@saltcorn/server 0.8.8-beta.4 → 0.8.8-beta.6

package/auth/routes.js

@@ -254,7 +254,9 @@ const loginWithJwt = async (email, password, saltcornApp, res, req) => {
         res.json(token);
       } else {
         res.json({
-          alerts: [{ type: "danger", msg: req.__("Incorrect user or password") }],
+          alerts: [
+            { type: "danger", msg: req.__("Incorrect user or password") },
+          ],
         });
       }
     } else if (publicUserLink) {
@@ -276,7 +278,9 @@ const loginWithJwt = async (email, password, saltcornApp, res, req) => {
       res.json(token);
     } else {
       res.json({
-        alerts: [{ type: "danger", msg: req.__("The public login is deactivated") }],
+        alerts: [
+          { type: "danger", msg: req.__("The public login is deactivated") },
+        ],
       });
     }
   };
@@ -628,9 +632,11 @@ router.post(
  * @throws {InvalidConfiguration}
  */
 const getNewUserForm = async (new_user_view_name, req, askEmail) => {
+  if (!new_user_view_name) return;
   const view = await View.findOne({ name: new_user_view_name });
   if (!view)
     throw new InvalidConfiguration("New user form view does not exist");
+  if (view.viewtemplate !== "Edit") return;
   const table = Table.findOne({ name: "users" });
   const fields = table.getFields();
   const { columns, layout } = view.configuration;
@@ -704,14 +710,14 @@ const getNewUserForm = async (new_user_view_name, req, askEmail) => {
  * @param {object} res
  * @returns {void}
  */
-const signup_login_with_user = (u, req, res) =>
+const signup_login_with_user = (u, req, res, redirUrl) =>
   req.login(u.session_object, function (err) {
     if (!err) {
       Trigger.emitEvent("Login", null, u);
       if (getState().verifier) res.redirect("/auth/verification-flow");
       else if (getState().get2FApolicy(u) === "Mandatory")
         res.redirect("/auth/twofa/setup/totp");
-      else res.redirect("/");
+      else res.redirect(redirUrl || "/");
     } else {
       req.flash("danger", err);
       res.redirect("/auth/signup");
@@ -869,7 +875,8 @@ router.post(
       return;
     }
 
-    const unsuitableEmailPassword = async (email, password, passwordRepeat) => {
+    const unsuitableEmailPassword = async (urecord) => {
+      const { email, password, passwordRepeat } = urecord;
       if (!email || !password) {
         req.flash("danger", req.__("E-mail and password required"));
         res.redirect("/auth/signup");
@@ -911,6 +918,12 @@ router.post(
         res.redirect("/auth/signup");
         return true;
       }
+      let constraint_check_error = User.table.check_table_constraints(urecord);
+      if (constraint_check_error) {
+        req.flash("danger", constraint_check_error);
+        res.redirect("/auth/signup");
+        return true;
+      }
     };
     const new_user_form = getState().getConfig("new_user_form");
 
@@ -943,21 +956,32 @@ router.post(
             signup_form.values[f.name] = signup_form.values[f.name] || "";
         });
         const userObject = signup_form.values;
-        const { email, password, passwordRepeat } = userObject;
-        if (await unsuitableEmailPassword(email, password, passwordRepeat))
-          return;
-        if (new_user_form) {
-          const form = await getNewUserForm(new_user_form, req);
+        //const { email, password, passwordRepeat } = userObject;
+        if (await unsuitableEmailPassword(userObject)) return;
+        const new_user_form_form = await getNewUserForm(new_user_form, req);
+        if (new_user_form_form) {
           Object.entries(userObject).forEach(([k, v]) => {
-            form.values[k] = v;
-            if (!form.fields.find((f) => f.name === k)) form.hidden(k);
+            new_user_form_form.values[k] = v;
+            if (!new_user_form_form.fields.find((f) => f.name === k))
+              new_user_form_form.hidden(k);
           });
-          res.sendAuthWrap(new_user_form, form, getAuthLinks("signup", true));
+          res.sendAuthWrap(
+            new_user_form,
+            new_user_form_form,
+            getAuthLinks("signup", true)
+          );
         } else {
           const u = await User.create(userObject);
           await send_verification_email(u, req);
 
