@saltcorn/server 0.8.5 → 0.8.6-beta.10

package/routes/fields.js

@@ -83,6 +83,13 @@ const fieldForm = async (req, fkey_opts, existing_names, id, hasData) => {
           if (!s || s === "") return req.__("Missing label");
           if (!id && existing_names.includes(Field.labelToName(s)))
             return req.__("Column %s already exists", s);
+          if (Field.labelToName(s) === "row")
+            return req.__("Not a valid field name");
+          try {
+            new Function(Field.labelToName(s), "return;");
+          } catch {
+            return req.__("Not a valid field name");
+          }
         },
       }),
       // description
@@ -464,14 +471,11 @@ const fieldFlow = (req) =>
       },
       {
         name: req.__("Default"),
-        onlyWhen: async (context) => {
-          if (!context.required || context.id || context.calculated)
-            return false;
+        onlyWhen: async (context) => context.required && !context.calculated,
+
+        form: async (context) => {
           const table = await Table.findOne({ id: context.table_id });
           const nrows = await table.countRows();
-          return nrows > 0;
-        },
-        form: async (context) => {
           const formfield = new Field({
             name: "default",
             label: req.__("Default"),
@@ -484,12 +488,28 @@ const fieldFlow = (req) =>
             },
           });
           await formfield.fill_fkey_options();
-          return new Form({
-            blurb: req.__(
-              "A default value is required when adding required fields to nonempty tables"
-            ),
-            fields: [formfield],
+          const defaultOptional = nrows === 0 || context.id;
+          if (defaultOptional) formfield.showIf = { set_default: true };
+
+          const form = new Form({
+            blurb: defaultOptional
+              ? req.__("Set a default value for missing data")
+              : req.__(
+                  "A default value is required when adding required fields to nonempty tables"
+                ),
+            fields: [
+              ...(defaultOptional
+                ? [{ name: "set_default", label: "Set Default", type: "Bool" }]
+                : []),
+              formfield,
+            ],
           });
+          if (
+            typeof context.default !== "undefined" &&
+            context.default !== null
+          )
+            form.values.set_default = true;
+          return form;
         },
       },
     ],
@@ -717,7 +737,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { tableName, fieldName, fieldview } = req.params;
     const table = await Table.findOne({ name: tableName });
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
 
     const fields = await table.getFields();
     let row = { ...req.body };

package/routes/files.js

@@ -14,7 +14,12 @@ const resizer = require("resize-with-sharp-or-jimp");
 const db = require("@saltcorn/data/db");
 
 const { renderForm } = require("@saltcorn/markup");
-const { isAdmin, error_catcher, setTenant } = require("./utils.js");
+const {
+  isAdmin,
+  error_catcher,
+  setTenant,
+  is_relative_url,
+} = require("./utils.js");
 const { h1, div, text } = require("@saltcorn/markup/tags");
 const { editRoleForm, fileUploadForm } = require("../markup/forms.js");
 const { strictParseInt } = require("@saltcorn/data/plugin-helper");
@@ -125,7 +130,7 @@ router.get(
 router.get(
   "/download/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     const file = await File.findOne(serve_path);
@@ -150,7 +155,7 @@ router.post(
   isAdmin,
 
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const files = req.body.files;
     const location = req.body.location;
@@ -184,7 +189,7 @@ router.post(
 router.get(
   "/serve/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     //let file;
@@ -196,7 +201,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       if (file.s3_store) s3storage.serveObject(file, res, false);
       else res.sendFile(file.location);
@@ -223,7 +228,7 @@ router.get(
 router.get(
   "/resize/:width_str/:height_str/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const { width_str, height_str } = req.params;
     const serve_path = req.params[0];
@@ -235,7 +240,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       //TODO s3
       if (file.s3_store) s3storage.serveObject(file, res, false);
@@ -381,7 +386,7 @@ router.post(
     let { folder } = req.body;
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     let file_for_redirect;
     if (role > +min_role_upload) {
       if (!req.xhr) req.flash("warning", req.__("Not authorized"));
@@ -441,6 +446,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const serve_path = req.params[0];
+    const { redirect } = req.query;
     const f = await File.findOne(serve_path);
     if (!f) {
       req.flash("error", "File not found");
@@ -460,7 +466,12 @@ router.post(
       }
       req.flash("error", result.error);
     }
-    res.redirect(`/files?dir=${encodeURIComponent(f.current_folder)}`);
+    if (!req.xhr)
+      res.redirect(
+        (is_relative_url(redirect) && redirect) ||
+          `/files?dir=${encodeURIComponent(f.current_folder)}`
+      );
+    else res.json({ success: true });
   })
 );
 

