@saltcorn/server 0.8.6-beta.1 → 0.8.6-beta.11

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.6-beta.1",
+  "version": "0.8.6-beta.11",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.6-beta.1",
-    "@saltcorn/builder": "0.8.6-beta.1",
-    "@saltcorn/data": "0.8.6-beta.1",
-    "@saltcorn/admin-models": "0.8.6-beta.1",
-    "@saltcorn/filemanager": "0.8.6-beta.1",
-    "@saltcorn/markup": "0.8.6-beta.1",
-    "@saltcorn/sbadmin2": "0.8.6-beta.1",
+    "@saltcorn/base-plugin": "0.8.6-beta.11",
+    "@saltcorn/builder": "0.8.6-beta.11",
+    "@saltcorn/data": "0.8.6-beta.11",
+    "@saltcorn/admin-models": "0.8.6-beta.11",
+    "@saltcorn/filemanager": "0.8.6-beta.11",
+    "@saltcorn/markup": "0.8.6-beta.11",
+    "@saltcorn/sbadmin2": "0.8.6-beta.11",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/dayjs.min.js

@@ -0,0 +1 @@
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).dayjs=e()}(this,(function(){"use strict";var t=1e3,e=6e4,n=36e5,r="millisecond",i="second",s="minute",u="hour",a="day",o="week",f="month",h="quarter",c="year",d="date",l="Invalid Date",$=/^(\d{4})[-/]?(\d{1,2})?[-/]?(\d{0,2})[Tt\s]*(\d{1,2})?:?(\d{1,2})?:?(\d{1,2})?[.:]?(\d+)?$/,y=/\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g,M={name:"en",weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),ordinal:function(t){var e=["th","st","nd","rd"],n=t%100;return"["+t+(e[(n-20)%10]||e[n]||e[0])+"]"}},m=function(t,e,n){var r=String(t);return!r||r.length>=e?t:""+Array(e+1-r.length).join(n)+t},v={s:m,z:function(t){var e=-t.utcOffset(),n=Math.abs(e),r=Math.floor(n/60),i=n%60;return(e<=0?"+":"-")+m(r,2,"0")+":"+m(i,2,"0")},m:function t(e,n){if(e.date()<n.date())return-t(n,e);var r=12*(n.year()-e.year())+(n.month()-e.month()),i=e.clone().add(r,f),s=n-i<0,u=e.clone().add(r+(s?-1:1),f);return+(-(r+(n-i)/(s?i-u:u-i))||0)},a:function(t){return t<0?Math.ceil(t)||0:Math.floor(t)},p:function(t){return{M:f,y:c,w:o,d:a,D:d,h:u,m:s,s:i,ms:r,Q:h}[t]||String(t||"").toLowerCase().replace(/s$/,"")},u:function(t){return void 0===t}},g="en",D={};D[g]=M;var p=function(t){return t instanceof _},S=function t(e,n,r){var i;if(!e)return g;if("string"==typeof e){var s=e.toLowerCase();D[s]&&(i=s),n&&(D[s]=n,i=s);var u=e.split("-");if(!i&&u.length>1)return t(u[0])}else{var a=e.name;D[a]=e,i=a}return!r&&i&&(g=i),i||!r&&g},w=function(t,e){if(p(t))return t.clone();var n="object"==typeof e?e:{};return n.date=t,n.args=arguments,new _(n)},O=v;O.l=S,O.i=p,O.w=function(t,e){return w(t,{locale:e.$L,utc:e.$u,x:e.$x,$offset:e.$offset})};var _=function(){function M(t){this.$L=S(t.locale,null,!0),this.parse(t)}var m=M.prototype;return m.parse=function(t){this.$d=function(t){var e=t.date,n=t.utc;if(null===e)return new Date(NaN);if(O.u(e))return new Date;if(e instanceof Date)return new Date(e);if("string"==typeof e&&!/Z$/i.test(e)){var r=e.match($);if(r){var i=r[2]-1||0,s=(r[7]||"0").substring(0,3);return n?new Date(Date.UTC(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)):new Date(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)}}return new Date(e)}(t),this.$x=t.x||{},this.init()},m.init=function(){var t=this.$d;this.$y=t.getFullYear(),this.$M=t.getMonth(),this.$D=t.getDate(),this.$W=t.getDay(),this.$H=t.getHours(),this.$m=t.getMinutes(),this.$s=t.getSeconds(),this.$ms=t.getMilliseconds()},m.$utils=function(){return O},m.isValid=function(){return!(this.$d.toString()===l)},m.isSame=function(t,e){var n=w(t);return this.startOf(e)<=n&&n<=this.endOf(e)},m.isAfter=function(t,e){return w(t)<this.startOf(e)},m.isBefore=function(t,e){return this.endOf(e)<w(t)},m.