@saltcorn/server 0.9.0-beta.6 → 0.9.0-beta.8

package/app.js

@@ -128,17 +128,23 @@ const getApp = async (opts = {}) => {
   app.use(helmet());
   // TODO ch find a better solution
   app.use(cors());
+  const bodyLimit = getState().getConfig("body_limit");
   app.use(
     express.json({
-      limit: "5mb",
+      limit: bodyLimit ? `${bodyLimit}kb` : "5mb",
       verify: (req, res, buf) => {
         req.rawBody = buf;
       },
     })
   );
-  // extenetede url encoding in use
+  const urlencodedLimit = getState().getConfig("url_encoded_limit");
+  // extended url encoding in use
   app.use(
-    express.urlencoded({ limit: "5mb", extended: true, parameterLimit: 50000 })
+    express.urlencoded({
+      limit: urlencodedLimit ? `${urlencodedLimit}kb` : "5mb",
+      extended: true,
+      parameterLimit: 50000,
+    })
   );
 
   // cookies

package/errors.js

@@ -46,10 +46,10 @@ module.exports =
             ? text(err.message)
             : req.__("An error occurred")
         );
-    } else
-      res
-        .status(code)
-        .sendWrap(
+    } else {
+      const _res = res.status(code);
+      if (_res.sendWrap)
+        _res.sendWrap(
           req.__(headline),
           devmode ? pre(text(err.stack)) : h3(req.__(headline)),
           role === 1 && !devmode ? pre(text(err.message)) : "",
@@ -61,4 +61,15 @@ module.exports =
               )
             : ""
         );
+      else
+        _res.send(
+          `<h2>${
+            err.message
+              ? err.message
+              : req.__
+              ? req.__("An error occurred")
+              : "An error occurred"
+          }</h2>`
+        );
+    }
   };

package/help/Actions.tmd

@@ -0,0 +1,9 @@
+The action chosen will determine what happens when the trigger occurs. 
+After you have chosen an action, there will be further configuration of that action.
+
+The available actions, some of which are only accessible when the trigger is 
+table-related, are: 
+
+{{# for (const [name, action] of Object.entries(scState.actions)) { }}
+* `{{name}}`: {{action.description||""}}
+{{# } }}

package/help/JavaScript action code.tmd

@@ -0,0 +1,159 @@
+Here you can enter the code that needs to run when this trigger occurs. 
+The action can manipulate rows in the database, manipulate files, interact 
+with remote APIs, or issue directives for the user's display.
+
+Your code can use await at the top level, and should do so whenever calling 
+database queries or other aynchronous code (see example below)
+
+The variable `table` is the associated table (if any; note lowercase). If you want to access a different table,
+use the `Table` variable (note uppercase) to access the Table class of tables (see 
+[documentation for Table class](https://saltcorn.github.io/saltcorn/classes/_saltcorn_data.models.Table-1.html))
+
+Example:
+
+```
+await table.insertRow({name: "Alex", age: 43})
+const otherTable = Table.findOne({name: "Orders"})
+await otherTable.deleteRows({id: order})
+```
+
+In addition to `table` and `Table`, you can use other functions/variables:
+
+#### `console`
+
+Use this to print to the terminal.
+
+Example: `console.log("Hello world")`
+
+#### `Actions`
+
+Use `Actions.{ACTION NAME}` to run an action.
+
+Your available action names are: {{ Object.keys(scState.actions).join(", ") }}
+
+Example: 
+
+```
+await Actions.set_user_language({language: "fr"})
+```
+
+#### `sleep`
+
+A small utility function to sleep for certain number of milliseconds. Use this with await
+
+Example: `await sleep(1000)`
+
+#### `require`
+
+Use require to access NPM packages listed under your [Development settings](/admin/dev)
+
+Example: `const _ = require("underscore")`
+
+#### `fetch` and `fetchJSON`
+
+Use these to make HTTP API calls. `fetch` is the standard JavaScript `fetch` (provided by 
+[node-fetch](https://www.npmjs.com/package/node-fetch#common-usage)). `fetchJSON` performs a fetch 
+and then reads its reponse to JSON
+
+Example: 
+
+```
+const response = await fetch('https://api.github.com/users/github');
+const data = await response.json();
+```
+
+which is the same as
+
+```
+const data = await fetchJSON('https://api.github.com/users/github');
+```
+
+## Return directives
+
+Your code can with its return value give directives to the current page. 
+Valid return values are:
+
+#### `notify`
+
+Send a pop-up notification indicating success to the user
+
+Example: `return { notify: "Order completed!" }`
+
+#### `error`
+
+Send a pop-up notification indicating error to the user.
+
+Example: `return { error: "Invalid command!" }`
+
+If this is triggered by an Edit view with the SubmitWithAjax, 
+halt navigation and stay on page. This can be used for complex validation logic, 
+When added as an Insert or Update trigger. If you delete the inserted row, You 
+may also need to clear the returned id in order to allow the user to continue editing.
+
+Example:
+
+```
+if(amount>cash_on_hand) {
+  await table.deleteRows({ id })
+  return { 
+    error: "Invalid order!",
+    id: null 
+  }
+}
+```
+
+#### `goto`
+
+Navigate to a different URL: 
+
+Example: `return { goto: "https://saltcorn.com" }`
+
+#### `reload_page`
+
+Request a page reload with the existing URL.
+
+Example: `return { reload_page: true }`
+
+#### `popup`
+
+Open a URL in a popup: 
+
+Example: 
+
+```
+return { popup: `/view/Orders?id=${parent}` }
+```
+
+#### `download`
+
+Download a file to the client browser.
+
+Example:
+
+```
+return { download: {
+    mimetype: "text/csv",
+    blob: filecontents
+  }
+}
+```
+
+#### `set_fields`
+
+If triggered from an edit view, set fields dynamically in the form. The 
+value should be an object with keys that are field variable names.
+
+Example:
+
+```
+return { set_fields: {
+    zidentifier: `${name.toUpperCase()}-${id}`
+  }
+}
+```
+
+#### `eval_js`
+
+Execute JavaScript in the browser.
+
+Example: `return { eval_js: 'alert("Hello world")' }`

