@saltcorn/server 0.8.1-beta.5 → 0.8.1-rc.3

package/auth/admin.js

@@ -336,6 +336,7 @@ const http_settings_form = async (req) =>
       "cookie_duration",
       "cookie_duration_remember",
       "cookie_sessions",
+      "public_cache_maxage",
       "custom_http_headers",
     ],
     action: "/useradmin/http",
@@ -376,6 +377,7 @@ router.get(
       active_sub: "Login and Signup",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("Authentication settings"),
         contents: [renderForm(form, req.csrfToken())],
       },
@@ -408,9 +410,10 @@ router.post(
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("Authentication settings updated"));
-      if (!req.xhr) res.redirect("/useradmin/settings");
-      else res.json({ success: "ok" });
+      if (!req.xhr) {
+        req.flash("success", req.__("Authentication settings updated"));
+        res.redirect("/useradmin/settings");
+      } else res.json({ success: "ok" });
     }
   })
 );
@@ -432,6 +435,7 @@ router.get(
       active_sub: "HTTP",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("HTTP settings"),
         contents: [renderForm(form, req.csrfToken())],
       },
@@ -464,9 +468,11 @@ router.post(
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("HTTP settings updated"));
-      if (!req.xhr) res.redirect("/useradmin/http");
-      else res.json({ success: "ok" });
+
+      if (!req.xhr) {
+        req.flash("success", req.__("HTTP settings updated"));
+        res.redirect("/useradmin/http");
+      } else res.json({ success: "ok" });
     }
   })
 );
@@ -488,6 +494,7 @@ router.get(
       active_sub: "Permissions",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("Permissions settings"),
         contents: [renderForm(form, req.csrfToken())],
       },
@@ -514,15 +521,17 @@ router.post(
         active_sub: "Permissions",
         contents: {
           type: "card",
+          titleAjaxIndicator: true,
           title: req.__("Permissions settings"),
           contents: [renderForm(form, req.csrfToken())],
         },
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("Permissions settings updated"));
-      if (!req.xhr) res.redirect("/useradmin/permissions");
-      else res.json({ success: "ok" });
+      if (!req.xhr) {
+        req.flash("success", req.__("Permissions settings updated"));
+        res.redirect("/useradmin/permissions");
+      } else res.json({ success: "ok" });
     }
   })
 );
@@ -677,8 +686,9 @@ router.get(
       active_sub: "SSL",
       contents: {
         type: "card",
-        title: req.__("Authentication settings"),
+        title: req.__("Custom SSL certificates"),
         sub2_page: req.__("Custom SSL certificates"),
+        titleAjaxIndicator: true,
         contents: [renderForm(form, req.csrfToken())],
       },
     });
@@ -817,6 +827,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__("Table access"),
+        titleAjaxIndicator: true,
         contents,
       },
     });

package/auth/routes.js

@@ -1061,6 +1061,7 @@ router.post(
         else req.session.cookie.expires = false;
       }
     Trigger.emitEvent("Login", null, req.user);
+    res?.cookie?.("loggedin", "true");
     req.flash("success", req.__("Welcome, %s!", req.user.email));
     if (req.smr) {
       const dbUser = await User.findOne({ id: req.user.id });

package/auth/testhelp.js

@@ -88,6 +88,9 @@ const toNotInclude =
     }
   };
 
+const resToLoginCookie = (res) =>
+  res.headers["set-cookie"].find((c) => c.includes("connect.sid"));
+
 /**
  *
  * @returns {Promise<void>}
@@ -99,7 +102,7 @@ const getStaffLoginCookie = async () => {
     .send("email=staff@foo.com")
     .send("password=ghrarhr54hg");
   if (res.statusCode !== 302) console.log(res.text);
-  return res.headers["set-cookie"][0];
+  return resToLoginCookie(res);
 };
 
 /**
@@ -113,8 +116,7 @@ const getAdminLoginCookie = async () => {
     .send("email=admin@foo.com")
     .send("password=AhGGr6rhu45");
   if (res.statusCode !== 302) console.log(res.text);
-
-  return res.headers["set-cookie"][0];
+  return resToLoginCookie(res);
 };
 
