@saltcorn/server 0.8.6-beta.1 → 0.8.6-beta.11

package/routes/fields.js

@@ -83,6 +83,13 @@ const fieldForm = async (req, fkey_opts, existing_names, id, hasData) => {
           if (!s || s === "") return req.__("Missing label");
           if (!id && existing_names.includes(Field.labelToName(s)))
             return req.__("Column %s already exists", s);
+          if (Field.labelToName(s) === "row")
+            return req.__("Not a valid field name");
+          try {
+            new Function(Field.labelToName(s), "return;");
+          } catch {
+            return req.__("Not a valid field name");
+          }
         },
       }),
       // description
@@ -464,14 +471,11 @@ const fieldFlow = (req) =>
       },
       {
         name: req.__("Default"),
-        onlyWhen: async (context) => {
-          if (!context.required || context.id || context.calculated)
-            return false;
+        onlyWhen: async (context) => context.required && !context.calculated,
+
+        form: async (context) => {
           const table = await Table.findOne({ id: context.table_id });
           const nrows = await table.countRows();
-          return nrows > 0;
-        },
-        form: async (context) => {
           const formfield = new Field({
             name: "default",
             label: req.__("Default"),
@@ -484,12 +488,28 @@ const fieldFlow = (req) =>
             },
           });
           await formfield.fill_fkey_options();
-          return new Form({
-            blurb: req.__(
-              "A default value is required when adding required fields to nonempty tables"
-            ),
-            fields: [formfield],
+          const defaultOptional = nrows === 0 || context.id;
+          if (defaultOptional) formfield.showIf = { set_default: true };
+
+          const form = new Form({
+            blurb: defaultOptional
+              ? req.__("Set a default value for missing data")
+              : req.__(
+                  "A default value is required when adding required fields to nonempty tables"
+                ),
+            fields: [
+              ...(defaultOptional
+                ? [{ name: "set_default", label: "Set Default", type: "Bool" }]
+                : []),
+              formfield,
+            ],
           });
+          if (
+            typeof context.default !== "undefined" &&
+            context.default !== null
+          )
+            form.values.set_default = true;
+          return form;
         },
       },
     ],
@@ -717,7 +737,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { tableName, fieldName, fieldview } = req.params;
     const table = await Table.findOne({ name: tableName });
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
 
     const fields = await table.getFields();
     let row = { ...req.body };

package/routes/files.js

@@ -130,7 +130,7 @@ router.get(
 router.get(
   "/download/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     const file = await File.findOne(serve_path);
@@ -155,7 +155,7 @@ router.post(
   isAdmin,
 
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const files = req.body.files;
     const location = req.body.location;
@@ -189,7 +189,7 @@ router.post(
 router.get(
   "/serve/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     //let file;
@@ -201,7 +201,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       if (file.s3_store) s3storage.serveObject(file, res, false);
       else res.sendFile(file.location);
@@ -228,7 +228,7 @@ router.get(
 router.get(
   "/resize/:width_str/:height_str/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const { width_str, height_str } = req.params;
     const serve_path = req.params[0];
@@ -240,7 +240,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       //TODO s3
       if (file.s3_store) s3storage.serveObject(file, res, false);
@@ -386,7 +386,7 @@ router.post(
     let { folder } = req.body;
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     let file_for_redirect;
     if (role > +min_role_upload) {
       if (!req.xhr) req.flash("warning", req.__("Not authorized"));

package/routes/homepage.js

@@ -426,7 +426,7 @@ const welcome_page = async (req) => {
  * @returns {Promise<void>}
  */
 const no_views_logged_in = async (req, res) => {
-  const role = req.user && req.user.id ? req.user.role_id : 10;
+  const role = req.user && req.user.id ? req.user.role_id : 100;
   if (role > 1 || req.user.tenant !== db.getTenantSchema())
     res.sendWrap(req.__("Hello"), req.__("Welcome to Saltcorn!"));
   else {
@@ -463,7 +463,7 @@ const no_views_logged_in = async (req, res) => {
 const get_config_response = async (role_id, res, req) => {
   const modernCfg = getState().getConfig("home_page_by_role", false);
   // predefined roles
-  const legacy_role = { 10: "public", 8: "user", 4: "staff", 1: "admin" }[
+  const legacy_role = { 100: "public", 80: "user", 40: "staff", 1: "admin" }[
     role_id
   ];
   let homeCfg = modernCfg && modernCfg[role_id];
@@ -497,7 +497,7 @@ module.exports =
    */
   async (req, res) => {
     const isAuth = req.user && req.user.id;
-    const role_id = req.user ? req.user.role_id : 10;
+    const role_id = req.user ? req.user.role_id : 100;
     const cfgResp = await get_config_response(role_id, res, req);
     if (cfgResp) return;
 