$g=function(t,e,n){return O.u(t)?this[e]:this.set(n,t)},m.unix=function(){return Math.floor(this.valueOf()/1e3)},m.valueOf=function(){return this.$d.getTime()},m.startOf=function(t,e){var n=this,r=!!O.u(e)||e,h=O.p(t),l=function(t,e){var i=O.w(n.$u?Date.UTC(n.$y,e,t):new Date(n.$y,e,t),n);return r?i:i.endOf(a)},$=function(t,e){return O.w(n.toDate()[t].apply(n.toDate("s"),(r?[0,0,0,0]:[23,59,59,999]).slice(e)),n)},y=this.$W,M=this.$M,m=this.$D,v="set"+(this.$u?"UTC":"");switch(h){case c:return r?l(1,0):l(31,11);case f:return r?l(1,M):l(0,M+1);case o:var g=this.$locale().weekStart||0,D=(y<g?y+7:y)-g;return l(r?m-D:m+(6-D),M);case a:case d:return $(v+"Hours",0);case u:return $(v+"Minutes",1);case s:return $(v+"Seconds",2);case i:return $(v+"Milliseconds",3);default:return this.clone()}},m.endOf=function(t){return this.startOf(t,!1)},m.$set=function(t,e){var n,o=O.p(t),h="set"+(this.$u?"UTC":""),l=(n={},n[a]=h+"Date",n[d]=h+"Date",n[f]=h+"Month",n[c]=h+"FullYear",n[u]=h+"Hours",n[s]=h+"Minutes",n[i]=h+"Seconds",n[r]=h+"Milliseconds",n)[o],$=o===a?this.$D+(e-this.$W):e;if(o===f||o===c){var y=this.clone().set(d,1);y.$d[l]($),y.init(),this.$d=y.set(d,Math.min(this.$D,y.daysInMonth())).$d}else l&&this.$d[l]($);return this.init(),this},m.set=function(t,e){return this.clone().$set(t,e)},m.get=function(t){return this[O.p(t)]()},m.add=function(r,h){var d,l=this;r=Number(r);var $=O.p(h),y=function(t){var e=w(l);return O.w(e.date(e.date()+Math.round(t*r)),l)};if($===f)return this.set(f,this.$M+r);if($===c)return this.set(c,this.$y+r);if($===a)return y(1);if($===o)return y(7);var M=(d={},d[s]=e,d[u]=n,d[i]=t,d)[$]||1,m=this.$d.getTime()+r*M;return O.w(m,this)},m.subtract=function(t,e){return this.add(-1*t,e)},m.format=function(t){var e=this,n=this.$locale();if(!this.isValid())return n.invalidDate||l;var r=t||"YYYY-MM-DDTHH:mm:ssZ",i=O.z(this),s=this.$H,u=this.$m,a=this.$M,o=n.weekdays,f=n.months,h=function(t,n,i,s){return t&&(t[n]||t(e,r))||i[n].slice(0,s)},c=function(t){return O.s(s%12||12,t,"0")},d=n.meridiem||function(t,e,n){var r=t<12?"AM":"PM";return n?r.toLowerCase():r},$={YY:String(this.$y).slice(-2),YYYY:this.$y,M:a+1,MM:O.s(a+1,2,"0"),MMM:h(n.monthsShort,a,f,3),MMMM:h(f,a),D:this.$D,DD:O.s(this.$D,2,"0"),d:String(this.$W),dd:h(n.weekdaysMin,this.$W,o,2),ddd:h(n.weekdaysShort,this.$W,o,3),dddd:o[this.$W],H:String(s),HH:O.s(s,2,"0"),h:c(1),hh:c(2),a:d(s,u,!0),A:d(s,u,!1),m:String(u),mm:O.s(u,2,"0"),s:String(this.$s),ss:O.s(this.$s,2,"0"),SSS:O.s(this.$ms,3,"0"),Z:i};return r.replace(y,(function(t,e){return e||$[t]||i.replace(":","")}))},m.utcOffset=function(){return 15*-Math.round(this.$d.getTimezoneOffset()/15)},m.diff=function(r,d,l){var $,y=O.p(d),M=w(r),m=(M.utcOffset()-this.utcOffset())*e,v=this-M,g=O.m(this,M);return g=($={},$[c]=g/12,$[f]=g,$[h]=g/3,$[o]=(v-m)/6048e5,$[a]=(v-m)/864e5,$[u]=v/n,$[s]=v/e,$[i]=v/t,$)[y]||v,l?g:O.a(g)},m.daysInMonth=function(){return this.endOf(f).$D},m.$locale=function(){return D[this.$L]},m.locale=function(t,e){if(!t)return this.$L;var n=this.clone(),r=S(t,e,!0);return r&&(n.$L=r),n},m.clone=function(){return O.w(this.$d,this)},m.toDate=function(){return new Date(this.valueOf())},m.toJSON=function(){return this.isValid()?this.toISOString():null},m.toISOString=function(){return this.$d.toISOString()},m.toString=function(){return this.$d.toUTCString()},M}(),T=_.prototype;return w.prototype=T,[["$ms",r],["$s",i],["$m",s],["$H",u],["$W",a],["$M",f],["$y",c],["$D",d]].forEach((function(t){T[t[1]]=function(e){return this.$g(e,t[0],t[1])}})),w.extend=function(t,e){return t.$i||(t(e,_,w),t.$i=!0),w},w.locale=S,w.isDayjs=p,w.unix=function(t){return w(1e3*t)},w.en=D[g],w.Ls=D,w.p={},w}));