 /**

package/locales/da.json

@@ -555,5 +555,8 @@
 	"Create database view": "Create database view",
 	"Create an SQL view in the database with the fields in this list": "Create an SQL view in the database with the fields in this list",
 	"Rows per page": "Rows per page",
-	"List options": "List options"
+	"List options": "List options",
+	"Modules": "Modules",
+	"File not found": "File not found",
+	"Welcome, %s!": "Welcome, %s!"
 }

package/locales/en.json

@@ -1073,5 +1073,12 @@
 	"Become user": "Become user",
 	"Your are now logged in as %s. Logout and login again to assume your usual identity": "Your are now logged in as %s. Logout and login again to assume your usual identity",
 	"Done": "Done",
-	"Configure trigger %s": "Configure trigger %s"
+	"Configure trigger %s": "Configure trigger %s",
+	"Saved 2FA policy for role": "Saved 2FA policy for role",
+	"HTTP settings updated": "HTTP settings updated",
+	"%s configuration": "%s configuration",
+	"Save indicator": "Save indicator",
+	"Public cache TTL (minutes)": "Public cache TTL (minutes)",
+	"Cache-control max-age for public views and pages. 0 to disable": "Cache-control max-age for public views and pages. 0 to disable",
+	"Files accept filter": "Files accept filter"
 }

package/markup/admin.js

@@ -135,6 +135,7 @@ const send_settings_page = ({
   headers,
   no_nav_pills,
   sub2_page,
+  page_title,
 }) => {
   const pillCard = no_nav_pills
     ? []
@@ -163,12 +164,13 @@ const send_settings_page = ({
         },
       ];
   // headers
+  const pg_title = page_title || req.__(active_sub);
   const title = headers
     ? {
-        title: req.__(active_sub),
+        title: pg_title,
         headers,
       }
-    : req.__(active_sub);
+    : pg_title;
   res.sendWrap(title, {
     above: [
       {

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.1-beta.5",
+  "version": "0.8.1-rc.3",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.1-beta.5",
-    "@saltcorn/builder": "0.8.1-beta.5",
-    "@saltcorn/data": "0.8.1-beta.5",
-    "@saltcorn/admin-models": "0.8.1-beta.5",
-    "@saltcorn/filemanager": "0.8.1-beta.5",
-    "@saltcorn/markup": "0.8.1-beta.5",
-    "@saltcorn/sbadmin2": "0.8.1-beta.5",
+    "@saltcorn/base-plugin": "0.8.1-rc.3",
+    "@saltcorn/builder": "0.8.1-rc.3",
+    "@saltcorn/data": "0.8.1-rc.3",
+    "@saltcorn/admin-models": "0.8.1-rc.3",
+    "@saltcorn/filemanager": "0.8.1-rc.3",
+    "@saltcorn/markup": "0.8.1-rc.3",
+    "@saltcorn/sbadmin2": "0.8.1-rc.3",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",

package/public/saltcorn-common.js

@@ -523,6 +523,33 @@ function initialize_page() {
 
 $(initialize_page);
 
+function ajax_indicator(show, e) {
+  const $ind = e
+    ? $(e).closest(".card,.modal").find(".sc-ajax-indicator")
+    : $(".sc-ajax-indicator");
+  $ind.find("svg").attr("data-icon", "save");
+  $ind.find("i").removeClass("fa-exclamation-triangle").addClass("fa-save");
+  $ind.css("color", "");
+  $ind.removeAttr("title");
+  if (show) $ind.show();
+  else $ind.fadeOut();
+}
+
+function ajax_indicate_error(e, resp) {
+  //console.error("ind error", resp);
+  const $ind = e
+    ? $(e).closest(".card,.modal").find(".sc-ajax-indicator")
+    : $(".sc-ajax-indicator");
+  $ind.css("color", "#e74a3b");
+  $ind.find("svg").attr("data-icon", "exclamation-triangle");
+  $ind.find("i").removeClass("fa-save").addClass("fa-exclamation-triangle");
+  $ind.attr(
+    "title",
+    "Save error: " + (resp ? resp.responseText || resp.statusText : "unknown")
+  );
+  $ind.show();
+}
+
 function enable_codemirror(f) {
   $("<link/>", {
     rel: "stylesheet",