-          signup_login_with_user(u, req, res);
+          signup_login_with_user(
+            u,
+            req,
+            res,
+            new_user_form && !new_user_form_form
+              ? `/view/${new_user_form}?id=${u.id}`
+              : undefined
+          );
         }
         return;
       }
@@ -972,7 +996,7 @@ router.post(
       res.sendAuthWrap(req.__(`Sign up`), form, getAuthLinks("signup"));
     } else {
       const { email, password } = form.values;
-      if (await unsuitableEmailPassword(email, password)) return;
+      if (await unsuitableEmailPassword({ email, password })) return;
       if (new_user_form) {
         const form = await getNewUserForm(new_user_form, req);
         form.values.email = email;
@@ -1100,7 +1124,13 @@ router.get(
     const { method } = req.params;
     if (method === "jwt") {
       const { email, password } = req.query;
-      await loginWithJwt(email, password, req.headers["x-saltcorn-app"], res, req);
+      await loginWithJwt(
+        email,
+        password,
+        req.headers["x-saltcorn-app"],
+        res,
+        req
+      );
     } else {
       const auth = getState().auth_methods[method];
       if (auth) {

package/locales/en.json

@@ -1246,5 +1246,7 @@
 	"Included Plugins": "Included Plugins",
 	"exclude": "exclude",
 	"include": "include",
-	"Auto public login": "Auto public login"
-}
+	"Auto public login": "Auto public login",
+	"New user view": "New user view",
+	"A view to show to new users, to finalise registration (if Edit) or as a welcome view": "A view to show to new users, to finalise registration (if Edit) or as a welcome view"
+}

package/locales/it.json

@@ -503,5 +503,20 @@
 	"Table columns": "Table columns",
 	"Configuration items": "Configuration items",
 	"Crashlogs": "Crashlogs",
-	"Logged out user %s": "Logged out user %s"
-}
+	"Logged out user %s": "Logged out user %s",
+	"CSV upload": "CSV upload",
+	"Pages are the web pages of your application built with a drag-and-drop builder. They have static content, and by embedding views, dynamic content.": "Pages are the web pages of your application built with a drag-and-drop builder. They have static content, and by embedding views, dynamic content.",
+	"Create page": "Create page",
+	"Triggers run actions in response to events.": "Triggers run actions in response to events.",
+	"No triggers": "No triggers",
+	"Upload file(s)": "Upload file(s)",
+	"Pattern": "Pattern",
+	"You have views with a role to access lower than the table role to read, with no table ownership. This may cause a denial of access. Users need to have table read access to any data displayed.": "You have views with a role to access lower than the table role to read, with no table ownership. This may cause a denial of access. Users need to have table read access to any data displayed.",
+	"Views potentially affected": "Views potentially affected",
+	"Fixed and blocked fields": "Fixed and blocked fields",
+	"URL after delete": "URL after delete",
+	"Save before going back": "Save before going back",
+	"Reload after going back": "Reload after going back",
+	"Steps to go back": "Steps to go back",
+	"%s configuration": "%s configuration"
+}