package/public/saltcorn-common.js

@@ -257,6 +257,42 @@ function apply_showif() {
       },
     });
   });
+  const locale =
+    navigator.userLanguage ||
+    (navigator.languages &&
+      navigator.languages.length &&
+      navigator.languages[0]) ||
+    navigator.language ||
+    navigator.browserLanguage ||
+    navigator.systemLanguage ||
+    "en";
+  window.detected_locale = locale;
+  const parse = (s) => JSON.parse(decodeURIComponent(s));
+  $("time[locale-time-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-time-options"));
+    el.text(date.toLocaleTimeString(locale, options));
+  });
+  $("time[locale-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-options"));
+    el.text(date.toLocaleString(locale, options));
+  });
+  $("time[locale-date-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-date-options"));
+    el.text(date.toLocaleDateString(locale, options));
+  });
+  $("time[locale-date-format]").each(function () {
+    var el = $(this);
+    var date = el.attr("datetime");
+    const format = parse(el.attr("locale-date-format"));
+    el.text(dayjs(date).format(format));
+  });
+
   _apply_showif_plugins.forEach((p) => p());
 }
 
@@ -399,6 +435,7 @@ function reload_on_init() {
   localStorage.setItem("reload_on_init", true);
 }
 function initialize_page() {
+  const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   //console.log("init page");
   $(".blur-on-enter-keypress").bind("keyup", function (e) {
     if (e.keyCode === 13) e.target.blur();
@@ -444,7 +481,9 @@ function initialize_page() {
     if ($(this).find(".editicon").length === 0) {
       var current = $(this).html();
       $(this).html(
-        `<span class="current">${current}</span><i class="editicon fas fa-edit ms-1"></i>`
+        `<span class="current">${current}</span><i class="editicon ${
+          !isNode ? "visible" : ""
+        } fas fa-edit ms-1"></i>`
       );
     }
   });
@@ -510,12 +549,20 @@ function initialize_page() {
     } else
       $(this).replaceWith(
         `<form method="post" action="${url}" ${
-          ajax ? `onsubmit="inline_ajax_submit(event, '${opts}')"` : ""
+          ajax
+            ? `onsubmit="inline_${
+                isNode ? "ajax" : "local"
+              }_submit(event, '${opts}')"`
+            : ""
         }>
-      <input type="hidden" name="_csrf" value="${_sc_globalCsrf}">
-      <input type="${
-        type === "Integer" || type === "Float" ? "number" : "text"
-      }" name="${key}" value="${escapeHtml(current)}">
+        ${
+          isNode
+            ? `<input type="hidden" name="_csrf" value="${_sc_globalCsrf}"></input>`
+            : ""
+        }
+        <input type="${
+          type === "Integer" || type === "Float" ? "number" : "text"
+        }" name="${key}" value="${escapeHtml(current)}">
       <button type="submit" class="btn btn-sm btn-primary">OK</button>
       <button onclick="cancel_inline_edit(event, '${opts}')" type="button" class="btn btn-sm btn-danger"><i class="fas fa-times"></i></button>
       </form>`
@@ -568,35 +615,7 @@ function initialize_page() {
         });
       }, 100);
     });
-  const locale =
-    navigator.userLanguage ||
-    (navigator.languages &&
-      navigator.languages.length &&
-      navigator.languages[0]) ||
-    navigator.language ||
-    navigator.browserLanguage ||
-    navigator.systemLanguage ||
-    "en";
-  window.detected_locale = locale;
-  const parse = (s) => JSON.parse(decodeURIComponent(s));
-  $("time[locale-time-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-time-options"));
-    el.text(date.toLocaleTimeString(locale, options));
-  });
-  $("time[locale-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-options"));