package/public/saltcorn.js

@@ -246,6 +246,9 @@ function ensure_modal_exists_and_closed() {
       <div class="modal-content">
         <div class="modal-header">
           <h5 class="modal-title">Modal title</h5>
+          <span class="sc-ajax-indicator-wrapper">
+            <span class="sc-ajax-indicator ms-2" style="display: none;"><i class="fas fa-save"></i></span>
+          </span>
           <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close">            
           </button>
         </div>
@@ -280,6 +283,11 @@ function ajax_modal(url, opts = {}) {
     success: function (res, textStatus, request) {
       var title = request.getResponseHeader("Page-Title");
       var width = request.getResponseHeader("SaltcornModalWidth");
+      var saveIndicate = !!request.getResponseHeader(
+        "SaltcornModalSaveIndicator"
+      );
+      if (saveIndicate) $(".sc-ajax-indicator-wrapper").show();
+      else $(".sc-ajax-indicator-wrapper").hide();
       if (width) $(".modal-dialog").css("max-width", width);
       else $(".modal-dialog").css("max-width", "");
       if (title) $("#scmodal .modal-title").html(decodeURIComponent(title));
@@ -303,6 +311,7 @@ function saveAndContinue(e, k) {
   submitWithEmptyAction(form[0]);
   var url = form.attr("action");
   var form_data = form.serialize();
+  ajax_indicator(true, e);
   $.ajax(url, {
     type: "POST",
     headers: {
@@ -310,6 +319,7 @@ function saveAndContinue(e, k) {
     },
     data: form_data,
     success: function (res) {
+      ajax_indicator(false);
       if (res.id && form.find("input[name=id")) {
         form.append(
           `<input type="hidden" class="form-control  " name="id" value="${res.id}">`
@@ -318,6 +328,7 @@ function saveAndContinue(e, k) {
     },
     error: function (request) {
       $("#page-inner-content").html(request.responseText);
+      ajax_indicate_error(e, request);
       initialize_page();
     },
     complete: function () {
@@ -335,6 +346,7 @@ function applyViewConfig(e, url, k) {
   form_data.forEach((item) => {
     cfg[item.name] = item.value;
   });
+  ajax_indicator(true, e);
   $.ajax(url, {
     type: "POST",
     dataType: "json",
@@ -343,11 +355,15 @@ function applyViewConfig(e, url, k) {
       "CSRF-Token": _sc_globalCsrf,
     },
     data: JSON.stringify(cfg),
-    error: function (request) {},
+    error: function (request) {
+      ajax_indicate_error(e, request);
+    },
     success: function (res) {
+      ajax_indicator(false);
       k && k(res);
       !k && updateViewPreview();
     },
+    complete: () => {},
   });
 
   return false;

package/routes/actions.js

@@ -399,8 +399,10 @@ router.get(
         req,
         active_sub: "Triggers",
         sub2_page: "Configure",
+        page_title: trigger.name,
         contents: {
           type: "card",
+          titleAjaxIndicator: true,
           title: req.__("Configure trigger %s", trigger.name),
           contents: {
             widths: [8, 4],
@@ -468,8 +470,10 @@ router.get(
         req,
         active_sub: "Triggers",
         sub2_page: "Configure",
+        page_title: req.__(`%s configuration`, trigger.name),
         contents: {
           type: "card",
+          titleAjaxIndicator: true,
           title: req.__("Configure trigger %s", trigger.name),
           contents: renderForm(form, req.csrfToken()),
         },

package/routes/admin.js

@@ -97,6 +97,7 @@ const View = require("@saltcorn/data/models/view");
 const { getConfigFile } = require("@saltcorn/data/db/connect");
 const os = require("os");
 const Page = require("@saltcorn/data/models/page");
+const { getSafeSaltcornCmd } = require("@saltcorn/data/utils");
 