package/routes/index.js

@@ -1,44 +1,5 @@
 /**
  * Index is Main Router of App
- * @category server
- * @module routes/index
- * @subcategory routes
- */
-
-/**
- * All files in the routes module.
- * @namespace routes_overview
- * @property {module:routes/actions} actions
- * @property {module:routes/admin} admin
- * @property {module:routes/api} api
- * @property {module:routes/config} config
- * @property {module:routes/crashlog} crashlog
- * @property {module:routes/delete} delete
- * @property {module:routes/edit} edit
- * @property {module:routes/eventlog} eventlog
- * @property {module:routes/events} events
- * @property {module:routes/fields} fields
- * @property {module:routes/files} files
- * @property {module:routes/homepage} homepage
- * @property {module:routes/infoarch} infoarch
- * @property {module:routes/library} library
- * @property {module:routes/list} list
- * @property {module:routes/menu} menu
- * @property {module:routes/packs} packs
- * @property {module:routes/page} page
- * @property {module:routes/pageedit} pageedit
- * @property {module:routes/plugins} plugins
- * @property {module:routes/scapi} scapi
- * @property {module:routes/search} search
- * @property {module:routes/settings} settings
- * @property {module:routes/tables} tables
- * @property {module:routes/tenant} tenant
- * @property {module:routes/utils} utils
- * @property {module:routes/view} view
- * @property {module:routes/viewedit} viewedit
- *
- * @category server
- * @subcategory routes
  */
 
 const table = require("./tables");
@@ -71,7 +32,8 @@ const useradmin = require("../auth/admin");
 const roleadmin = require("../auth/roleadmin");
 const tags = require("./tags");
 const tagentries = require("./tag_entries");
-const dataDiagram = require("./diagram");
+const diagram = require("./diagram");
+const sync = require("./sync");
 
 module.exports =
   /**
@@ -109,5 +71,6 @@ module.exports =
     app.use("/roleadmin", roleadmin);
     app.use("/tag", tags);
     app.use("/tag-entries", tagentries);
-    app.use("/diagram", dataDiagram);
+    app.use("/diagram", diagram);
+    app.use("/sync", sync);
   };

package/routes/menu.js

@@ -454,7 +454,7 @@ router.post(
   "/runaction/:name",
   error_catcher(async (req, res) => {
     const { name } = req.params;
-    const role = (req.user || {}).role_id || 10;
+    const role = (req.user || {}).role_id || 100;
     const state = getState();
     const menu_items = state.getConfig("menu_items");
     let menu_item;

package/routes/page.js

@@ -42,7 +42,7 @@ router.get(
     state.log(3, `Route /page/${pagename} user=${req.user?.id}`);
     const tic = state.logLevel >= 5 ? new Date() : null;
 
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       const contents = await db_page.run(req.query, { res, req });
@@ -104,7 +104,7 @@ router.post(
   "/:pagename/action/:rndid",
   error_catcher(async (req, res) => {
     const { pagename, rndid } = req.params;
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       let col;

package/routes/pageedit.js

@@ -387,7 +387,7 @@ router.get(
   isAdmin,
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
-    const page = await Page.findOne({ name: pagename });
+    const [page] = await Page.find({ name: pagename });
     if (!page) {
       req.flash("error", req.__(`Page %s not found`, pagename));
       res.redirect(`/pageedit`);
@@ -506,7 +506,7 @@ router.post(
     const valres = form.validate(req.body);
     if (valres.success) {
       const home_page_by_role =
-        getState().getConfigCopy("home_page_by_role", []) || [];
+        getState().getConfigCopy("home_page_by_role", {}) || {};
       for (const role of roles) {
         home_page_by_role[role.id] = valres.success[role.role];
       }

package/routes/scapi.js

@@ -49,7 +49,7 @@ function accessAllowedRead(req, user) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   if (role === 1) return true;
   return false;

