@saltcorn/server 0.8.7-beta.6 → 0.8.8-beta.0

package/routes/tables.js

@@ -11,6 +11,7 @@ const Table = require("@saltcorn/data/models/table");
 const File = require("@saltcorn/data/models/file");
 const View = require("@saltcorn/data/models/view");
 const User = require("@saltcorn/data/models/user");
+const Model = require("@saltcorn/data/models/model");
 const Trigger = require("@saltcorn/data/models/trigger");
 const {
   mkTable,
@@ -54,7 +55,7 @@ const {
 } = require("@saltcorn/data/models/discovery");
 const { getState } = require("@saltcorn/data/db/state");
 const { cardHeaderTabs } = require("@saltcorn/markup/layout_utils");
-const { tablesList } = require("./common_lists");
+const { tablesList, viewsList } = require("./common_lists");
 const {
   InvalidConfiguration,
   removeAllWhiteSpace,
@@ -463,7 +464,7 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-up",
-        onclick: "erHelper.translateY(-100)",
+        onclick: "erHelper.translateY(100)",
       },
       i({ class: "fas fa-chevron-up" })
     ),
@@ -477,7 +478,7 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-left",
-        onclick: "erHelper.translateX(-100)",
+        onclick: "erHelper.translateX(100)",
       },
       i({ class: "fas fa-chevron-left" })
     ),
@@ -488,14 +489,14 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-right",
-        onclick: "erHelper.translateX(100)",
+        onclick: "erHelper.translateX(-100)",
       },
       i({ class: "fas fa-chevron-right" })
     ),
     button(
       {
         class: "btn btn-primary er-down",
-        onclick: "erHelper.translateY(100)",
+        onclick: "erHelper.translateY(-100)",
       },
       i({ class: "fas fa-chevron-down" })
     ),
@@ -542,11 +543,30 @@ router.get(
           {
             headerTag: `
             <script type="module">
-              mermaid.initialize({ startOnLoad: false });
+              mermaid.initialize({ 
+                startOnLoad: false,
+                securityLevel: 'loose',
+              });
               await mermaid.run({
                 querySelector: ".mermaid",
                 postRenderCallback: (id) => {
                   $("#" + id).css("height", "calc(100vh - 250px)");
+                  $("#" + id + " > g").each(function(index) {
+                    const jThis = $(this);
+                    const id = jThis.attr("id");
+                    if (id) {
+                      const arr = /^entity-(.+)-(\\w+-\\w+-\\w+-\\w+-\\w+$)/.exec(id);
+                      if (arr?.length === 3) {
+                        const textEnt = $("#text-entity-" + arr[1] + "-" + arr[2]);
+                        textEnt.css("cursor", "pointer");
+                        textEnt.on("click", function () {
+                          if (!erHelper.isTranslating()) {
+                            window.open("/table/" + encodeURIComponent(this.innerHTML));
+                          }
+                        });
+                      }
+                    }
+                  });
                 }
               });
             </script>`,
@@ -573,17 +593,30 @@ router.get(
             contents: [
               div(
                 {
+                  id: "erd-wrapper",
                   style: "height: calc(100vh - 250px);",
                   class: "overflow-scroll position-relative",
                 },
                 screenshotPanel(),
                 pre(
-                  { class: "mermaid", style: "height: calc(100vh - 250px);" },
+                  {
+                    class: "mermaid",
+                    style: "height: calc(100vh - 250px); color: transparent;",
+                  },
                   buildMermaidMarkup(tables)
                 ),
                 navigationPanel()
               ),
               script({ src: "/relationship_diagram_utils.js" }),
+              script(
+                domReady(`
+                  const erdWrapper = $("#erd-wrapper")[0];
+                  erdWrapper.onwheel = erHelper.onWheel;
+                  erdWrapper.onmousedown = erHelper.onMouseDown;
+                  erdWrapper.onmouseup = erHelper.onMouseUp;
+                  window.addEventListener("mousemove", erHelper.onMouseMove);
+                `)
+              ),
             ],
           },
         ],
@@ -622,7 +655,14 @@ const attribBadges = (f) => {
   let s = "";
   if (f.attributes) {
     Object.entries(f.attributes).forEach(([k, v]) => {
-      if (["summary_field", "on_delete_cascade", "on_delete"].includes(k))
+      if (
+        [
+          "summary_field",
+          "on_delete_cascade",
+          "on_delete",
+          "unique_error_msg",
+        ].includes(k)
+      )
         return;
       if (v || v === 0) s += badge("secondary", k);
     });
@@ -753,37 +793,10 @@ router.get(
       );
       var viewCardContents;
       if (views.length > 0) {
-        viewCardContents = mkTable(
-          [
-            {
-              label: req.__("Name"),
-              key: (r) => link(`/view/${encodeURIComponent(r.name)}`, r.name),
-            },
-            { label: req.__("Pattern"), key: "viewtemplate" },
-            {
-              label: req.__("Configure"),
-              key: (r) =>
-                link(
-                  `/viewedit/config/${encodeURIComponent(
-                    r.name
-                  )}?on_done_redirect=${encodeURIComponent(
-                    `table/${table.name}`
-                  )}`,
-                  req.__("Configure")
-                ),
-            },
-            {
-              label: req.__("Delete"),
-              key: (r) =>
-                post_delete_btn(
-                  `/viewedit/delete/${encodeURIComponent(r.id)}`,
-                  req
-                ),
-            },
-          ],
-          views,
-          { hover: true }
-        );
+        viewCardContents = await viewsList(views, req, {
+          on_done_redirect: encodeURIComponent(`table/${table.name}`),
+          notable: true,
+        });
       } else {
         viewCardContents = div(
           h4(req.__("No views defined")),
@@ -806,6 +819,33 @@ router.get(
           ),
       };
     }
+    const models = await Model.find({ table_id: table.id });
+    const modelCard = div(
+      mkTable(
+        [
+          {
+            label: req.__("Name"),
+            key: (r) => link(`/models/show/${r.id}`, r.name),
+          },
+          { label: req.__("Pattern"), key: "modelpattern" },
+          {
+            label: req.__("Delete"),
+            key: (r) =>
+              post_delete_btn(
+                `/models/delete/${encodeURIComponent(r.id)}`,
+                req
+              ),
+          },
+        ],
+        models
+      ),
+      a(
+        { href: `/models/new/${table.id}`, class: "btn btn-primary" },
+        i({ class: "fas fa-plus-square me-1" }),
+        req.__("Create model")
+      )
+    );
+
     // Table Data card
     const dataCard = div(
       { class: "d-flex text-center" },
@@ -965,6 +1005,15 @@ router.get(
           titleAjaxIndicator: true,
           contents: renderForm(tblForm, req.csrfToken()),
         },
+        ...(Model.has_templates
+          ? [
+              {
+                type: "card",
+                title: req.__("Models"),
+                contents: modelCard,
+              },
+            ]
+          : []),
       ],
     });
   })
@@ -1357,11 +1406,19 @@ const constraintForm = (req, table_id, fields, type) => {
         blurb: req.__(
           "Tick the boxes for the fields that should be jointly unique"
         ),
-        fields: fields.map((f) => ({
-          name: f.name,
-          label: f.label,
-          type: "Bool",
-        })),
+        fields: [
+          ...fields.map((f) => ({
+            name: f.name,
+            label: f.label,
+            type: "Bool",
+          })),
+          {
+            name: "errormsg",
+            label: "Error message",
+            sublabel: "Shown the user if joint uniqueness is violated",
+            type: "String",
+          },
+        ],
       });
     case "Index":
       return new Form({
@@ -1453,11 +1510,12 @@ router.post(
     if (form.hasErrors) req.flash("error", req.__("An error occurred"));
     else {
       let configuration = {};
-      if (type === "Unique")
+      if (type === "Unique") {
         configuration.fields = fields
           .map((f) => f.name)
           .filter((f) => form.values[f]);
-      else configuration = form.values;
+        configuration.errormsg = form.values.errormsg;
+      } else configuration = form.values;
       await TableConstraint.create({
         table_id: table.id,
         type,
@@ -1841,7 +1899,7 @@ const get_provider_workflow = (table, req) => {
 