-    el.text(date.toLocaleString(locale, options));
-  });
-  $("time[locale-date-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-date-options"));
-    el.text(date.toLocaleDateString(locale, options));
-  });
+
   if ($.fn.historyTabs && $.fn.tab)
     $('a[data-bs-toggle="tab"].deeplink').historyTabs();
   init_bs5_dropdowns();
@@ -633,6 +652,7 @@ function initialize_page() {
 $(initialize_page);
 
 function cancel_inline_edit(e, opts1) {
+  const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   var form = $(e.target).closest("form");
   var json_fk_opt;
@@ -660,17 +680,47 @@ function cancel_inline_edit(e, opts1) {
     <span class="current">${
       json_fk_opt || opts.current_label || opts.current
     }</span>
-    <i class="editicon fas fa-edit ms-1"></i>
+    <i class="editicon ${!isNode ? "visible" : ""} fas fa-edit ms-1"></i>
   </div>`);
   initialize_page();
 }
 
+function inline_submit_success(e, form, opts) {
+  const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
+  const formDataArray = form.serializeArray();
+  if (opts) {
+    let rawVal = formDataArray.find((f) => f.name == opts.key).value;
+    let val =
+      opts.is_key || (opts.schema && opts.schema.type.startsWith("Key to "))
+        ? form.find("select").find("option:selected").text()
+        : rawVal;
+
+    $(e.target).replaceWith(`<div 
+  data-inline-edit-field="${opts.key}" 
+  ${opts.ajax ? `data-inline-edit-ajax="true"` : ""}
+  ${opts.type ? `data-inline-edit-type="${opts.type}"` : ""}
+  ${opts.current ? `data-inline-edit-current="${rawVal}"` : ""}
+  ${
+    opts.schema
+      ? `data-inline-edit-schema="${encodeURIComponent(
+          JSON.stringify(opts.schema)
+        )}"`
+      : ""
+  }
+  ${opts.current_label ? `data-inline-edit-current-label="${val}"` : ""}
+  data-inline-edit-dest-url="${opts.url}">
+    <span class="current">${val}</span>
+    <i class="editicon ${!isNode ? "visible" : ""} fas fa-edit ms-1"></i>
+  </div>`);
+    initialize_page();
+  } else location.reload();
+}
+
 function inline_ajax_submit(e, opts1) {
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   e.preventDefault();
   var form = $(e.target).closest("form");
   var form_data = form.serialize();
-  var formDataArray = form.serializeArray();
   var url = form.attr("action");
   $.ajax(url, {
     type: "POST",
@@ -679,32 +729,7 @@ function inline_ajax_submit(e, opts1) {
     },
     data: form_data,
     success: function (res) {
-      if (opts) {
-        let rawVal = formDataArray.find((f) => f.name == opts.key).value;
-        let val =
-          opts.is_key || (opts.schema && opts.schema.type.startsWith("Key to "))
-            ? form.find("select").find("option:selected").text()
-            : rawVal;
-
-        $(e.target).replaceWith(`<div 
-      data-inline-edit-field="${opts.key}" 
-      ${opts.ajax ? `data-inline-edit-ajax="true"` : ""}
-      ${opts.type ? `data-inline-edit-type="${opts.type}"` : ""}
-      ${opts.current ? `data-inline-edit-current="${rawVal}"` : ""}
-      ${
-        opts.schema
-          ? `data-inline-edit-schema="${encodeURIComponent(
-              JSON.stringify(opts.schema)
-            )}"`
-          : ""
-      }
-      ${opts.current_label ? `data-inline-edit-current-label="${val}"` : ""}
-      data-inline-edit-dest-url="${opts.url}">
-        <span class="current">${val}</span>
-        <i class="editicon fas fa-edit ms-1"></i>
-      </div>`);
-        initialize_page();
-      } else location.reload();
+      inline_submit_success(e, form, opts);
     },
     error: function (e) {
       ajax_done(
@@ -1006,12 +1031,15 @@ function room_older(viewname, room_id, btn) {
 }
 