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.8-beta.4",
+  "version": "0.8.8-beta.6",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.8-beta.4",
-    "@saltcorn/builder": "0.8.8-beta.4",
-    "@saltcorn/data": "0.8.8-beta.4",
-    "@saltcorn/admin-models": "0.8.8-beta.4",
-    "@saltcorn/filemanager": "0.8.8-beta.4",
-    "@saltcorn/markup": "0.8.8-beta.4",
-    "@saltcorn/sbadmin2": "0.8.8-beta.4",
+    "@saltcorn/base-plugin": "0.8.8-beta.6",
+    "@saltcorn/builder": "0.8.8-beta.6",
+    "@saltcorn/data": "0.8.8-beta.6",
+    "@saltcorn/admin-models": "0.8.8-beta.6",
+    "@saltcorn/filemanager": "0.8.8-beta.6",
+    "@saltcorn/markup": "0.8.8-beta.6",
+    "@saltcorn/sbadmin2": "0.8.8-beta.6",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -41,6 +41,15 @@ const _apply_showif_plugins = [];
 const add_apply_showif_plugin = (p) => {
   _apply_showif_plugins.push(p);
 };
+
+const nubBy = (prop, xs) => {
+  const vs = new Set();
+  return xs.filter((x) => {
+    if (vs.has(x[prop])) return false;
+    vs.add(x[prop]);
+    return true;
+  });
+};
 function apply_showif() {
   $("[data-show-if]").each(function (ix, element) {
     var e = $(element);
@@ -109,10 +118,16 @@ function apply_showif() {
     const dynwhere = JSON.parse(
       decodeURIComponent(e.attr("data-fetch-options"))
     );
-    //console.log(dynwhere);
-    const qs = Object.entries(dynwhere.whereParsed)
-      .map(([k, v]) => `${k}=${v[0] === "$" ? rec[v.substring(1)] : v}`)
-      .join("&");
+    //console.log("dynwhere", dynwhere);
+    const qss = Object.entries(dynwhere.whereParsed).map(
+      ([k, v]) => `${k}=${v[0] === "$" ? rec[v.substring(1)] : v}`
+    );
+    if (dynwhere.dereference) {
+      if (Array.isArray(dynwhere.dereference))
+        qss.push(...dynwhere.dereference.map((d) => `dereference=${d}`));
+      else qss.push(`dereference=${dynwhere.dereference}`);
+    }
+    const qs = qss.join("&");
     var current = e.attr("data-selected");
     e.change(function (ec) {
       e.attr("data-selected", ec.target.value);
@@ -129,7 +144,11 @@ function apply_showif() {
       if (!dynwhere.required) toAppend.push(`<option></option>`);
       let currentDataOption = undefined;
       const dataOptions = [];
-      success.forEach((r) => {
+      //console.log(success);
+      const success1 = dynwhere.nubBy
+        ? nubBy(dynwhere.nubBy, success)
+        : success;
+      success1.forEach((r) => {
         const label = dynwhere.label_formula
           ? new Function(
               `{${Object.keys(r).join(",")}}`,
@@ -137,6 +156,7 @@ function apply_showif() {
             )(r)
           : r[dynwhere.summary_field];
         const value = r[dynwhere.refname];
+        //console.log("lv", label, value, r, dynwhere.summary_field);
         const selected = `${current}` === `${r[dynwhere.refname]}`;
         dataOptions.push({ text: label, value });
         if (selected) currentDataOption = value;
@@ -510,6 +530,14 @@ function initialize_page() {
     if (schema) {
       schema = JSON.parse(decodeURIComponent(schema));
     }
+    if (type === "Date") {
+      console.log("timeelsems", $(this).find("span.current time"));
+      current =
+        $(this).attr("data-inline-edit-current") ||
+        $(this).find("span.current time").attr("datetime"); // ||
+      //$(this).children("span.current").html();
+    }
+    console.log({ type, current });
     var is_key = type?.startsWith("Key:");
     const opts = encodeURIComponent(
       JSON.stringify({
@@ -875,7 +903,7 @@ function common_done(res, isWeb = true) {
   if (res.eval_js) handle(res.eval_js, eval);
 
   if (res.reload_page) {
-    (isWeb ? location : parent.location).reload(); //TODO notify to cookie if reload or goto
+    (isWeb ? location : parent).reload(); //TODO notify to cookie if reload or goto
   }
   if (res.download) {
     handle(res.download, (download) => {

package/public/saltcorn.css

@@ -467,3 +467,8 @@ div.unread-notify {
 .sc-modal-linkout {
   color: inherit;
 }
+
+.link-style {
+  cursor: pointer;
+  text-decoration: underline;
+}

