@saltcorn/server 0.8.6-beta.2 → 0.8.6-beta.4

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.6-beta.2",
+  "version": "0.8.6-beta.4",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.6-beta.2",
-    "@saltcorn/builder": "0.8.6-beta.2",
-    "@saltcorn/data": "0.8.6-beta.2",
-    "@saltcorn/admin-models": "0.8.6-beta.2",
-    "@saltcorn/filemanager": "0.8.6-beta.2",
-    "@saltcorn/markup": "0.8.6-beta.2",
-    "@saltcorn/sbadmin2": "0.8.6-beta.2",
+    "@saltcorn/base-plugin": "0.8.6-beta.4",
+    "@saltcorn/builder": "0.8.6-beta.4",
+    "@saltcorn/data": "0.8.6-beta.4",
+    "@saltcorn/admin-models": "0.8.6-beta.4",
+    "@saltcorn/filemanager": "0.8.6-beta.4",
+    "@saltcorn/markup": "0.8.6-beta.4",
+    "@saltcorn/sbadmin2": "0.8.6-beta.4",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/dayjs.min.js

@@ -0,0 +1 @@
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).dayjs=e()}(this,(function(){"use strict";var t=1e3,e=6e4,n=36e5,r="millisecond",i="second",s="minute",u="hour",a="day",o="week",f="month",h="quarter",c="year",d="date",l="Invalid Date",$=/^(\d{4})[-/]?(\d{1,2})?[-/]?(\d{0,2})[Tt\s]*(\d{1,2})?:?(\d{1,2})?:?(\d{1,2})?[.:]?(\d+)?$/,y=/\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g,M={name:"en",weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),ordinal:function(t){var e=["th","st","nd","rd"],n=t%100;return"["+t+(e[(n-20)%10]||e[n]||e[0])+"]"}},m=function(t,e,n){var r=String(t);return!r||r.length>=e?t:""+Array(e+1-r.length).join(n)+t},v={s:m,z:function(t){var e=-t.utcOffset(),n=Math.abs(e),r=Math.floor(n/60),i=n%60;return(e<=0?"+":"-")+m(r,2,"0")+":"+m(i,2,"0")},m:function t(e,n){if(e.date()<n.date())return-t(n,e);var r=12*(n.year()-e.year())+(n.month()-e.month()),i=e.clone().add(r,f),s=n-i<0,u=e.clone().add(r+(s?-1:1),f);return+(-(r+(n-i)/(s?i-u:u-i))||0)},a:function(t){return t<0?Math.ceil(t)||0:Math.floor(t)},p:function(t){return{M:f,y:c,w:o,d:a,D:d,h:u,m:s,s:i,ms:r,Q:h}[t]||String(t||"").toLowerCase().replace(/s$/,"")},u:function(t){return void 0===t}},g="en",D={};D[g]=M;var p=function(t){return t instanceof _},S=function t(e,n,r){var i;if(!e)return g;if("string"==typeof e){var s=e.toLowerCase();D[s]&&(i=s),n&&(D[s]=n,i=s);var u=e.split("-");if(!i&&u.length>1)return t(u[0])}else{var a=e.name;D[a]=e,i=a}return!r&&i&&(g=i),i||!r&&g},w=function(t,e){if(p(t))return t.clone();var n="object"==typeof e?e:{};return n.date=t,n.args=arguments,new _(n)},O=v;O.l=S,O.i=p,O.w=function(t,e){return w(t,{locale:e.$L,utc:e.$u,x:e.$x,$offset:e.$offset})};var _=function(){function M(t){this.$L=S(t.locale,null,!0),this.parse(t)}var m=M.prototype;return m.parse=function(t){this.$d=function(t){var e=t.date,n=t.utc;if(null===e)return new Date(NaN);if(O.u(e))return new Date;if(e instanceof Date)return new Date(e);if("string"==typeof e&&!/Z$/i.test(e)){var r=e.match($);if(r){var i=r[2]-1||0,s=(r[7]||"0").substring(0,3);return n?new Date(Date.UTC(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)):new Date(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)}}return new Date(e)}(t),this.$x=t.x||{},this.init()},m.init=function(){var t=this.$d;this.$y=t.getFullYear(),this.$M=t.getMonth(),this.$D=t.getDate(),this.$W=t.getDay(),this.$H=t.getHours(),this.$m=t.getMinutes(),this.$s=t.getSeconds(),this.$ms=t.getMilliseconds()},m.$utils=function(){return O},m.isValid=function(){return!(this.$d.toString()===l)},m.isSame=function(t,e){var n=w(t);return this.startOf(e)<=n&&n<=this.endOf(e)},m.isAfter=function(t,e){return w(t)<this.startOf(e)},m.isBefore=function(t,e){return this.endOf(e)<w(t)},m.