 const router = new Router();
 module.exports = router;
@@ -194,6 +195,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__("Site identity settings"),
+        titleAjaxIndicator: true,
         contents: [renderForm(form, req.csrfToken())],
       },
     });
@@ -251,6 +253,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__("Email settings"),
+        titleAjaxIndicator: true,
         contents: [
           renderForm(form, req.csrfToken()),
           a(
@@ -321,9 +324,10 @@ router.post(
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("Email settings updated"));
-      if (!req.xhr) res.redirect("/admin/email");
-      else res.json({ success: "ok" });
+      if (!req.xhr) {
+        req.flash("success", req.__("Email settings updated"));
+        res.redirect("/admin/email");
+      } else res.json({ success: "ok" });
     }
   })
 );
@@ -391,6 +395,7 @@ router.get(
             ? {
                 type: "card",
                 title: req.__("Automated backup"),
+                titleAjaxIndicator: true,
                 contents: div(
                   renderForm(backupForm, req.csrfToken()),
                   a(
@@ -408,6 +413,7 @@ router.get(
           {
             type: "card",
             title: req.__("Snapshots"),
+            titleAjaxIndicator: true,
             contents: div(
               p(
                 i(
@@ -708,9 +714,11 @@ router.post(
     form.validate(req.body);
 
     await save_config_from_form(form);
-    req.flash("success", req.__("Snapshot settings updated"));
-    if (!req.xhr) res.redirect("/admin/backup");
-    else res.json({ success: "ok" });
+
+    if (!req.xhr) {
+      req.flash("success", req.__("Snapshot settings updated"));
+      res.redirect("/admin/backup");
+    } else res.json({ success: "ok" });
   })
 );
 router.post(
@@ -732,9 +740,10 @@ router.post(
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("Backup settings updated"));
-      if (!req.xhr) res.redirect("/admin/backup");
-      else res.json({ success: "ok" });
+      if (!req.xhr) {
+        req.flash("success", req.__("Backup settings updated"));
+        res.redirect("/admin/backup");
+      } else res.json({ success: "ok" });
     }
   })
 );
@@ -1306,7 +1315,7 @@ const buildDialogScript = () => {
   }
   
   function handleMessages() {
-    notifyAlert("This is still under development and might run longer.")
+    notifyAlert("Building the app, please wait.")
     ${
       getState().getConfig("apple_team_id") &&
       getState().getConfig("apple_team_id") !== "null"
@@ -1651,7 +1660,7 @@ router.post(
     // end http call, return the out directory name
     // the gui polls for results
     res.json({ build_dir_name: outDirName });
-    const child = spawn("saltcorn", spawnParams, {
+    const child = spawn(getSafeSaltcornCmd(), spawnParams, {
       stdio: ["ignore", "pipe", "pipe"],
       cwd: ".",
     });
@@ -1858,6 +1867,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__("Development settings"),
+        titleAjaxIndicator: true,
         contents: [
           renderForm(form, req.csrfToken()) /*,
                     a(
@@ -1899,9 +1909,10 @@ router.post(
       });
     } else {
       await save_config_from_form(form);
-      req.flash("success", req.__("Development mode settings updated"));
-      if (!req.xhr) res.redirect("/admin/dev");
-      else res.json({ success: "ok" });
+      if (!req.xhr) {
+        req.flash("success", req.__("Development mode settings updated"));
+        res.redirect("/admin/dev");
+      } else res.json({ success: "ok" });
     }
   })
 );

package/routes/eventlog.js

@@ -108,6 +108,7 @@ router.get(
       //sub2_page: "Events to log",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("Events to log"),
         contents: renderForm(form, req.csrfToken()),
       },