     return {
       redirect: `/table/${table.id}`,
-      flash: ["success", `Table ${this.name || ""} saved`],
+      flash: ["success", `Table ${table.name || ""} saved`],
     };
   };
   return workflow;

package/routes/view.js

@@ -8,6 +8,7 @@ const Router = require("express-promise-router");
 
 const View = require("@saltcorn/data/models/view");
 const Table = require("@saltcorn/data/models/table");
+const Trigger = require("@saltcorn/data/models/trigger");
 
 const { text, style } = require("@saltcorn/markup/tags");
 const {
@@ -51,7 +52,7 @@ router.get(
       res.redirect("/");
       return;
     }
-    const tic = state.logLevel >= 5 ? new Date() : null;
+    const tic = new Date();
 
     view.rewrite_query_from_slug(query, req.params);
     if (
@@ -85,11 +86,14 @@ router.get(
       res.set("SaltcornModalSaveIndicator", `true`);
     if (isModal && view.attributes?.popup_link_out)
       res.set("SaltcornModalLinkOut", `true`);
-    if (tic) {
-      const tock = new Date();
-      const ms = tock.getTime() - tic.getTime();
-      state.log(5, `View ${viewname} rendered in ${ms} ms`);
-    }
+    const tock = new Date();
+    const ms = tock.getTime() - tic.getTime();
+    Trigger.emitEvent("PageLoad", null, req.user, {
+      text: req.__("View '%s' was loaded", viewname),
+      type: "view",
+      name: viewname,
+      render_time: ms,
+    });
     if (typeof contents === "object" && contents.goto)
       res.redirect(contents.goto);
     else

package/routes/viewedit.js

@@ -13,7 +13,12 @@ const { p, a, div, script, text, domReady, code, pre, tbody, tr, th, td } =
   tags;
 