package/public/saltcorn.js

@@ -1,18 +1,22 @@
-function sortby(k, desc, viewIdentifier) {
-  set_state_fields({
-    [viewIdentifier ? `_${viewIdentifier}_sortby` : "_sortby"]: k,
-    [viewIdentifier ? `_${viewIdentifier}_sortdesc` : "_sortdesc"]: desc
-      ? "on"
-      : { unset: true },
-  });
+function sortby(k, desc, viewIdentifier, e) {
+  set_state_fields(
+    {
+      [viewIdentifier ? `_${viewIdentifier}_sortby` : "_sortby"]: k,
+      [viewIdentifier ? `_${viewIdentifier}_sortdesc` : "_sortdesc"]: desc
+        ? "on"
+        : { unset: true },
+    },
+    false,
+    e
+  );
 }
-function gopage(n, pagesize, viewIdentifier, extra = {}) {
+function gopage(n, pagesize, viewIdentifier, extra = {}, e) {
   const cfg = {
     ...extra,
     [viewIdentifier ? `_${viewIdentifier}_page` : "_page"]: n,
     [viewIdentifier ? `_${viewIdentifier}_pagesize` : "_pagesize"]: pagesize,
   };
-  set_state_fields(cfg);
+  set_state_fields(cfg, false, e);
 }
 
 if (localStorage.getItem("reload_on_init")) {
@@ -72,28 +76,31 @@ function get_current_state_url(e) {
   else return $modal.prop("data-modal-state");
 }
 
-function select_id(id) {
-  pjax_to(updateQueryStringParameter(get_current_state_url(), "id", id));
+function select_id(id, e) {
+  pjax_to(updateQueryStringParameter(get_current_state_url(e), "id", id), e);
 }
 
 function set_state_field(key, value, e) {
   pjax_to(updateQueryStringParameter(get_current_state_url(e), key, value), e);
 }
 
-function check_state_field(that) {
+function check_state_field(that, e) {
   const checked = that.checked;
   const name = that.name;
   const value = encodeURIComponent(that.value);
-  var separator = window.location.href.indexOf("?") !== -1 ? "&" : "?";
+  var separator = get_current_state_url(e).indexOf("?") !== -1 ? "&" : "?";
   let dest;
-  if (checked) dest = get_current_state_url() + `${separator}${name}=${value}`;
-  else dest = get_current_state_url().replace(`${name}=${value}`, "");
-  pjax_to(dest.replace("&&", "&").replace("?&", "?"));
+  if (checked) dest = get_current_state_url(e) + `${separator}${name}=${value}`;
+  else dest = get_current_state_url(e).replace(`${name}=${value}`, "");
+  pjax_to(dest.replace("&&", "&").replace("?&", "?"), e);
 }
 
 function invalidate_pagings(href) {
   let newhref = href;
-  const queryObj = Object.fromEntries(new URL(newhref).searchParams.entries());
+  const prev = new URL(window.location.href);
+  const queryObj = Object.fromEntries(
+    new URL(newhref, prev.origin).searchParams.entries()
+  );
   const toRemove = Object.keys(queryObj).filter((val) => is_paging_param(val));
   for (const k of toRemove) {
     newhref = removeQueryStringParameter(newhref, k);
@@ -173,12 +180,12 @@ function pjax_to(href, e) {
 function href_to(href) {
   window.location.href = href;
 }
-function clear_state(omit_fields_str) {
-  let newUrl = get_current_state_url().split("?")[0];
-  const hash = get_current_state_url().split("#")[1];
+function clear_state(omit_fields_str, e) {
+  let newUrl = get_current_state_url(e).split("?")[0];
+  const hash = get_current_state_url(e).split("#")[1];
   if (omit_fields_str) {
     const omit_fields = omit_fields_str.split(",").map((s) => s.trim());
-    let qs = (get_current_state_url().split("?")[1] || "").split("#")[0];
+    let qs = (get_current_state_url(e).split("?")[1] || "").split("#")[0];
     let params = new URLSearchParams(qs);
     newUrl = newUrl + "?";
     omit_fields.forEach((f) => {
@@ -188,7 +195,7 @@ function clear_state(omit_fields_str) {
   }
   if (hash) newUrl += "#" + hash;
 
-  pjax_to(newUrl);
+  pjax_to(newUrl, e);
 }
 
 function ajax_done(res) {
@@ -389,6 +396,20 @@ function saveAndContinue(e, k) {
   return false;
 }
 