package/routes/fields.js

@@ -711,20 +711,54 @@ router.post(
     const fields = await table.getFields();
     let row = { ...req.body };
     if (row && Object.keys(row).length > 0) readState(row, fields);
+
+    //need to get join fields from ownership into row
+    const joinFields = {};
+    if (table.ownership_formula && role > table.min_role_read) {
+      const freeVars = freeVariables(table.ownership_formula);
+      add_free_variables_to_joinfields(freeVars, joinFields, fields);
+    }
+    //console.log(joinFields, row);
     const id = req.query.id || row.id;
     if (id) {
-      let dbrow = await table.getRow({ id });
+      let [dbrow] = await table.getJoinedRows({ where: { id }, joinFields });
       row = { ...dbrow, ...row };
       //prevent overwriting ownership field
       if (table.ownership_field_id) {
         const ofield = fields.find((f) => f.id === table.ownership_field_id);
         row[ofield.name] = dbrow[ofield.name];
       }
+    } else {
+      //may need to add joinfields
+      for (const { ref } of Object.values(joinFields)) {
+        if (row[ref]) {
+          const field = fields.find((f) => f.name === ref);
+          const reftable = await Table.findOne({ name: field.reftable_name });
+          const refFields = await reftable.getFields();
+
+          const joinFields = {};
+          if (reftable.ownership_formula && role > reftable.min_role_read) {
+            const freeVars = freeVariables(reftable.ownership_formula);
+            add_free_variables_to_joinfields(freeVars, joinFields, refFields);
+          }
+          const [refRow] = await reftable.getJoinedRows({
+            where: { id: row[ref] },
+            joinFields,
+          });
+          if (
+            role <= reftable.min_role_read ||
+            (req.user && reftable.is_owner(req.user, refRow))
+          ) {
+            row[ref] = refRow;
+          }
+        }
+      }
     }
     if (
       role > table.min_role_read &&
       !(req.user && table.is_owner(req.user, row))
     ) {
+      //console.log("not owner", row, table.is_owner(req.user, row));
       res.status(401).send("");
       return;
     }
@@ -734,16 +768,25 @@ router.post(
       if (kpath.length === 2 && row[kpath[0]]) {
         const field = fields.find((f) => f.name === kpath[0]);
         const reftable = await Table.findOne({ name: field.reftable_name });
-        if (role > reftable.min_role_read) {
+        const refFields = await reftable.getFields();
+        const targetField = refFields.find((f) => f.name === kpath[1]);
+        //console.log({ kpath, fieldview, targetField });
+        const q = { [reftable.pk_name]: row[kpath[0]] };
+        const joinFields = {};
+        if (reftable.ownership_formula && role > reftable.min_role_read) {
+          const freeVars = freeVariables(reftable.ownership_formula);
+          add_free_variables_to_joinfields(freeVars, joinFields, refFields);
+        }
+        const [refRow] = await reftable.getJoinedRows({ where: q, joinFields });
+        if (
+          role > reftable.min_role_read &&
+          !(req.user && reftable.is_owner(req.user, refRow))
+        ) {
+          //console.log("not jointable owner", refRow);
+
           res.status(401).send("");
           return;
         }
-        const targetField = (await reftable.getFields()).find(
-          (f) => f.name === kpath[1]
-        );
-        //console.log({ kpath, fieldview, targetField });
-        const q = { [reftable.pk_name]: row[kpath[0]] };
-        const refRow = await reftable.getRow(q);
         let fv;
         if (targetField.type === "Key") {
           fv = getState().keyFieldviews[fieldview];
@@ -953,7 +996,8 @@ router.post(
       formStyle: "vert",
       fields: formFields,
     });
-    if (_columndef) form.values = JSON.parse(_columndef);
+    if (_columndef && _columndef !== "undefined")
+      form.values = JSON.parse(_columndef);
     res.send(mkFormContentNoLayout(form));
   })
 );

