toRedirect("/files"));
+      .expect(toRedirect("/files?dir=."));
   });
   it("upload file", async () => {
     const app = await getApp({ disableCsrf: true });
@@ -112,7 +103,7 @@ describe("files admin", () => {
       .set("Cookie", loginCookie)
       .attach("file", Buffer.from("helloiamasmallfile", "utf-8"))
 
-      .expect(toRedirect("/files"));
+      .expect(toRedirect("/files?dir=."));
   });
 });
 describe("files edit", () => {

package/tests/tenant.test.js

@@ -5,14 +5,16 @@ const getApp = require("../app");
 const {
   toRedirect,
   getAdminLoginCookie,
-  getStaffLoginCookie,
+  //getStaffLoginCookie,
   itShouldRedirectUnauthToLogin,
   toInclude,
-  toNotInclude,
+  //toNotInclude,
 } = require("../auth/testhelp");
 const { getState } = require("@saltcorn/data/db/state");
 
 afterAll(db.close);
+jest.setTimeout(10000);
+
 
 beforeAll(async () => {
   if (!db.isSQLite) {