+function updateMatchingRows(e, viewname) {
+  const form = $(e).closest("form");
+  try {
+    const sp = `${new URL(get_current_state_url()).searchParams.toString()}`;
+    form.attr(
+      "action",
+      `/view/${viewname}/update_matching_rows${sp ? `?${sp}` : ""}`
+    );
+    form[0].submit();
+  } finally {
+    form.attr("action", `/view/${viewname}`);
+  }
+}
+
 function applyViewConfig(e, url, k) {
   var form = $(e).closest("form");
   var form_data = form.serializeArray();
@@ -755,6 +776,18 @@ function toggle_tbl_sync() {
   }
 }
 
+function toggle_android_platform() {
+  if ($("#androidCheckboxId")[0].checked === true) {
+    $("#dockerCheckboxId").attr("hidden", false);
+    $("#dockerCheckboxId").attr("checked", true);
+    $("#dockerLabelId").removeClass("d-none");
+  } else {
+    $("#dockerCheckboxId").attr("hidden", true);
+    $("#dockerCheckboxId").attr("checked", false);
+    $("#dockerLabelId").addClass("d-none");
+  }
+}
+
 function join_field_clicked(e, fieldPath) {
   $("#inputjoin_field").val(fieldPath);
   apply_showif();

package/routes/admin.js

@@ -1535,7 +1535,9 @@ router.get(
                     div({ class: "col-sm-4 fw-bold" }, req.__("Platform")),
                     div(
                       {
-                        class: "col-sm-1 fw-bold d-flex justify-content-center",
+                        class:
+                          "col-sm-1 fw-bold d-flex justify-content-center d-none",
+                        id: "dockerLabelId",
                       },
                       req.__("docker")
                     )
@@ -1596,7 +1598,7 @@ router.get(
                     ),
                     div(
                       { class: "col-sm-4" },
-
+                      // android
                       div(
                         { class: "container ps-0" },
                         div(
@@ -1609,9 +1611,11 @@ router.get(
                               class: "form-check-input",
                               name: "androidPlatform",
                               id: "androidCheckboxId",
+                              onClick: "toggle_android_platform()",
                             })
                           )
                         ),
+                        // iOS
                         div(
                           { class: "row" },
                           div({ class: "col-sm-8" }, req.__("iOS")),
@@ -1627,6 +1631,7 @@ router.get(
                         )
                       )
                     ),
+                    // android with docker
                     div(
                       { class: "col-sm-1 d-flex justify-content-center" },
                       input({
@@ -1634,6 +1639,7 @@ router.get(
                         class: "form-check-input",
                         name: "useDocker",
                         id: "dockerCheckboxId",
+                        hidden: true,
                       })
                     )
                   ),

package/routes/api.js

@@ -251,7 +251,8 @@ router.get(
   //passport.authenticate("api-bearer", { session: false }),
   error_catcher(async (req, res, next) => {
     let { tableName } = req.params;
-    const { fields, versioncount, approximate, ...req_query } = req.query;
+    const { fields, versioncount, approximate, dereference, ...req_query } =
+      req.query;
     const table = Table.findOne(
       strictParseInt(tableName)
         ? { id: strictParseInt(tableName) }
@@ -284,7 +285,7 @@ router.get(
               },
             };
             rows = await table.getJoinedRows(joinOpts);
-          } else if (req_query && req_query !== {}) {
+          } else {
             const tbl_fields = table.getFields();
             readState(req_query, tbl_fields, req);
             const qstate = await stateFieldsToWhere({
@@ -293,18 +294,26 @@ router.get(
               state: req_query,
               table,
             });
-            rows = await table.getRows(qstate, {
+            const joinFields = {};
+            const derefs = Array.isArray(dereference)
+              ? dereference
+              : !dereference
+              ? []
+              : [dereference];
+            derefs.forEach((f) => {
+              const field = table.getField(f);
+              if (field?.attributes?.summary_field)
+                joinFields[`${f}_${field?.attributes?.summary_field}`] = {
+                  ref: f,
+                  target: field?.attributes?.summary_field,
+                };
+            });
+            rows = await table.getJoinedRows({
+              where: qstate,
+              joinFields,
               forPublic: !(req.user || user),
               forUser: req.user || user,
             });
-          } else {
-            rows = await table.getRows(
-              {},
-              {
-                forPublic: !(req.user || user),
-                forUser: req.user || user,
-              }
-            );
           }
           res.json({ success: rows.map(limitFields(fields)) });
         } else {