package/routes/files.js

@@ -393,6 +393,13 @@ router.post(
       f.s3_store ? s3storage.unlinkObject : undefined
     );
     if (result && result.error) {
+      if (req.xhr) {
+        const root = path.join(db.connectObj.file_store, db.getTenantSchema());
+        res.json({
+          error: result.error.replaceAll(root, ""),
+        });
+        return;
+      }
       req.flash("error", result.error);
     }
     res.redirect(`/files?dir=${encodeURIComponent(f.current_folder)}`);
@@ -438,6 +445,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__("Storage settings"),
+        titleAjaxIndicator: true,
         contents: [renderForm(form, req.csrfToken())],
       },
     });
@@ -512,6 +520,7 @@ router.get(
       active_sub: "Settings",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("Files settings"),
         contents: [renderForm(form, req.csrfToken())],
       },

package/routes/list.js

@@ -308,6 +308,13 @@ router.get(
             ],
             right: div(
               { class: "d-flex" },
+              div(
+                {
+                  class: "sc-ajax-indicator me-2",
+                  style: { display: "none" },
+                },
+                i({ class: "fas fa-save" })
+              ),
               button(
                 {
                   class: "btn btn-sm btn-primary me-2",
@@ -391,6 +398,7 @@ router.get(
               });
               window.tabulator_table.on("cellEdited", function(cell){
                 const row = cell.getRow().getData()
+                ajax_indicator(true);
                 $.ajax({
                   type: "POST",
                   url: "/api/${table.name}/" + (row.id||""),
@@ -400,12 +408,15 @@ router.get(
                   },
                   error: tabulator_error_handler,
                 }).done(function (resp) {
+                  ajax_indicator(false);
                   //if (item._versions) item._versions = +item._versions + 1;
                   //data.resolve(fixKeys(item));
                   if(resp.success &&typeof resp.success ==="number" && !row.id) {
                     window.tabulator_table.updateRow(cell.getRow(), {id: resp.success});
                   }
 
+                }).fail(function (resp) {
+                  ajax_indicate_error(undefined, resp);
                 });
               });
               window.tabulator_table_name="${table.name}";`)

package/routes/menu.js

@@ -309,8 +309,14 @@ const menuEditorScript = (menu_items) => `
     const s = editor.getString()    
     if(s===lastState && !skip_check) return;
     lastState=s;
-    ajax_post('/menu', {data: s, 
-      success: ()=>{}, dataType : 'json', contentType: 'application/json;charset=UTF-8'})
+    ajax_indicator(true);
+    ajax_post('/menu', {
+      data: s, 
+      success: ()=>{ ajax_indicator(false)}, 
+      dataType : 'json', 
+      contentType: 'application/json;charset=UTF-8',
+      error: (r) => {ajax_indicate_error(undefined, r); }
+    })
   }
   var sortableListOptions = {
       placeholderCss: {'background-color': "#cccccc"},
@@ -395,6 +401,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__(`Menu editor`),
+        titleAjaxIndicator: true,
         contents: {
           above: [
             {

package/routes/pageedit.js

@@ -251,6 +251,7 @@ router.get(
         {
           type: "card",
           title: req.__("Root pages"),
+          titleAjaxIndicator: true,
           contents: renderForm(
             getRootPageForm(pages, roles, req),
             req.csrfToken()
@@ -402,7 +403,7 @@ router.get(
         version_tag: db.connectObj.version_tag,
       };
       res.sendWrap(
-        req.__(`Page configuration`),
+        req.__(`%s configuration`, page.name),
         wrap(renderBuilder(builderData, req.csrfToken()), true, req, page)
       );
     }

package/routes/plugins.js

@@ -583,10 +583,23 @@ router.get(
     }
 
     res.sendWrap(req.__(`Configure %s Plugin`, plugin.name), {
-      type: "card",
-      class: "mt-0",
-      title: req.__(`Configure %s Plugin`, plugin.name),
-      contents: renderForm(wfres.renderForm, req.csrfToken()),
+      above: [
+        {
+          type: "breadcrumbs",
+          crumbs: [
+            { text: req.__("Settings"), href: "/settings" },
+            { text: req.__("Module store"), href: "/plugins" },
+            { text: plugin.name },
+          ],
+        },
+        {
+          type: "card",
+          class: "mt-0",
+          title: req.__(`Configure %s Plugin`, plugin.name),
+          titleAjaxIndicator: true,
+          contents: renderForm(wfres.renderForm, req.csrfToken()),
+        },
+      ],
     });
   })
 );