 function init_room(viewname, room_id) {
-  const socket = parent?.config?.server_path
-    ? io(parent.config.server_path, {
-        query: `jwt=${localStorage.getItem("auth_jwt")}`,
-        transports: ["websocket"],
-      })
-    : io({ transports: ["websocket"] });
+  let socket = null;
+  if (parent?.saltcorn?.data?.state) {
+    const { server_path, jwt } =
+      parent.saltcorn.data.state.getState().mobileConfig;
+    socket = io(server_path, {
+      query: `jwt=${jwt}`,
+      transports: ["websocket"],
+    });
+  } else socket = io({ transports: ["websocket"] });
 
   socket.emit("join_room", [viewname, room_id]);
   socket.on("message", (msg) => {

package/public/saltcorn.css

@@ -402,3 +402,20 @@ table.table-inner-grid td {
 div.unread-notify {
   border-left: 4px solid green;
 }
+
+.mobile-data-inline-edit {
+  position: relative;
+}
+
+.mobile-data-inline-edit::after {
+  content: "";
+  position: absolute;
+  top: -25%;
+  left: 0%;
+  width: 100%;
+  height: 150%;
+}
+
+.mt-6 {
+  margin-top: 5rem;
+}

package/public/saltcorn.js

@@ -79,7 +79,7 @@ function set_state_field(key, value) {
 function check_state_field(that) {
   const checked = that.checked;
   const name = that.name;
-  const value = that.value;
+  const value = encodeURIComponent(that.value);
   var separator = window.location.href.indexOf("?") !== -1 ? "&" : "?";
   let dest;
   if (checked) dest = get_current_state_url() + `${separator}${name}=${value}`;
@@ -599,11 +599,11 @@ function poll_mobile_build_finished(outDirName, pollCount, orginalBtnHtml) {
     data: { build_dir: outDirName },
     success: function (res) {
       if (!res.finished) {
-        if (pollCount >= 50) {
+        if (pollCount >= 100) {
           removeSpinner("buildMobileAppBtnId", orginalBtnHtml);
           notifyAlert({
             type: "danger",
-            text: "unable to get the build results",
+            text: "Unable to get the build results",
           });
         } else {
           setTimeout(() => {

package/routes/admin.js

@@ -990,6 +990,9 @@ router.post(
       child.stdout.on("data", (data) => {
         res.write(data);
       });
+      child.stderr?.on("data", (data) => {
+        res.write(data);
+      });
       child.on("exit", function (code, signal) {
         res.end(
           req.__(
@@ -1564,6 +1567,27 @@ router.get(
                         placeholder: getState().getConfig("base_url") || "",
                       })
                     )
+                  ),
+                  div(
+                    // TODO only for some tables?
+                    { class: "row pb-2" },
+                    div(
+                      { class: "col-sm-4" },
+                      input({
+                        type: "checkbox",
+                        id: "offlineModeBoxId",
+                        class: "form-check-input me-2",
+                        name: "allowOfflineMode",
+                        checked: true,
+                      }),
+                      label(
+                        {
+                          for: "offlineModeBoxId",
+                          class: "form-label",
+                        },
+                        req.__("Allow offline mode")
+                      )
+                    )
                   )
                 ),
                 button(
@@ -1664,6 +1688,7 @@ router.post(
       useDocker,
       appFile,
       serverURL,
+      allowOfflineMode,
     } = req.body;
     if (!androidPlatform && !iOSPlatform) {
       return res.json({
@@ -1711,6 +1736,7 @@ router.post(
     }
     if (appFile) spawnParams.push("-a", appFile);
     if (serverURL) spawnParams.push("-s", serverURL);
+    if (allowOfflineMode) spawnParams.push("--allowOfflineMode");
     if (
       db.is_it_multi_tenant() &&
       db.getTenantSchema() !== db.connectObj.default_schema