 const { getState } = require("@saltcorn/data/db/state");
-const { isAdmin, error_catcher, addOnDoneRedirect } = require("./utils.js");
+const {
+  isAdmin,
+  error_catcher,
+  addOnDoneRedirect,
+  is_relative_url,
+} = require("./utils.js");
 const { setTableRefs, viewsList } = require("./common_lists");
 const Form = require("@saltcorn/data/models/form");
 const Field = require("@saltcorn/data/models/field");
@@ -675,7 +680,11 @@ router.post(
         view.name
       )
     );
-    res.redirect(`/viewedit`);
+    let redirectTarget =
+      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+        ? `/${req.query.on_done_redirect}`
+        : "/viewedit";
+    res.redirect(redirectTarget);
   })
 );
 
@@ -696,7 +705,11 @@ router.post(
       "success",
       req.__("View %s duplicated as %s", view.name, newview.name)
     );
-    res.redirect(`/viewedit`);
+    let redirectTarget =
+      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+        ? `/${req.query.on_done_redirect}`
+        : "/viewedit";
+    res.redirect(redirectTarget);
   })
 );
 
@@ -713,7 +726,11 @@ router.post(
     const { id } = req.params;
     await View.delete({ id });
     req.flash("success", req.__("View deleted"));
-    res.redirect(`/viewedit`);
+    let redirectTarget =
+      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+        ? `/${req.query.on_done_redirect}`
+        : "/viewedit";
+    res.redirect(redirectTarget);
   })
 );
 
@@ -805,7 +822,12 @@ router.post(
         : req.__(`Minimum role updated`);
     if (!req.xhr) {
       req.flash("success", message);
-      res.redirect("/viewedit");
+      let redirectTarget =
+        req.query.on_done_redirect &&
+        is_relative_url(req.query.on_done_redirect)
+          ? `/${req.query.on_done_redirect}`
+          : "/viewedit";
+      res.redirect(redirectTarget);
     } else res.json({ okay: true, responseText: message });
   })
 );

package/tests/plugins.test.js

@@ -2,8 +2,13 @@ const request = require("supertest");
 const getApp = require("../app");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
-const { getState } = require("@saltcorn/data/db/state");
-
+const { getState, add_tenant } = require("@saltcorn/data/db/state");
+const { install_pack } = require("@saltcorn/admin-models/models/pack");
+const {
+  switchToTenant,
+  insertTenant,
+  create_tenant,
+} = require("@saltcorn/admin-models/models/tenant");
 const {
   getAdminLoginCookie,
   itShouldRedirectUnauthToLogin,
@@ -16,6 +21,7 @@ const db = require("@saltcorn/data/db");
 const load_plugins = require("../load_plugins");
 
 beforeAll(async () => {
+  if (!db.isSQLite) await db.query(`drop schema if exists test101 CASCADE `);
   await resetToFixtures();
 });
 afterAll(db.close);
@@ -325,3 +331,98 @@ describe("config endpoints", () => {
       .expect(toInclude(">FooSiteName<"));
   });
 });
+
+const plugin_pack = (plugin) => ({
+  tables: [],
+  views: [],
+  plugins: [
+    {
+      ...plugin,
+      configuration: null,
+    },
+  ],
+  pages: [],
+  roles: [],
+  library: [],
+  triggers: [],
+});
+
+describe("Tenant cannot install unsafe plugins", () => {
+  if (!db.isSQLite) {
+    it("creates a new tenant", async () => {
+      db.enable_multi_tenant();
+      const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+
+      await getState().setConfig("base_url", "http://example.com/");
+
+      add_tenant("test101");
+
+      await switchToTenant(
+        await insertTenant("test101", "foo@foo.com", ""),
+        "http://test101.example.com/"
+      );
+
+      await create_tenant({
+        t: "test101",
+        loadAndSaveNewPlugin,
+        plugin_loader() {},
+      });
+    });
+    it("can install safe plugins on tenant", async () => {
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+
+        await install_pack(
+          plugin_pack({
+            name: "html",
+            source: "npm",
+            location: "@saltcorn/html",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "html" });
+        expect(dbPlugin).not.toBe(null);
+      });
+    });
+    it("cannot install unsafe plugins on tenant", async () => {
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+
+        await install_pack(
+          plugin_pack({
+            name: "sql-list",
+            source: "npm",
+            location: "@saltcorn/sql-list",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "sql-list" });
+        expect(dbPlugin).toBe(null);
+      });
+    });
+    it("can install unsafe plugins on tenant when permitted", async () => {
+      await getState().setConfig("tenants_unsafe_plugins", true);
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+
+        await install_pack(
+          plugin_pack({
+            name: "sql-list",
+            source: "npm",
+            location: "@saltcorn/sql-list",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "sql-list" });
+        expect(dbPlugin).not.toBe(null);
+      });
+    });
+  } else {
+    it("does not support tenants on SQLite", async () => {
+      expect(db.isSQLite).toBe(true);
+    });
+  }
+});