package/routes/search.js

@@ -165,7 +165,7 @@ const searchForm = () =>
  * @returns {Promise<void>}
  */
 const runSearch = async ({ q, _page, table }, req, res) => {
-  const role = (req.user || {}).role_id || 10;
+  const role = (req.user || {}).role_id || 100;
   // globalSearch contains list of pairs: table, view
   const cfg = getState().getConfig("globalSearch");
   const page_size = getState().getConfig("search_page_size");
@@ -269,10 +269,9 @@ const runSearch = async ({ q, _page, table }, req, res) => {
 router.get(
   "/",
   error_catcher(async (req, res) => {
-
     const min_role = getState().getConfig("min_role_search");
-    const role = (req.user || {}).role_id || 10;
-    if(role>min_role){
+    const role = (req.user || {}).role_id || 100;
+    if (role > min_role) {
       res.redirect("/"); // silent redirect to home page
       return;
     }
@@ -283,7 +282,7 @@ router.get(
       const cfg = getState().getConfig("globalSearch");
 
       if (!cfg) {
-        const role = (req.user || {}).role_id || 10;
+        const role = (req.user || {}).role_id || 100;
 
         req.flash("warning", req.__("Search not configured"));
         res.redirect(role === 1 ? "/search/config" : "/");

package/routes/sync.js

@@ -0,0 +1,84 @@
+const { error_catcher } = require("./utils.js");
+const Router = require("express-promise-router");
+const db = require("@saltcorn/data/db");
+const { getState } = require("@saltcorn/data/db/state");
+const Table = require("@saltcorn/data/models/table");
+
+const router = new Router();
+module.exports = router;
+
+const pickFields = (table, row) => {
+  const result = {};
+  for (const { name, type } of table.getFields()) {
+    if (name === "id") continue;
+    if (type?.name === "Date") {
+      result[name] = row[name] ? new Date(row[name]) : undefined;
+    } else {
+      result[name] = row[name];
+    }
+  }
+  return result;
+};
+
+const allowInsert = (table, user) => {
+  const role = user?.role_id || 100;
+  return table.min_role_write >= role;
+};
+
+const throwWithCode = (message, code) => {
+  const err = new Error(message);
+  err.statusCode = code;
+  throw err;
+};
+
+/**
+ * insert the offline data uploaded by the mobile-app
+ */
+router.post(
+  "/table_data",
+  error_catcher(async (req, res) => {
+    // TODO sqlite
+    getState().log(
+      4,
+      `POST /sync/table_data user: '${req.user ? req.user.id : "public"}'`
+    );
+    let aborted = false;
+    req.socket.on("close", () => {
+      aborted = true;
+    });
+    req.socket.on("timeout", () => {
+      aborted = true;
+    });
+    const client = db.isSQLite ? db : await db.getClient();
+    try {
+      await client.query("BEGIN");
+      await client.query("SET CONSTRAINTS ALL DEFERRED");
+      for (const [tblName, offlineRows] of Object.entries(req.body.data) ||
+        []) {
+        const table = Table.findOne({ name: tblName });
+        if (!table) throw new Error(`The table '${tblName}' does not exist.`);
+        if (!allowInsert(table, req.user))
+          throwWithCode(req.__("Not authorized"), 401);
+        if (tblName !== "users") {
+          for (const newRow of offlineRows.map((row) =>
+            pickFields(table, row)
+          )) {
+            if (aborted) throw new Error("connection closed by client");
+            await db.insert(table.name, newRow, { client: client });
+          }
+        }
+      }
+      if (aborted) throw new Error("connection closed by client");
+      await client.query("COMMIT");
+      res.json({ success: true });
+    } catch (error) {
+      await client.query("ROLLBACK");
+      getState().log(2, `POST /sync/table_data error: '${error.message}'`);
+      res
+        .status(error.statusCode || 400)
+        .json({ error: error.message || error });
+    } finally {
+      if (!db.isSQLite) await client.release(true);
+    }
+  })
+);

package/routes/tables.js

@@ -53,6 +53,8 @@ const { getState } = require("@saltcorn/data/db/state");
 const { cardHeaderTabs } = require("@saltcorn/markup/layout_utils");
 const { tablesList } = require("./common_lists");
 const { InvalidConfiguration } = require("@saltcorn/data/utils");
+const { sleep } = require("@saltcorn/data/utils");
+
 const path = require("path");
 /**
  * @type {object}
@@ -539,11 +541,7 @@ const attribBadges = (f) => {
   let s = "";
   if (f.attributes) {
     Object.entries(f.attributes).forEach(([k, v]) => {
-      if (
-        ["summary_field", "default", "on_delete_cascade", "on_delete"].includes(
-          k
-        )
-      )
+      if (["summary_field", "on_delete_cascade", "on_delete"].includes(k))
         return;
       if (v || v === 0) s += badge("secondary", k);
     });
@@ -913,10 +911,12 @@ router.post(
         rest.provider_name !== "Database table"
       ) {
         const table = await Table.create(name, rest);
+        await sleep(500); // Allow other workers to load this view
         res.redirect(`/table/provider-cfg/${table.id}`);
       } else {
         delete rest.provider_name;
         const table = await Table.create(name, rest);
+        await sleep(500); // Allow other workers to load this view
         req.flash("success", req.__(`Table %s created`, name));
         res.redirect(`/table/${table.id}`);
       }