package/routes/common_lists.js

@@ -187,7 +187,7 @@ const viewsList = async (
             label: req.__("Name"),
             key: (r) => link(`/view/${encodeURIComponent(r.name)}`, r.name),
             sortlink: !tagId
-              ? `javascript:set_state_field('_sortby', 'name')`
+              ? `set_state_field('_sortby', 'name', this)`
               : undefined,
           },
           // description - currently I dont want to show description in view list
@@ -205,7 +205,7 @@ const viewsList = async (
             label: req.__("Pattern"),
             key: "viewtemplate",
             sortlink: !tagId
-              ? `javascript:set_state_field('_sortby', 'viewtemplate')`
+              ? `set_state_field('_sortby', 'viewtemplate', this)`
               : undefined,
           },
           ...(notable
@@ -215,7 +215,7 @@ const viewsList = async (
                   label: req.__("Table"),
                   key: (r) => link(`/table/${r.table}`, r.table),
                   sortlink: !tagId
-                    ? `javascript:set_state_field('_sortby', 'table')`
+                    ? `set_state_field('_sortby', 'table', this)`
                     : undefined,
                 },
               ]),

package/routes/crashlog.js

@@ -59,7 +59,7 @@ router.get(
         page_opts.pagination = {
           current_page,
           pages: Math.ceil(nrows / rows_per_page),
-          get_page_link: (n) => `javascript:gopage(${n}, ${rows_per_page})`,
+          get_page_link: (n) => `gopage(${n}, ${rows_per_page})`,
         };
       }
     }

package/routes/eventlog.js

@@ -180,6 +180,7 @@ const customEventForm = async (req) => {
         name: "name",
         label: req.__("Event Name"),
         type: "String",
+        required: true,
       },
       {
         name: "hasChannel",
@@ -256,11 +257,11 @@ router.post(
  * @function
  */
 router.post(
-  "/custom/delete/:name",
+  "/custom/delete/:name?",
   isAdmin,
   error_catcher(async (req, res) => {
-    const { name } = req.params;
-
+    let { name } = req.params;
+    if (!name) name = "";
     const cevs = getState().getConfig("custom_events", []);
 
     await getState().setConfig(
@@ -331,7 +332,7 @@ router.get(
         page_opts.pagination = {
           current_page,
           pages: Math.ceil(nrows / rows_per_page),
-          get_page_link: (n) => `javascript:gopage(${n}, ${rows_per_page})`,
+          get_page_link: (n) => `gopage(${n}, ${rows_per_page})`,
         };
       }
     }

package/routes/search.js

@@ -201,7 +201,7 @@ const runSearch = async ({ q, _page, table }, req, res) => {
         pages: current_page + (vresps.length === page_size ? 1 : 0),
         trailing_ellipsis: vresps.length === page_size,
         get_page_link: (n) =>
-          `javascript:gopage(${n}, ${page_size}, undefined, {table:'${tableName}'})`,
+          `gopage(${n}, ${page_size}, undefined, {table:'${tableName}'}, this)`,
       });
     }
 

package/routes/tables.js

@@ -90,7 +90,7 @@ const tableForm = async (table, req) => {
     noSubmitButton: true,
     onChange: "saveAndContinue(this)",
     fields: [
-      ...(!table.external
+      ...(!table.external && !table.provider_name
         ? [
             {
               label: req.__("Ownership field"),
@@ -146,9 +146,9 @@ const tableForm = async (table, req) => {
         name: "min_role_read",
         input_type: "select",
         options: roleOptions,
-        attributes: { asideNext: !table.external },
+        attributes: { asideNext: !table.external && !table.provider_name },
       },
-      ...(table.external
+      ...(table.external || table.provider_name
         ? []
         : [
             {
@@ -790,6 +790,7 @@ router.get(
             "<br>"
           : "",
         !table.external &&
+          !table.provider_name &&
           a(
             {
               href: `/field/new/${table.id}`,
@@ -903,6 +904,7 @@ router.get(
         )
       ),
       !table.external &&
+        !table.provider_name &&
         div(
           { class: "mx-auto" },
           form(
@@ -929,6 +931,7 @@ router.get(
           )
         ),
       !table.external &&
+        !table.provider_name &&
         div(
           { class: "mx-auto" },
           a(
@@ -944,6 +947,7 @@ router.get(
 