$g=function(t,e,n){return O.u(t)?this[e]:this.set(n,t)},m.unix=function(){return Math.floor(this.valueOf()/1e3)},m.valueOf=function(){return this.$d.getTime()},m.startOf=function(t,e){var n=this,r=!!O.u(e)||e,h=O.p(t),l=function(t,e){var i=O.w(n.$u?Date.UTC(n.$y,e,t):new Date(n.$y,e,t),n);return r?i:i.endOf(a)},$=function(t,e){return O.w(n.toDate()[t].apply(n.toDate("s"),(r?[0,0,0,0]:[23,59,59,999]).slice(e)),n)},y=this.$W,M=this.$M,m=this.$D,v="set"+(this.$u?"UTC":"");switch(h){case c:return r?l(1,0):l(31,11);case f:return r?l(1,M):l(0,M+1);case o:var g=this.$locale().weekStart||0,D=(y<g?y+7:y)-g;return l(r?m-D:m+(6-D),M);case a:case d:return $(v+"Hours",0);case u:return $(v+"Minutes",1);case s:return $(v+"Seconds",2);case i:return $(v+"Milliseconds",3);default:return this.clone()}},m.endOf=function(t){return this.startOf(t,!1)},m.$set=function(t,e){var n,o=O.p(t),h="set"+(this.$u?"UTC":""),l=(n={},n[a]=h+"Date",n[d]=h+"Date",n[f]=h+"Month",n[c]=h+"FullYear",n[u]=h+"Hours",n[s]=h+"Minutes",n[i]=h+"Seconds",n[r]=h+"Milliseconds",n)[o],$=o===a?this.$D+(e-this.$W):e;if(o===f||o===c){var y=this.clone().set(d,1);y.$d[l]($),y.init(),this.$d=y.set(d,Math.min(this.$D,y.daysInMonth())).$d}else l&&this.$d[l]($);return this.init(),this},m.set=function(t,e){return this.clone().$set(t,e)},m.get=function(t){return this[O.p(t)]()},m.add=function(r,h){var d,l=this;r=Number(r);var $=O.p(h),y=function(t){var e=w(l);return O.w(e.date(e.date()+Math.round(t*r)),l)};if($===f)return this.set(f,this.$M+r);if($===c)return this.set(c,this.$y+r);if($===a)return y(1);if($===o)return y(7);var M=(d={},d[s]=e,d[u]=n,d[i]=t,d)[$]||1,m=this.$d.getTime()+r*M;return O.w(m,this)},m.subtract=function(t,e){return this.add(-1*t,e)},m.format=function(t){var e=this,n=this.$locale();if(!this.isValid())return n.invalidDate||l;var r=t||"YYYY-MM-DDTHH:mm:ssZ",i=O.z(this),s=this.$H,u=this.$m,a=this.$M,o=n.weekdays,f=n.months,h=function(t,n,i,s){return t&&(t[n]||t(e,r))||i[n].slice(0,s)},c=function(t){return O.s(s%12||12,t,"0")},d=n.meridiem||function(t,e,n){var r=t<12?"AM":"PM";return n?r.toLowerCase():r},$={YY:String(this.$y).slice(-2),YYYY:this.$y,M:a+1,MM:O.s(a+1,2,"0"),MMM:h(n.monthsShort,a,f,3),MMMM:h(f,a),D:this.$D,DD:O.s(this.$D,2,"0"),d:String(this.$W),dd:h(n.weekdaysMin,this.$W,o,2),ddd:h(n.weekdaysShort,this.$W,o,3),dddd:o[this.$W],H:String(s),HH:O.s(s,2,"0"),h:c(1),hh:c(2),a:d(s,u,!0),A:d(s,u,!1),m:String(u),mm:O.s(u,2,"0"),s:String(this.$s),ss:O.s(this.$s,2,"0"),SSS:O.s(this.$ms,3,"0"),Z:i};return r.replace(y,(function(t,e){return e||$[t]||i.replace(":","")}))},m.utcOffset=function(){return 15*-Math.round(this.$d.getTimezoneOffset()/15)},m.diff=function(r,d,l){var $,y=O.p(d),M=w(r),m=(M.utcOffset()-this.utcOffset())*e,v=this-M,g=O.m(this,M);return g=($={},$[c]=g/12,$[f]=g,$[h]=g/3,$[o]=(v-m)/6048e5,$[a]=(v-m)/864e5,$[u]=v/n,$[s]=v/e,$[i]=v/t,$)[y]||v,l?g:O.a(g)},m.daysInMonth=function(){return this.endOf(f).$D},m.$locale=function(){return D[this.$L]},m.locale=function(t,e){if(!t)return this.$L;var n=this.clone(),r=S(t,e,!0);return r&&(n.$L=r),n},m.clone=function(){return O.w(this.$d,this)},m.toDate=function(){return new Date(this.valueOf())},m.toJSON=function(){return this.isValid()?this.toISOString():null},m.toISOString=function(){return this.$d.toISOString()},m.toString=function(){return this.$d.toUTCString()},M}(),T=_.prototype;return w.prototype=T,[["$ms",r],["$s",i],["$m",s],["$H",u],["$W",a],["$M",f],["$y",c],["$D",d]].forEach((function(t){T[t[1]]=function(e){return this.$g(e,t[0],t[1])}})),w.extend=function(t,e){return t.$i||(t(e,_,w),t.$i=!0),w},w.locale=S,w.isDayjs=p,w.unix=function(t){return w(1e3*t)},w.en=D[g],w.Ls=D,w.p={},w}));