package/routes/tenant.js

@@ -42,7 +42,7 @@ const {
   code,
 } = require("@saltcorn/markup/tags");
 const db = require("@saltcorn/data/db");
-//const url = require("url");
+
 const { loadAllPlugins, loadAndSaveNewPlugin } = require("../load_plugins");
 const { isAdmin, error_catcher } = require("./utils.js");
 const User = require("@saltcorn/data/models/user");
@@ -53,6 +53,7 @@ const {
   save_config_from_form,
 } = require("../markup/admin.js");
 const { getConfig } = require("@saltcorn/data/models/config");
+//const {quote} = require("@saltcorn/db-common");
 // todo add button backup / restore for particular tenant (available in admin tenants screens)
 //const {
 //  create_backup,
@@ -75,6 +76,7 @@ const remove_leading_chars = (cs, s) =>
 /**
  * Declare Form to create Tenant
  * @param {object} req - Request
+ * @param base_url - Base URL
  * @returns {Form} - Saltcorn Form Declaration
  * @category server
  */
@@ -109,8 +111,8 @@ const tenant_form = (req, base_url) =>
 // TBD To allow few roles to create tenants - currently only one role has such rights simultaneously
 const create_tenant_allowed = (req) => {
   const required_role =
-    +getRootState().getConfig("role_to_create_tenant") || 10;
-  const user_role = req.user ? req.user.role_id : 10;
+    +getRootState().getConfig("role_to_create_tenant") || 100;
+  const user_role = req.user ? req.user.role_id : 100;
   return user_role <= required_role;
 };
 
@@ -227,6 +229,7 @@ router.get(
  * Return URL of new Tenant
  * @param {object} req - Request
  * @param {string} subdomain - Tenant Subdomain name string
+ * @param base_url - Base URL
  * @returns {string}
  */
 const getNewURL = (req, subdomain, base_url) => {
@@ -280,7 +283,7 @@ router.post(
       const description = valres.success.description;
       // get list of tenants
       const allTens = await getAllTenants();
-      if (allTens.includes(subdomain) || !subdomain) {
+      if (allTens.includes(subdomain) || !subdomain || subdomain === "public") {
         form.errors.subdomain = req.__(
           "A site with this subdomain already exists"
         );
@@ -446,7 +449,7 @@ const tenant_settings_form = (req) =>
       "tenant_template",
       "tenant_baseurl",
       "tenant_create_unauth_redirect",
-      { section_header: "Tenant application capabilities" },
+      { section_header: req.__("Tenant application capabilities") },
       "tenants_install_git",
       "tenants_set_npm_modules",
       "tenants_unsafe_plugins",
@@ -536,8 +539,11 @@ const get_tenant_info = async (subdomain) => {
   // get tenant row
   const ten = await Tenant.findOne({ subdomain: saneDomain });
   if (ten) {
+    //info.ten = ten;
     info.description = ten.description;
     info.created = ten.created;
+    info.template = ten.template;
+    info.email = ten.email;
   }
 