package/routes/api.js

@@ -2,7 +2,7 @@
  * Table Data API handler
  * Allows to manipulate with saltcorn tables data.
  *
- * Attention! Currently you cannot insert / update users table via this api
+ * Attention! Currently, you cannot insert / update users table via this api
  * because users table has specific meaning in SC and
  * not all required (mandatory) fields of user available via this api.
  * For now this is platform limitation.
@@ -19,6 +19,7 @@ const Router = require("express-promise-router");
 const { error_catcher } = require("./utils.js");
 //const { mkTable, renderForm, link, post_btn } = require("@saltcorn/markup");
 const { getState } = require("@saltcorn/data/db/state");
+const { prepare_update_row } = require("@saltcorn/data/web-mobile-commons");
 const Table = require("@saltcorn/data/models/table");
 const View = require("@saltcorn/data/models/view");
 //const Field = require("@saltcorn/data/models/field");
@@ -73,7 +74,7 @@ function accessAllowedRead(req, user, table, allow_ownership) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return (
     role <= table.min_role_read ||
@@ -96,7 +97,7 @@ function accessAllowedWrite(req, user, table) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return (
     role <= table.min_role_write ||
@@ -117,7 +118,7 @@ function accessAllowed(req, user, trigger) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return role <= trigger.min_role;
 }
@@ -152,7 +153,7 @@ router.post(
       "jwt",
       { session: false },
       async function (err, user, info) {
-        const role = user && user.id ? user.role_id : 10;
+        const role = user && user.id ? user.role_id : 100;
         if (
           role <= view.min_role ||
           (await view.authorise_get({ req, ...view })) // TODO set query to state
@@ -185,7 +186,9 @@ router.post(
     )(req, res, next);
   })
 );
-
+/**
+ *
+ */
 router.get(
   "/:tableName/distinct/:fieldName",
   //passport.authenticate("api-bearer", { session: false }),
@@ -206,9 +209,7 @@ router.get(
       { session: false },
       async function (err, user, info) {
         if (accessAllowedRead(req, user, table)) {
-          const field = (await table.getFields()).find(
-            (f) => f.name === fieldName
-          );
+          const field = table.getFields().find((f) => f.name === fieldName);
           if (!field) {
             res.status(404).json({ error: req.__("Not found") });
             return;
@@ -268,7 +269,7 @@ router.get(
           if (versioncount === "on") {
             const joinOpts = {
               orderBy: "id",
-              forUser: req.user || user || { role_id: 10 },
+              forUser: req.user || user || { role_id: 100 },
               forPublic: !(req.user || user),
               aggregations: {
                 _versions: {
@@ -281,7 +282,7 @@ router.get(
             };
             rows = await table.getJoinedRows(joinOpts);
           } else if (req_query && req_query !== {}) {
-            const tbl_fields = await table.getFields();
+            const tbl_fields = table.getFields();
             readState(req_query, tbl_fields, req);
             const qstate = await stateFieldsToWhere({
               fields: tbl_fields,
@@ -335,7 +336,7 @@ router.post(
 