package/routes/homepage.js

@@ -426,7 +426,7 @@ const welcome_page = async (req) => {
  * @returns {Promise<void>}
  */
 const no_views_logged_in = async (req, res) => {
-  const role = req.user && req.user.id ? req.user.role_id : 10;
+  const role = req.user && req.user.id ? req.user.role_id : 100;
   if (role > 1 || req.user.tenant !== db.getTenantSchema())
     res.sendWrap(req.__("Hello"), req.__("Welcome to Saltcorn!"));
   else {
@@ -463,7 +463,7 @@ const no_views_logged_in = async (req, res) => {
 const get_config_response = async (role_id, res, req) => {
   const modernCfg = getState().getConfig("home_page_by_role", false);
   // predefined roles
-  const legacy_role = { 10: "public", 8: "user", 4: "staff", 1: "admin" }[
+  const legacy_role = { 100: "public", 80: "user", 40: "staff", 1: "admin" }[
     role_id
   ];
   let homeCfg = modernCfg && modernCfg[role_id];
@@ -497,7 +497,7 @@ module.exports =
    */
   async (req, res) => {
     const isAuth = req.user && req.user.id;
-    const role_id = req.user ? req.user.role_id : 10;
+    const role_id = req.user ? req.user.role_id : 100;
     const cfgResp = await get_config_response(role_id, res, req);
     if (cfgResp) return;
 

package/routes/index.js

@@ -1,44 +1,5 @@
 /**
  * Index is Main Router of App
- * @category server
- * @module routes/index
- * @subcategory routes
- */
-
-/**
- * All files in the routes module.
- * @namespace routes_overview
- * @property {module:routes/actions} actions
- * @property {module:routes/admin} admin
- * @property {module:routes/api} api
- * @property {module:routes/config} config
- * @property {module:routes/crashlog} crashlog
- * @property {module:routes/delete} delete
- * @property {module:routes/edit} edit
- * @property {module:routes/eventlog} eventlog
- * @property {module:routes/events} events
- * @property {module:routes/fields} fields
- * @property {module:routes/files} files
- * @property {module:routes/homepage} homepage
- * @property {module:routes/infoarch} infoarch
- * @property {module:routes/library} library
- * @property {module:routes/list} list
- * @property {module:routes/menu} menu
- * @property {module:routes/packs} packs
- * @property {module:routes/page} page
- * @property {module:routes/pageedit} pageedit
- * @property {module:routes/plugins} plugins
- * @property {module:routes/scapi} scapi
- * @property {module:routes/search} search
- * @property {module:routes/settings} settings
- * @property {module:routes/tables} tables
- * @property {module:routes/tenant} tenant
- * @property {module:routes/utils} utils
- * @property {module:routes/view} view
- * @property {module:routes/viewedit} viewedit
- *
- * @category server
- * @subcategory routes
  */
 
 const table = require("./tables");
@@ -71,7 +32,8 @@ const useradmin = require("../auth/admin");
 const roleadmin = require("../auth/roleadmin");
 const tags = require("./tags");
 const tagentries = require("./tag_entries");
-const dataDiagram = require("./diagram");
+const diagram = require("./diagram");
+const sync = require("./sync");
 
 module.exports =
   /**
@@ -109,5 +71,6 @@ module.exports =
     app.use("/roleadmin", roleadmin);
     app.use("/tag", tags);
     app.use("/tag-entries", tagentries);
-    app.use("/diagram", dataDiagram);
+    app.use("/diagram", diagram);
+    app.use("/sync", sync);
   };

package/routes/menu.js

@@ -454,7 +454,7 @@ router.post(
   "/runaction/:name",
   error_catcher(async (req, res) => {
     const { name } = req.params;
-    const role = (req.user || {}).role_id || 10;
+    const role = (req.user || {}).role_id || 100;
     const state = getState();
     const menu_items = state.getConfig("menu_items");
     let menu_item;

package/routes/page.js

@@ -42,7 +42,7 @@ router.get(
     state.log(3, `Route /page/${pagename} user=${req.user?.id}`);
     const tic = state.logLevel >= 5 ? new Date() : null;
 
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       const contents = await db_page.run(req.query, { res, req });
@@ -104,7 +104,7 @@ router.post(
   "/:pagename/action/:rndid",
   error_catcher(async (req, res) => {
     const { pagename, rndid } = req.params;
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       let col;

package/routes/pageedit.js

@@ -387,7 +387,7 @@ router.get(
   isAdmin,
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
-    const page = await Page.findOne({ name: pagename });
+    const [page] = await Page.find({ name: pagename });
     if (!page) {
       req.flash("error", req.__(`Page %s not found`, pagename));
       res.redirect(`/pageedit`);
@@ -506,7 +506,7 @@ router.post(
     const valres = form.validate(req.body);
     if (valres.success) {
       const home_page_by_role =
-        getState().getConfigCopy("home_page_by_role", []) || [];
+        getState().getConfigCopy("home_page_by_role", {}) || {};
       for (const role of roles) {
         home_page_by_role[role.id] = valres.success[role.role];
       }