   // get data from tenant schema
@@ -547,10 +553,19 @@ const get_tenant_info = async (subdomain) => {
     if (firstUser && firstUser.length > 0) {
       info.first_user_email = firstUser[0].email;
     }
+    // todo sort in alphabet order
+    // config items count
+    info.nconfigs = await db.count("_sc_config");
+    // error messages count
+    info.nerrors = await db.count("_sc_errors");
+    // event log
+    info.nevent_log = await db.count("_sc_event_log");
     // users count
     info.nusers = await db.count("users");
     // roles count
     info.nroles = await db.count("_sc_roles");
+    // table_constraints count
+    info.ntable_constraints = await db.count("_sc_table_constraints");
     // tables count
     info.ntables = await db.count("_sc_tables");
     // table fields count
@@ -561,19 +576,25 @@ const get_tenant_info = async (subdomain) => {
     info.nfiles = await db.count("_sc_files");
     // pages count
     info.npages = await db.count("_sc_pages");
-    // triggers (actions) ccount
+    // triggers (actions) count
     info.nactions = await db.count("_sc_triggers");
-    // error messages count
-    info.nerrors = await db.count("_sc_errors");
-    // config items count
-    info.nconfigs = await db.count("_sc_config");
     // plugins count
     info.nplugins = await db.count("_sc_plugins");
     // migration count
     info.nmigrations = await db.count("_sc_migrations");
     // library count
     info.nlibrary = await db.count("_sc_library");
-    // TBD decide Do we need count tenants, table constraints
+    // notifications
+    info.nnotifications = await db.count("_sc_notifications");
+    // tags
+    info.ntags = await db.count("_sc_tags");
+    // tag_entries
+    info.ntag_entries = await db.count("_sc_tag_entries");
+    // snapshots
+    info.nsnapshots = await db.count("_sc_snapshots");
+    // session - Only for main app?
+    //info.nsession = await db.count("_sc_session");
+
     // base url
     info.base_url = await getConfig("base_url");
     return info;
@@ -628,51 +649,76 @@ router.get(
                       { href: "mailto:" + info.first_user_email },
                       info.first_user_email
                     )
-                  )
+                  ),
+                  th(req.__("Template")),
+                  td(a({ href: info.base_url }, info.template))
                 ),
                 tr(
                   th(req.__("Users")),
-                  td(a({ href: info.base_url + "useradmin" }, info.nusers))
-                ),
-                tr(
+                  td(a({ href: info.base_url + "useradmin" }, info.nusers)),
                   th(req.__("Roles")),
                   td(a({ href: info.base_url + "roleadmin" }, info.nroles))
                 ),
                 tr(
                   th(req.__("Tables")),
-                  td(a({ href: info.base_url + "table" }, info.ntables))
-                ),
-                tr(
+                  td(a({ href: info.base_url + "table" }, info.ntables)),
                   th(req.__("Table columns")),
                   td(a({ href: info.base_url + "table" }, info.nfields))
                 ),
                 tr(
-                  th(req.__("Views")),
-                  td(a({ href: info.base_url + "viewedit" }, info.nviews))
+                  th(req.__("Table constraints")),
+                  td(
+                    a(
+                      { href: info.base_url + "table" },
+                      info.ntable_constraints
+                    )
+                  ),
+                  th(req.__("Library")),
+                  td(a({ href: info.base_url + "library/list" }, info.nlibrary))
                 ),
                 tr(
+                  th(req.__("Views")),
+                  td(a({ href: info.base_url + "viewedit" }, info.nviews)),
                   th(req.__("Pages")),
                   td(a({ href: info.base_url + "pageedit" }, info.npages))
                 ),
                 tr(
                   th(req.__("Files")),
-                  td(a({ href: info.base_url + "files" }, info.nfiles))
-                ),
-                tr(
+                  td(a({ href: info.base_url + "files" }, info.nfiles)),
                   th(req.__("Actions")),
                   td(a({ href: info.base_url + "actions" }, info.nactions))
                 ),
                 tr(
                   th(req.__("Modules")),
-                  td(a({ href: info.base_url + "plugins" }, info.nplugins))
-                ),
-                tr(
+                  td(a({ href: info.base_url + "plugins" }, info.nplugins)),
                   th(req.__("Configuration items")),
                   td(a({ href: info.base_url + "admin" }, info.nconfigs))
                 ),
                 tr(
+                  // Crashlogs only for main site?
                   th(req.__("Crashlogs")),
-                  td(a({ href: info.base_url + "crashlog" }, info.nerrors))
+                  td(a({ href: info.base_url + "crashlog" }, info.nerrors)),
+                  //th(req.__("Sessions")),
+                  //td(a({ href: info.base_url + "crashlog" }, info.nsessions)),
+                  th(req.__("Event logs")),
+                  td(a({ href: info.base_url + "eventlog" }, info.nevent_log))
+                  // Notifications only for main site?
+                  //th(req.__("Notifications")),
+                  //td(a({ href: info.base_url + "???" }, info.nnotifications)),
+                ),
+                tr(
+                  th(req.__("Snapshots")),
+                  td(
+                    a({ href: info.base_url + "admin/backup" }, info.nsnapshots)
+                  ),
+                  th(req.__("Migrations")),
+                  td(a({ href: info.base_url + "admin" }, info.nmigrations))
+                ),
+                tr(
+                  th(req.__("Tags")),
+                  td(a({ href: info.base_url + "tag" }, info.ntags)),
+                  th(req.__("Tag Entries")),
+                  td(a({ href: info.base_url + "tag" }, info.ntag_entries))
                 )
               ),
             ],
@@ -697,6 +743,7 @@ router.get(
                       name: "description",
                       label: req.__("Description"),
                       type: "String",
+                      fieldview: "textarea",
                     },
                   ],
                   values: {