     if (!trigger) {
       getState().log(3, `API action ${actionname} not found`);
-      res.status(400).json({ error: req.__("Not found") });
+      res.status(404).json({ error: req.__("Not found") });
       return;
     }
     await passport.authenticate(
@@ -350,6 +351,7 @@ router.post(
               body: req.body,
               row: req.body,
               req,
+              user: user || req.user,
             });
             res.json({ success: true, data: resp });
           } catch (e) {
@@ -387,8 +389,8 @@ router.post(
       async function (err, user, info) {
         if (accessAllowedWrite(req, user, table)) {
           const { _versions, ...row } = req.body;
-          const fields = await table.getFields();
-          readState(row, fields);
+          const fields = table.getFields();
+          readState(row, fields, req);
           let errors = [];
           let hasErrors = false;
           Object.keys(row).forEach((k) => {
@@ -409,7 +411,8 @@ router.post(
             if (
               field.required &&
               !field.primary_key &&
-              typeof row[field.name] === "undefined"
+              typeof row[field.name] === "undefined" &&
+              !field.attributes.default
             ) {
               hasErrors = true;
               errors.push(`${field.name}: required`);
@@ -425,7 +428,7 @@ router.post(
           }
           const ins_res = await table.tryInsertRow(
             row,
-            req.user || user || { role_id: 10 }
+            req.user || user || { role_id: 100 }
           );
           if (ins_res.error) {
             getState().log(2, `API POST ${table.name} error: ${ins_res.error}`);
@@ -458,39 +461,15 @@ router.post(
       return;
     }
     await passport.authenticate(
-      "api-bearer",
+      ["api-bearer", "jwt"],
       { session: false },
       async function (err, user, info) {
         if (accessAllowedWrite(req, user, table)) {
           const { _versions, ...row } = req.body;
-          const fields = await table.getFields();
-          readState(row, fields);
-          let errors = [];
-          let hasErrors = false;
-          for (const k of Object.keys(row)) {
-            const field = fields.find((f) => f.name === k);
-            if (!field && k.includes(".")) {
-              const [fnm, jkey] = k.split(".");
-              const jfield = fields.find((f) => f.name === fnm);
-              if (jfield?.type?.name === "JSON") {
-                if (typeof row[fnm] === "undefined") {
-                  const dbrow = await table.getRow({ [table.pk_name]: id });
-                  row[fnm] = dbrow[fnm] || {};
-                }
-                row[fnm][jkey] = row[k];
-                delete row[k];
-              }
-            } else if (!field || field.calculated) {
-              delete row[k];
-            } else if (field?.type && field.type.validate) {
-              const vres = field.type.validate(field.attributes || {})(row[k]);
-              if (vres.error) {
-                hasErrors = true;
-                errors.push(`${k}: ${vres.error}`);
-              }
-            }
-          }
-          if (hasErrors) {
+          const fields = table.getFields();
+          readState(row, fields, req);
+          const errors = await prepare_update_row(table, row, id);
+          if (errors.length > 0) {
             getState().log(
               2,
               `API POST ${table.name} error: ${errors.join(", ")}`
@@ -501,7 +480,7 @@ router.post(
           const ins_res = await table.tryUpdateRow(
             row,
             id,
-            user || req.user || { role_id: 10 }
+            user || req.user || { role_id: 100 }
           );
 
           if (ins_res.error) {
@@ -547,12 +526,12 @@ router.delete(
               //readState(row, fields);
               await table.deleteRows(
                 { [pk_name]: row[pk_name] },
-                user || req.user || { role_id: 10 }
+                user || req.user || { role_id: 100 }
               );
             } else
               await table.deleteRows(
                 { id },
-                user || req.user || { role_id: 10 }
+                user || req.user || { role_id: 100 }
               );
             res.json({ success: true });
           } catch (e) {

package/routes/common_lists.js

@@ -363,7 +363,10 @@ const getTriggerList = (triggers, req, { tagId, domId, showList } = {}) => {
       { label: req.__("Action"), key: "action" },
       {
         label: req.__("Table or Channel"),
-        key: (r) => r.table_name || r.channel,
+        key: (r) =>
+          r.table_name
+            ? a({ href: `/table/${r.table_name}` }, r.table_name)
+            : r.channel,
       },
       {
         label: req.__("When"),

package/routes/delete.js

@@ -34,14 +34,14 @@ router.post(
     const { redirect } = req.query;
     // todo check that works after where change
     const table = await Table.findOne({ name: tableName });
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     try {
       if (role <= table.min_role_write)
-        await table.deleteRows({ id }, req.user || { role_id: 10 });
+        await table.deleteRows({ id }, req.user || { role_id: 100 });
       else if (table.ownership_field_id && req.user) {
         const row = await table.getRow({ id });
         if (row && table.is_owner(req.user, row))
-          await table.deleteRows({ id }, req.user || { role_id: 10 });
+          await table.deleteRows({ id }, req.user || { role_id: 100 });
         else req.flash("error", req.__("Not authorized"));
       } else
         req.flash(

package/routes/edit.js

@@ -41,7 +41,7 @@ router.post(
       await table.updateRow(
         { [field_name]: !row[field_name] },
         id,
-        req.user || { role_id: 10 }
+        req.user || { role_id: 100 }
       );
 
     if (req.xhr) res.send("OK");