package/routes/search.js

@@ -90,6 +90,7 @@ router.get(
       contents: {
         type: "card",
         title: req.__(`Search configuration`),
+        titleAjaxIndicator: true,
         contents: renderForm(form, req.csrfToken()),
       },
     });

package/routes/tables.js

@@ -828,6 +828,7 @@ router.get(
         {
           type: "card",
           title: req.__("Edit table properties"),
+          titleAjaxIndicator: true,
           contents: renderForm(tblForm, req.csrfToken()),
         },
       ],
@@ -899,20 +900,21 @@ router.post(
         }
       } else rest.ownership_formula = null;
       await table.update(rest);
-      if (!old_versioned && rest.versioned)
-        req.flash(
-          "success",
-          req.__("Table saved with version history enabled")
-        );
-      else if (old_versioned && !rest.versioned)
-        req.flash(
-          "success",
-          req.__("Table saved with version history disabled")
-        );
-      else if (!hasError) req.flash("success", req.__("Table saved"));
 
-      if (!req.xhr) res.redirect(`/table/${id}`);
-      else res.json({ success: "ok", notify });
+      if (!req.xhr) {
+        if (!old_versioned && rest.versioned)
+          req.flash(
+            "success",
+            req.__("Table saved with version history enabled")
+          );
+        else if (old_versioned && !rest.versioned)
+          req.flash(
+            "success",
+            req.__("Table saved with version history disabled")
+          );
+        else if (!hasError) req.flash("success", req.__("Table saved"));
+        res.redirect(`/table/${id}`);
+      } else res.json({ success: "ok", notify });
     }
   })
 );

package/routes/tenant.js

@@ -459,6 +459,7 @@ router.get(
       active_sub: "Multitenancy",
       contents: {
         type: "card",
+        titleAjaxIndicator: true,
         title: req.__("Multitenancy settings"),
         contents: [renderForm(form, req.csrfToken())],
       },

package/routes/utils.js

@@ -76,7 +76,7 @@ const setLanguage = (req, res, state) => {
   } else if (req.cookies?.lang) {
     req.setLocale(req.cookies?.lang);
   }
-  set_custom_http_headers(res, state);
+  set_custom_http_headers(res, req, state);
 };
 
 /**
@@ -85,8 +85,17 @@ const setLanguage = (req, res, state) => {
  * @param {string} state
  * @returns {void}
  */
-const set_custom_http_headers = (res, state) => {
-  const hdrs = (state || getState()).getConfig("custom_http_headers");
+const set_custom_http_headers = (res, req, state) => {
+  const state1 = state || getState();
+  const hdrs = state1.getConfig("custom_http_headers");
+  if (!req.user) {
+    const public_cache_maxage = +state1.getConfig("public_cache_maxage", 0);
+    if (public_cache_maxage)
+      res.header(
+        "Cache-Control",
+        `public, max-age=${public_cache_maxage * 60}`
+      );
+  }
   if (!hdrs) return;
   for (const ln of hdrs.split("\n")) {
     const [k, v] = ln.split(":");

package/routes/view.js

@@ -76,6 +76,8 @@ router.get(
           view.attributes?.popup_width_units || "px"
         }`
       );
+    if (isModal && view.attributes?.popup_save_indicator)
+      res.set("SaltcornModalSaveIndicator", `true`);
     res.sendWrap(
       title,
       add_edit_bar({