package/routes/scapi.js

@@ -49,7 +49,7 @@ function accessAllowedRead(req, user) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   if (role === 1) return true;
   return false;

package/routes/search.js

@@ -165,7 +165,7 @@ const searchForm = () =>
  * @returns {Promise<void>}
  */
 const runSearch = async ({ q, _page, table }, req, res) => {
-  const role = (req.user || {}).role_id || 10;
+  const role = (req.user || {}).role_id || 100;
   // globalSearch contains list of pairs: table, view
   const cfg = getState().getConfig("globalSearch");
   const page_size = getState().getConfig("search_page_size");
@@ -269,10 +269,9 @@ const runSearch = async ({ q, _page, table }, req, res) => {
 router.get(
   "/",
   error_catcher(async (req, res) => {
-
     const min_role = getState().getConfig("min_role_search");
-    const role = (req.user || {}).role_id || 10;
-    if(role>min_role){
+    const role = (req.user || {}).role_id || 100;
+    if (role > min_role) {
       res.redirect("/"); // silent redirect to home page
       return;
     }
@@ -283,7 +282,7 @@ router.get(
       const cfg = getState().getConfig("globalSearch");
 
       if (!cfg) {
-        const role = (req.user || {}).role_id || 10;
+        const role = (req.user || {}).role_id || 100;
 
         req.flash("warning", req.__("Search not configured"));
         res.redirect(role === 1 ? "/search/config" : "/");

package/routes/sync.js

@@ -0,0 +1,84 @@
+const { error_catcher } = require("./utils.js");
+const Router = require("express-promise-router");
+const db = require("@saltcorn/data/db");
+const { getState } = require("@saltcorn/data/db/state");
+const Table = require("@saltcorn/data/models/table");
+
+const router = new Router();
+module.exports = router;
+
+const pickFields = (table, row) => {
+  const result = {};
+  for (const { name, type } of table.getFields()) {
+    if (name === "id") continue;
+    if (type?.name === "Date") {
+      result[name] = row[name] ? new Date(row[name]) : undefined;
+    } else {
+      result[name] = row[name];
+    }
+  }
+  return result;
+};
+
+const allowInsert = (table, user) => {
+  const role = user?.role_id || 100;
+  return table.min_role_write >= role;
+};
+
+const throwWithCode = (message, code) => {
+  const err = new Error(message);
+  err.statusCode = code;
+  throw err;
+};
+
+/**
+ * insert the offline data uploaded by the mobile-app
+ */
+router.post(
+  "/table_data",
+  error_catcher(async (req, res) => {
+    // TODO sqlite
+    getState().log(
+      4,
+      `POST /sync/table_data user: '${req.user ? req.user.id : "public"}'`
+    );
+    let aborted = false;
+    req.socket.on("close", () => {
+      aborted = true;
+    });
+    req.socket.on("timeout", () => {
+      aborted = true;
+    });
+    const client = db.isSQLite ? db : await db.getClient();
+    try {
+      await client.query("BEGIN");
+      await client.query("SET CONSTRAINTS ALL DEFERRED");
+      for (const [tblName, offlineRows] of Object.entries(req.body.data) ||
+        []) {
+        const table = Table.findOne({ name: tblName });
+        if (!table) throw new Error(`The table '${tblName}' does not exist.`);
+        if (!allowInsert(table, req.user))
+          throwWithCode(req.__("Not authorized"), 401);
+        if (tblName !== "users") {
+          for (const newRow of offlineRows.map((row) =>
+            pickFields(table, row)
+          )) {
+            if (aborted) throw new Error("connection closed by client");
+            await db.insert(table.name, newRow, { client: client });
+          }
+        }
+      }
+      if (aborted) throw new Error("connection closed by client");
+      await client.query("COMMIT");
+      res.json({ success: true });
+    } catch (error) {
+      await client.query("ROLLBACK");
+      getState().log(2, `POST /sync/table_data error: '${error.message}'`);
+      res
+        .status(error.statusCode || 400)
+        .json({ error: error.message || error });
+    } finally {
+      if (!db.isSQLite) await client.release(true);
+    }
+  })
+);

package/routes/tables.js

@@ -17,6 +17,7 @@ const {
   link,
   settingsDropdown,
   post_delete_btn,
+  post_btn,
   post_dropdown_item,
 } = require("@saltcorn/markup");
 const {
@@ -52,7 +53,9 @@ const { getState } = require("@saltcorn/data/db/state");
 const { cardHeaderTabs } = require("@saltcorn/markup/layout_utils");
 const { tablesList } = require("./common_lists");
 const { InvalidConfiguration } = require("@saltcorn/data/utils");
+const { sleep } = require("@saltcorn/data/utils");
 