package/public/saltcorn-common.js

@@ -257,6 +257,42 @@ function apply_showif() {
       },
     });
   });
+  const locale =
+    navigator.userLanguage ||
+    (navigator.languages &&
+      navigator.languages.length &&
+      navigator.languages[0]) ||
+    navigator.language ||
+    navigator.browserLanguage ||
+    navigator.systemLanguage ||
+    "en";
+  window.detected_locale = locale;
+  const parse = (s) => JSON.parse(decodeURIComponent(s));
+  $("time[locale-time-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-time-options"));
+    el.text(date.toLocaleTimeString(locale, options));
+  });
+  $("time[locale-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-options"));
+    el.text(date.toLocaleString(locale, options));
+  });
+  $("time[locale-date-options]").each(function () {
+    var el = $(this);
+    var date = new Date(el.attr("datetime"));
+    const options = parse(el.attr("locale-date-options"));
+    el.text(date.toLocaleDateString(locale, options));
+  });
+  $("time[locale-date-format]").each(function () {
+    var el = $(this);
+    var date = el.attr("datetime");
+    const format = parse(el.attr("locale-date-format"));
+    el.text(dayjs(date).format(format));
+  });
+
   _apply_showif_plugins.forEach((p) => p());
 }
 
@@ -568,35 +604,7 @@ function initialize_page() {
         });
       }, 100);
     });
-  const locale =
-    navigator.userLanguage ||
-    (navigator.languages &&
-      navigator.languages.length &&
-      navigator.languages[0]) ||
-    navigator.language ||
-    navigator.browserLanguage ||
-    navigator.systemLanguage ||
-    "en";
-  window.detected_locale = locale;
-  const parse = (s) => JSON.parse(decodeURIComponent(s));
-  $("time[locale-time-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-time-options"));
-    el.text(date.toLocaleTimeString(locale, options));
-  });
-  $("time[locale-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-options"));
-    el.text(date.toLocaleString(locale, options));
-  });
-  $("time[locale-date-options]").each(function () {
-    var el = $(this);
-    var date = new Date(el.attr("datetime"));
-    const options = parse(el.attr("locale-date-options"));
-    el.text(date.toLocaleDateString(locale, options));
-  });
+
   if ($.fn.historyTabs && $.fn.tab)
     $('a[data-bs-toggle="tab"].deeplink').historyTabs();
   init_bs5_dropdowns();

package/public/saltcorn.js

@@ -79,7 +79,7 @@ function set_state_field(key, value) {
 function check_state_field(that) {
   const checked = that.checked;
   const name = that.name;
-  const value = that.value;
+  const value = encodeURIComponent(that.value);
   var separator = window.location.href.indexOf("?") !== -1 ? "&" : "?";
   let dest;
   if (checked) dest = get_current_state_url() + `${separator}${name}=${value}`;