package/routes/viewedit.js

@@ -239,6 +239,13 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
           options: ["px", "%", "vw", "em", "rem"],
         },
       },
+      {
+        name: "popup_save_indicator",
+        label: req.__("Save indicator"),
+        type: "Bool",
+        parent_field: "attributes",
+        tab: "Popup settings",
+      },
       ...(isEdit
         ? [
             new Field({
@@ -457,7 +464,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
         type: "breadcrumbs",
         crumbs: [
           { text: req.__("Views"), href: "/viewedit" },
-          { href: `/viewedit/edit/${view.name}`, text: view.name },
+          { href: `/view/${view.name}`, text: view.name },
           { workflow: wf, step: wfres },
         ],
       },
@@ -465,6 +472,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
         type: noCard ? "container" : "card",
         class: !noCard && "mt-0",
         title: wfres.title,
+        titleAjaxIndicator: true,
         contents,
       },
       ...(previewURL
@@ -485,7 +493,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
   if (wfres.renderForm)
     res.sendWrap(
       {
-        title: req.__(`View configuration`),
+        title: req.__(`%s configuration`, view.name),
         headers: [
           {
             script: `/static_assets/${db.connectObj.version_tag}/jquery-menu-editor.min.js`,
@@ -510,7 +518,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
   else if (wfres.renderBuilder) {
     wfres.renderBuilder.options.view_id = view.id;
     res.sendWrap(
-      req.__(`View configuration`),
+      req.__(`%s configuration`, view.name),
       wrap(renderBuilder(wfres.renderBuilder, req.csrfToken()), true)
     );
   } else res.redirect(wfres.redirect);

package/serve.js

@@ -377,7 +377,7 @@ const setupSocket = (...servers) => {
           const view = View.findOne({ name: viewname });
           if (view.viewtemplateObj.authorize_join) {
             view.viewtemplateObj
-              .authorize_join(view.configuration, room_id, socket.request.user)
+              .authorize_join(view, room_id, socket.request.user)
               .then((authorized) => {
                 if (authorized) socket.join(`${ten}_${viewname}_${room_id}`);
               });

package/wrapper.js

@@ -3,6 +3,7 @@
  * @module wrapper
  */
 const { getState } = require("@saltcorn/data/db/state");
+const { get_extra_menu } = require("@saltcorn/data/web-mobile-commons");
 //const db = require("@saltcorn/data/db");
 const { h3, div, small } = require("@saltcorn/markup/tags");
 const { renderForm, link } = require("@saltcorn/markup");
@@ -18,43 +19,6 @@ const getFlashes = (req) =>
       return { type, msg: req.flash(type) };
     })
     .filter((a) => a.msg && a.msg.length && a.msg.length > 0);
-/**
- * Get extra menu
- * @param role
- * @param state
- * @param req
- * @returns {*}
- */
-const get_extra_menu = (role, state, req) => {
-  let cfg = getState().getConfig("unrolled_menu_items", []);
-  if (!cfg || cfg.length === 0) {
-    cfg = getState().getConfig("menu_items", []);
-  }
-  const locale = req.getLocale();
-  const __ = (s) => state.i18n.__({ phrase: s, locale }) || s;
-  const transform = (items) =>
-    items
-      .filter((item) => role <= +item.min_role)
-      .map((item) => ({
-        label: __(item.label),
-        icon: item.icon,
-        location: item.location,
-        style: item.style || "",
-        type: item.type,
-        link:
-          item.type === "Link"
-            ? item.url
-            : item.type === "Action"
-            ? `javascript:ajax_post_json('/menu/runaction/${item.action_name}')`
-            : item.type === "View"
-            ? `/view/${encodeURIComponent(item.viewname)}`
-            : item.type === "Page"
-            ? `/page/${encodeURIComponent(item.pagename)}`
-            : undefined,
-        ...(item.subitems ? { subitems: transform(item.subitems) } : {}),
-      }));
-  return transform(cfg);
-};
 /**
  * Get menu
  * @param req
@@ -67,7 +31,9 @@ const get_menu = (req) => {
 
   const allow_signup = state.getConfig("allow_signup");
   const login_menu = state.getConfig("login_menu");
-  const extra_menu = get_extra_menu(role, state, req);
+  const locale = req.getLocale();
+  const __ = (s) => state.i18n.__({ phrase: s, locale }) || s;
+  const extra_menu = get_extra_menu(role, __);
   const authItems = isAuth
     ? [
         {