+const path = require("path");
 /**
  * @type {object}
  * @const
@@ -538,11 +541,7 @@ const attribBadges = (f) => {
   let s = "";
   if (f.attributes) {
     Object.entries(f.attributes).forEach(([k, v]) => {
-      if (
-        ["summary_field", "default", "on_delete_cascade", "on_delete"].includes(
-          k
-        )
-      )
+      if (["summary_field", "on_delete_cascade", "on_delete"].includes(k))
         return;
       if (v || v === 0) s += badge("secondary", k);
     });
@@ -912,10 +911,12 @@ router.post(
         rest.provider_name !== "Database table"
       ) {
         const table = await Table.create(name, rest);
+        await sleep(500); // Allow other workers to load this view
         res.redirect(`/table/provider-cfg/${table.id}`);
       } else {
         delete rest.provider_name;
         const table = await Table.create(name, rest);
+        await sleep(500); // Allow other workers to load this view
         req.flash("success", req.__(`Table %s created`, name));
         res.redirect(`/table/${table.id}`);
       }
@@ -1463,6 +1464,89 @@ router.post(
   })
 );
 
+const previewCSV = async ({ newPath, table, req, res, full }) => {
+  let parse_res;
+  try {
+    parse_res = await table.import_csv_file(newPath, {
+      recalc_stored: true,
+      no_table_write: true,
+    });
+  } catch (e) {
+    parse_res = { error: e.message };
+  }
+  if (parse_res.error) {
+    if (parse_res.error) req.flash("error", parse_res.error);
+    await fs.unlink(newPath);
+    res.redirect(`/table/${table.id}`);
+  } else {
+    const rows = parse_res.rows || [];
+    res.sendWrap(req.__(`Import table %s`, table.name), {
+      above: [
+        {
+          type: "breadcrumbs",
+          crumbs: [
+            { text: req.__("Tables"), href: "/table" },
+            { href: `/table/${table.id}`, text: table.name },
+            {
+              text: req.__("Import CSV"),
+            },
+          ],
+        },
+        {
+          type: "card",
+          title: req.__(`Import CSV`),
+          contents: div(
+            {
+              "data-csv-filename": path.basename(newPath),
+            },
+            p(parse_res.success),
+            post_btn(
+              `/files/delete/${path.basename(newPath)}?redirect=/table/${
+                table.id
+              }}`,
+              "Cancel",
+              req.csrfToken(),
+              {
+                btnClass: "btn-danger",
+                formClass: "d-inline me-2",
+                icon: "fa fa-times",
+              }
+            ),
+            post_btn(
+              `/table/finish_upload_to_table/${table.name}/${path.basename(
+                newPath
+              )}`,
+              "Proceed",
+              req.csrfToken(),
+              { icon: "fa fa-check", formClass: "d-inline" }
+            )
+          ),
+        },
+        {
+          type: "card",
+          title: req.__(`Preview`),
+          contents: div(
+            mkTable(
+              table.fields.map((f) => ({ label: f.name, key: f.name })),
+              full ? rows : rows.slice(0, 10)
+            ),
+            !full &&
+              rows.length > 10 &&
+              a(
+                {
+                  href: `/table/preview_full_csv_file/${
+                    table.name
+                  }/${path.basename(newPath)}`,
+                },
+                `See all ${rows.length} rows`
+              )
+          ),
+        },
+      ],
+    });
+  }
+};
+
 /**
  * Import Table Data from CSV POST handler
  * @name post/upload_to_table/:name,
@@ -1486,15 +1570,39 @@ router.post(
     const newPath = File.get_new_path();
     await req.files.file.mv(newPath);
     //console.log(req.files.file.data)
+    await previewCSV({ newPath, table, res, req });
+  })
+);
+
+router.get(
+  "/preview_full_csv_file/:name/:filename",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { name, filename } = req.params;
+    const table = await Table.findOne({ name });
+    const f = await File.findOne(filename);
+    await previewCSV({ newPath: f.location, table, res, req, full: true });
+  })
+);
+
+router.post(
+  "/finish_upload_to_table/:name/:filename",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { name, filename } = req.params;
+    const table = await Table.findOne({ name });
+    const f = await File.findOne(filename);
+
     try {
-      const parse_res = await table.import_csv_file(newPath, true);
+      const parse_res = await table.import_csv_file(f.location, {
+        recalc_stored: true,
+      });
       if (parse_res.error) req.flash("error", parse_res.error);
       else req.flash("success", parse_res.success);
     } catch (e) {
       req.flash("error", e.message);
     }
-
-    await fs.unlink(newPath);
+    await fs.unlink(f.location);
     res.redirect(`/table/${table.id}`);
   })
 );