package/routes/admin.js

@@ -1564,6 +1564,27 @@ router.get(
                         placeholder: getState().getConfig("base_url") || "",
                       })
                     )
+                  ),
+                  div(
+                    // TODO only for some tables?
+                    { class: "row pb-2" },
+                    div(
+                      { class: "col-sm-4" },
+                      input({
+                        type: "checkbox",
+                        id: "offlineModeBoxId",
+                        class: "form-check-input me-2",
+                        name: "allowOfflineMode",
+                        checked: true,
+                      }),
+                      label(
+                        {
+                          for: "offlineModeBoxId",
+                          class: "form-label",
+                        },
+                        req.__("Allow offline mode")
+                      )
+                    )
                   )
                 ),
                 button(
@@ -1664,6 +1685,7 @@ router.post(
       useDocker,
       appFile,
       serverURL,
+      allowOfflineMode,
     } = req.body;
     if (!androidPlatform && !iOSPlatform) {
       return res.json({
@@ -1711,6 +1733,7 @@ router.post(
     }
     if (appFile) spawnParams.push("-a", appFile);
     if (serverURL) spawnParams.push("-s", serverURL);
+    if (allowOfflineMode) spawnParams.push("--allowOfflineMode");
     if (
       db.is_it_multi_tenant() &&
       db.getTenantSchema() !== db.connectObj.default_schema

package/routes/api.js

@@ -2,7 +2,7 @@
  * Table Data API handler
  * Allows to manipulate with saltcorn tables data.
  *
- * Attention! Currently you cannot insert / update users table via this api
+ * Attention! Currently, you cannot insert / update users table via this api
  * because users table has specific meaning in SC and
  * not all required (mandatory) fields of user available via this api.
  * For now this is platform limitation.
@@ -73,7 +73,7 @@ function accessAllowedRead(req, user, table, allow_ownership) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return (
     role <= table.min_role_read ||
@@ -96,7 +96,7 @@ function accessAllowedWrite(req, user, table) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return (
     role <= table.min_role_write ||
@@ -117,7 +117,7 @@ function accessAllowed(req, user, trigger) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   return role <= trigger.min_role;
 }
@@ -152,7 +152,7 @@ router.post(
       "jwt",
       { session: false },
       async function (err, user, info) {
-        const role = user && user.id ? user.role_id : 10;
+        const role = user && user.id ? user.role_id : 100;
         if (
           role <= view.min_role ||
           (await view.authorise_get({ req, ...view })) // TODO set query to state
@@ -185,7 +185,9 @@ router.post(
     )(req, res, next);
   })
 );
-
+/**
+ *
+ */
 router.get(
   "/:tableName/distinct/:fieldName",
   //passport.authenticate("api-bearer", { session: false }),
@@ -206,9 +208,7 @@ router.get(
       { session: false },
       async function (err, user, info) {
         if (accessAllowedRead(req, user, table)) {
-          const field = (await table.getFields()).find(
-            (f) => f.name === fieldName
-          );
+          const field = table.getFields().find((f) => f.name === fieldName);
           if (!field) {
             res.status(404).json({ error: req.__("Not found") });
             return;
@@ -268,7 +268,7 @@ router.get(
           if (versioncount === "on") {
             const joinOpts = {
               orderBy: "id",
-              forUser: req.user || user || { role_id: 10 },
+              forUser: req.user || user || { role_id: 100 },
               forPublic: !(req.user || user),
               aggregations: {
                 _versions: {
@@ -281,7 +281,7 @@ router.get(
             };
             rows = await table.getJoinedRows(joinOpts);
           } else if (req_query && req_query !== {}) {
-            const tbl_fields = await table.getFields();
+            const tbl_fields = table.getFields();
             readState(req_query, tbl_fields, req);
             const qstate = await stateFieldsToWhere({
               fields: tbl_fields,
@@ -335,7 +335,7 @@ router.post(
 