       // only if table is not external
       !table.external &&
+        !table.provider_name &&
         div(
           { class: "mx-auto" },
           settingsDropdown(`dataMenuButton`, [

package/tests/api.test.js

@@ -127,6 +127,22 @@ describe("API read", () => {
       .set("Cookie", loginCookie)
       .expect(succeedJsonWith((rows) => rows.length == 2));
   });
+  it("should dereference", async () => {
+    const loginCookie = await getStaffLoginCookie();
+
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/patients/?dereference=favbook")
+      .set("Cookie", loginCookie)
+      .expect(
+        succeedJsonWith(
+          (rows) =>
+            rows.length == 2 &&
+            rows.find((r) => r.favbook === 1).favbook_author ==
+              "Herman Melville"
+        )
+      );
+  });
   it("should add version counts", async () => {
     const patients = Table.findOne({ name: "patients" });
     await patients.update({ versioned: true });

package/tests/view.test.js

@@ -9,13 +9,12 @@ const {
   toNotInclude,
   resetToFixtures,
   respondJsonWith,
+  toSucceed,
 } = require("../auth/testhelp");
 const db = require("@saltcorn/data/db");
 const { getState } = require("@saltcorn/data/db/state");
 const View = require("@saltcorn/data/models/view");
 const Table = require("@saltcorn/data/models/table");
-const Trigger = require("@saltcorn/data/models/trigger");
-const Page = require("@saltcorn/data/models/page");
 
 const { plugin_with_routes } = require("@saltcorn/data/tests/mocks");
 
@@ -397,6 +396,70 @@ describe("action row_variable", () => {
   });
 });
 
+describe("update matching rows", () => {
+  const updateMatchingRows = async ({ query, body }) => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post(
+        `/view/author_multi_edit/update_matching_rows${
+          query ? `?${query}` : ""
+        }`
+      )
+      .set("Cookie", loginCookie)
+      .send(body)
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(toSucceed(302));
+  };
+
+  beforeAll(async () => {
+    const table = Table.findOne({ name: "books" });
+    const field = table.getFields().find((f) => f.name === "author");
+    await field.update({ is_unique: false });
+  });
+
+  it("update matching books normal", async () => {
+    const table = Table.findOne({ name: "books" });
+    await updateMatchingRows({
+      query: "author=leo&publisher=1",
+      body: { author: "new_author" },
+    });
+    let actualRows = await table.getRows({ author: "new_author" });
+    expect(actualRows.length).toBe(1);
+    await updateMatchingRows({
+      query: "_gte_pages=600",
+      body: { author: "more_than" },
+    });
+    actualRows = await table.getRows({ author: "more_than" });
+    expect(actualRows.length >= 2).toBe(true);
+    const expected = (await table.getRows()).map((row) => {
+      return { id: row.id, author: "agi", pages: 100, publisher: null };
+    });
+    await updateMatchingRows({
+      body: { author: "agi", pages: 100, publisher: null },
+    });
+    actualRows = await table.getRows({});
+    expect(actualRows).toEqual(expected);
+  });
+
+  it("update matching books with edit-in-edit", async () => {
+    const disBooks = Table.findOne({ name: "discusses_books" });
+    await updateMatchingRows({
+      query: "id=2",
+      body: { author: "Leo Tolstoy" },
+    });
+    await updateMatchingRows({
+      query: "author=leo",
+      body: { author: "agi", discussant_0: "1", discussant_1: "2" },
+    });
+    const discBooksRows = (await disBooks.getRows({ book: 2 })).filter(
+      ({ discussant }) => discussant === 1 || discussant === 2
+    );
+    expect(discBooksRows.length).toBe(2);
+  });
+});
+
 describe("inbound relations", () => {
   it("view with inbound relation", async () => {
     const app = await getApp({ disableCsrf: true });