     if (!trigger) {
       getState().log(3, `API action ${actionname} not found`);
-      res.status(400).json({ error: req.__("Not found") });
+      res.status(404).json({ error: req.__("Not found") });
       return;
     }
     await passport.authenticate(
@@ -350,6 +350,7 @@ router.post(
               body: req.body,
               row: req.body,
               req,
+              user: user || req.user,
             });
             res.json({ success: true, data: resp });
           } catch (e) {
@@ -387,8 +388,8 @@ router.post(
       async function (err, user, info) {
         if (accessAllowedWrite(req, user, table)) {
           const { _versions, ...row } = req.body;
-          const fields = await table.getFields();
-          readState(row, fields);
+          const fields = table.getFields();
+          readState(row, fields, req);
           let errors = [];
           let hasErrors = false;
           Object.keys(row).forEach((k) => {
@@ -409,7 +410,8 @@ router.post(
             if (
               field.required &&
               !field.primary_key &&
-              typeof row[field.name] === "undefined"
+              typeof row[field.name] === "undefined" &&
+              !field.attributes.default
             ) {
               hasErrors = true;
               errors.push(`${field.name}: required`);
@@ -425,7 +427,7 @@ router.post(
           }
           const ins_res = await table.tryInsertRow(
             row,
-            req.user || user || { role_id: 10 }
+            req.user || user || { role_id: 100 }
           );
           if (ins_res.error) {
             getState().log(2, `API POST ${table.name} error: ${ins_res.error}`);
@@ -463,8 +465,8 @@ router.post(
       async function (err, user, info) {
         if (accessAllowedWrite(req, user, table)) {
           const { _versions, ...row } = req.body;
-          const fields = await table.getFields();
-          readState(row, fields);
+          const fields = table.getFields();
+          readState(row, fields, req);
           let errors = [];
           let hasErrors = false;
           for (const k of Object.keys(row)) {
@@ -501,7 +503,7 @@ router.post(
           const ins_res = await table.tryUpdateRow(
             row,
             id,
-            user || req.user || { role_id: 10 }
+            user || req.user || { role_id: 100 }
           );
 
           if (ins_res.error) {
@@ -547,12 +549,12 @@ router.delete(
               //readState(row, fields);
               await table.deleteRows(
                 { [pk_name]: row[pk_name] },
-                user || req.user || { role_id: 10 }
+                user || req.user || { role_id: 100 }
               );
             } else
               await table.deleteRows(
                 { id },
-                user || req.user || { role_id: 10 }
+                user || req.user || { role_id: 100 }
               );
             res.json({ success: true });
           } catch (e) {

package/routes/common_lists.js

@@ -363,7 +363,10 @@ const getTriggerList = (triggers, req, { tagId, domId, showList } = {}) => {
       { label: req.__("Action"), key: "action" },
       {
         label: req.__("Table or Channel"),
-        key: (r) => r.table_name || r.channel,
+        key: (r) =>
+          r.table_name
+            ? a({ href: `/table/${r.table_name}` }, r.table_name)
+            : r.channel,
       },
       {
         label: req.__("When"),

package/routes/delete.js

@@ -34,14 +34,14 @@ router.post(
     const { redirect } = req.query;
     // todo check that works after where change
     const table = await Table.findOne({ name: tableName });
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     try {
       if (role <= table.min_role_write)
-        await table.deleteRows({ id }, req.user || { role_id: 10 });
+        await table.deleteRows({ id }, req.user || { role_id: 100 });
       else if (table.ownership_field_id && req.user) {
         const row = await table.getRow({ id });
         if (row && table.is_owner(req.user, row))
-          await table.deleteRows({ id }, req.user || { role_id: 10 });
+          await table.deleteRows({ id }, req.user || { role_id: 100 });
         else req.flash("error", req.__("Not authorized"));
       } else
         req.flash(

package/routes/edit.js

@@ -41,7 +41,7 @@ router.post(
       await table.updateRow(
         { [field_name]: !row[field_name] },
         id,
-        req.user || { role_id: 10 }
+        req.user || { role_id: 100 }
       );
 
     if (req.xhr) res.send("OK");

package/routes/fields.js

@@ -83,6 +83,13 @@ const fieldForm = async (req, fkey_opts, existing_names, id, hasData) => {
           if (!s || s === "") return req.__("Missing label");
           if (!id && existing_names.includes(Field.labelToName(s)))
             return req.__("Column %s already exists", s);
+          if (Field.labelToName(s) === "row")
+            return req.__("Not a valid field name");
+          try {
+            new Function(Field.labelToName(s), "return;");
+          } catch {
+            return req.__("Not a valid field name");
+          }
         },
       }),
       // description
@@ -464,14 +471,11 @@ const fieldFlow = (req) =>
       },
       {
         name: req.__("Default"),
-        onlyWhen: async (context) => {
-          if (!context.required || context.id || context.calculated)
-            return false;
+        onlyWhen: async (context) => context.required && !context.calculated,
+
+        form: async (context) => {
           const table = await Table.findOne({ id: context.table_id });
           const nrows = await table.countRows();
-          return nrows > 0;
-        },
-        form: async (context) => {
           const formfield = new Field({
             name: "default",
             label: req.__("Default"),
@@ -484,12 +488,28 @@ const fieldFlow = (req) =>
             },
           });
           await formfield.fill_fkey_options();
-          return new Form({
-            blurb: req.__(
-              "A default value is required when adding required fields to nonempty tables"
-            ),
-            fields: [formfield],
+          const defaultOptional = nrows === 0 || context.id;
+          if (defaultOptional) formfield.showIf = { set_default: true };
+
+          const form = new Form({
+            blurb: defaultOptional
+              ? req.__("Set a default value for missing data")
+              : req.__(
+                  "A default value is required when adding required fields to nonempty tables"
+                ),
+            fields: [
+              ...(defaultOptional
+                ? [{ name: "set_default", label: "Set Default", type: "Bool" }]
+                : []),
+              formfield,
+            ],
           });
+          if (
+            typeof context.default !== "undefined" &&
+            context.default !== null
+          )
+            form.values.set_default = true;
+          return form;
         },
       },
     ],
@@ -717,7 +737,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { tableName, fieldName, fieldview } = req.params;
     const table = await Table.findOne({ name: tableName });
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
 
     const fields = await table.getFields();
     let row = { ...req.body };

package/routes/files.js

@@ -130,7 +130,7 @@ router.get(
 router.get(
   "/download/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     const file = await File.findOne(serve_path);
@@ -155,7 +155,7 @@ router.post(
   isAdmin,
 
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const files = req.body.files;
     const location = req.body.location;
@@ -189,7 +189,7 @@ router.post(
 router.get(
   "/serve/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const serve_path = req.params[0];
     //let file;
@@ -201,7 +201,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       if (file.s3_store) s3storage.serveObject(file, res, false);
       else res.sendFile(file.location);
@@ -228,7 +228,7 @@ router.get(
 router.get(
   "/resize/:width_str/:height_str/*",
   error_catcher(async (req, res) => {
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const { width_str, height_str } = req.params;
     const serve_path = req.params[0];
@@ -240,7 +240,7 @@ router.get(
       (role <= file.min_role_read || (user_id && user_id === file.user_id))
     ) {
       res.type(file.mimetype);
-      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      const cacheability = file.min_role_read === 100 ? "public" : "private";
       res.set("Cache-Control", `${cacheability}, max-age=86400`);
       //TODO s3
       if (file.s3_store) s3storage.serveObject(file, res, false);
@@ -386,7 +386,7 @@ router.post(
     let { folder } = req.body;
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     let file_for_redirect;
     if (role > +min_role_upload) {
       if (!req.xhr) req.flash("warning", req.__("Not authorized"));

package/routes/homepage.js

@@ -426,7 +426,7 @@ const welcome_page = async (req) => {
  * @returns {Promise<void>}
  */
 const no_views_logged_in = async (req, res) => {
-  const role = req.user && req.user.id ? req.user.role_id : 10;
+  const role = req.user && req.user.id ? req.user.role_id : 100;
   if (role > 1 || req.user.tenant !== db.getTenantSchema())
     res.sendWrap(req.__("Hello"), req.__("Welcome to Saltcorn!"));
   else {
@@ -463,7 +463,7 @@ const no_views_logged_in = async (req, res) => {
 const get_config_response = async (role_id, res, req) => {
   const modernCfg = getState().getConfig("home_page_by_role", false);
   // predefined roles
-  const legacy_role = { 10: "public", 8: "user", 4: "staff", 1: "admin" }[
+  const legacy_role = { 100: "public", 80: "user", 40: "staff", 1: "admin" }[
     role_id
   ];
   let homeCfg = modernCfg && modernCfg[role_id];
@@ -497,7 +497,7 @@ module.exports =
    */
   async (req, res) => {
     const isAuth = req.user && req.user.id;
-    const role_id = req.user ? req.user.role_id : 10;
+    const role_id = req.user ? req.user.role_id : 100;
     const cfgResp = await get_config_response(role_id, res, req);
     if (cfgResp) return;
 

package/routes/index.js

@@ -1,44 +1,5 @@
 /**
  * Index is Main Router of App
- * @category server
- * @module routes/index
- * @subcategory routes
- */
-
-/**
- * All files in the routes module.
- * @namespace routes_overview
- * @property {module:routes/actions} actions
- * @property {module:routes/admin} admin
- * @property {module:routes/api} api
- * @property {module:routes/config} config
- * @property {module:routes/crashlog} crashlog
- * @property {module:routes/delete} delete
- * @property {module:routes/edit} edit
- * @property {module:routes/eventlog} eventlog
- * @property {module:routes/events} events
- * @property {module:routes/fields} fields
- * @property {module:routes/files} files
- * @property {module:routes/homepage} homepage
- * @property {module:routes/infoarch} infoarch
- * @property {module:routes/library} library
- * @property {module:routes/list} list
- * @property {module:routes/menu} menu
- * @property {module:routes/packs} packs
- * @property {module:routes/page} page
- * @property {module:routes/pageedit} pageedit
- * @property {module:routes/plugins} plugins
- * @property {module:routes/scapi} scapi
- * @property {module:routes/search} search
- * @property {module:routes/settings} settings
- * @property {module:routes/tables} tables
- * @property {module:routes/tenant} tenant
- * @property {module:routes/utils} utils
- * @property {module:routes/view} view
- * @property {module:routes/viewedit} viewedit
- *
- * @category server
- * @subcategory routes
  */
 
 const table = require("./tables");
@@ -71,7 +32,8 @@ const useradmin = require("../auth/admin");
 const roleadmin = require("../auth/roleadmin");
 const tags = require("./tags");
 const tagentries = require("./tag_entries");
-const dataDiagram = require("./diagram");
+const diagram = require("./diagram");
+const sync = require("./sync");
 
 module.exports =
   /**
@@ -109,5 +71,6 @@ module.exports =
     app.use("/roleadmin", roleadmin);
     app.use("/tag", tags);
     app.use("/tag-entries", tagentries);
-    app.use("/diagram", dataDiagram);
+    app.use("/diagram", diagram);
+    app.use("/sync", sync);
   };

package/routes/menu.js

@@ -454,7 +454,7 @@ router.post(
   "/runaction/:name",
   error_catcher(async (req, res) => {
     const { name } = req.params;
-    const role = (req.user || {}).role_id || 10;
+    const role = (req.user || {}).role_id || 100;
     const state = getState();
     const menu_items = state.getConfig("menu_items");
     let menu_item;

package/routes/page.js

@@ -42,7 +42,7 @@ router.get(
     state.log(3, `Route /page/${pagename} user=${req.user?.id}`);
     const tic = state.logLevel >= 5 ? new Date() : null;
 
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       const contents = await db_page.run(req.query, { res, req });
@@ -104,7 +104,7 @@ router.post(
   "/:pagename/action/:rndid",
   error_catcher(async (req, res) => {
     const { pagename, rndid } = req.params;
-    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 100;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       let col;

package/routes/pageedit.js

@@ -387,7 +387,7 @@ router.get(
   isAdmin,
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
-    const page = await Page.findOne({ name: pagename });
+    const [page] = await Page.find({ name: pagename });
     if (!page) {
       req.flash("error", req.__(`Page %s not found`, pagename));
       res.redirect(`/pageedit`);
@@ -506,7 +506,7 @@ router.post(
     const valres = form.validate(req.body);
     if (valres.success) {
       const home_page_by_role =
-        getState().getConfigCopy("home_page_by_role", []) || [];
+        getState().getConfigCopy("home_page_by_role", {}) || {};
       for (const role of roles) {
         home_page_by_role[role.id] = valres.success[role.role];
       }

package/routes/scapi.js

@@ -49,7 +49,7 @@ function accessAllowedRead(req, user) {
       ? req.user.role_id
       : user && user.role_id
       ? user.role_id
-      : 10;
+      : 100;
 
   if (role === 1) return true;
   return false;