package/locales/en.json

@@ -1261,5 +1261,10 @@
 	"Module up-to-date": "Module up-to-date",
 	"Module '%s' not found": "Module '%s' not found",
 	"Module %s not found": "Module %s not found",
-	"Initially open": "Initially open"
+	"Include Event Logs": "Include Event Logs",
+	"Backup with event logs": "Backup with event logs",
+	"Initially open": "Initially open",
+	"Not a valid pack": "Not a valid pack",
+	"Pack file": "Pack file",
+	"Upload a pack file": "Upload a pack file"
 }

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.0-beta.6",
+  "version": "0.9.0-beta.8",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.9.0-beta.6",
-    "@saltcorn/builder": "0.9.0-beta.6",
-    "@saltcorn/data": "0.9.0-beta.6",
-    "@saltcorn/admin-models": "0.9.0-beta.6",
-    "@saltcorn/filemanager": "0.9.0-beta.6",
-    "@saltcorn/markup": "0.9.0-beta.6",
-    "@saltcorn/sbadmin2": "0.9.0-beta.6",
+    "@saltcorn/base-plugin": "0.9.0-beta.8",
+    "@saltcorn/builder": "0.9.0-beta.8",
+    "@saltcorn/data": "0.9.0-beta.8",
+    "@saltcorn/admin-models": "0.9.0-beta.8",
+    "@saltcorn/filemanager": "0.9.0-beta.8",
+    "@saltcorn/markup": "0.9.0-beta.8",
+    "@saltcorn/sbadmin2": "0.9.0-beta.8",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -51,6 +51,7 @@ const nubBy = (prop, xs) => {
   });
 };
 function apply_showif() {
+  const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   $("[data-show-if]").each(function (ix, element) {
     var e = $(element);
     try {
@@ -272,10 +273,12 @@ function apply_showif() {
 
     if (typeof cache[recS] !== "undefined") {
       e.html(cache[recS]);
+      e.prop("data-source-url-current", recS);
       activate_onchange_coldef();
       return;
     }
-    ajax_post_json(e.attr("data-source-url"), rec, {
+
+    const cb = {
       success: (data) => {
         e.html(data);
         const cacheNow = e.prop("data-source-url-cache") || {};
@@ -295,7 +298,11 @@ function apply_showif() {
         });
         e.html("");
       },
-    });
+    };
+    if (isNode) ajax_post_json(e.attr("data-source-url"), rec, cb);
+    else {
+      local_post_json(e.attr("data-source-url"), rec, cb);
+    }
   });
   const locale =
     navigator.userLanguage ||
@@ -518,6 +525,11 @@ function initialize_page() {
   });
 
   $("form").change(apply_showif);
+  // also change if we select same
+  $("form select").on("blur", (e) => {
+    if (!e || !e.target) return;
+    $(e.target).closest("form").trigger("change");
+  });
   apply_showif();
   apply_showif();
   $("[data-inline-edit-dest-url]").each(function () {
@@ -678,10 +690,13 @@ function initialize_page() {
       setTimeout(() => {
         codes.forEach((el) => {
           //console.log($(el).attr("mode"), el);
+          if ($(el).hasClass("codemirror-enabled")) return;
+
           const cm = CodeMirror.fromTextArea(el, {
             lineNumbers: true,
             mode: $(el).attr("mode"),
           });
+          $(el).addClass("codemirror-enabled");
           cm.on(
             "change",
             $.debounce(() => {

package/public/saltcorn.js

@@ -356,6 +356,15 @@ function selectVersionError(res, btnId) {
   restore_old_button(btnId);
 }
 
+function submitWithAjax(e) {
+  saveAndContinue(e, (res) => {
+    if (res && res.responseJSON && res.responseJSON.url_when_done)
+      window.location.href = res.responseJSON.url_when_done;
+    if (res && res.responseJSON && res.responseJSON.error)
+      notifyAlert({ type: "danger", text: res.responseJSON.error });
+  });
+}
+
 function saveAndContinue(e, k) {
   var form = $(e).closest("form");
   const valres = form[0].reportValidity();
@@ -404,8 +413,8 @@ function saveAndContinue(e, k) {
       }
       ajax_indicate_error(e, request);
     },
-    complete: function () {
-      if (k) k();
+    complete: function (res) {
+      if (k) k(res);
     },
   });
 

package/routes/actions.js

@@ -174,8 +174,9 @@ const triggerForm = async (req, trigger) => {
         attributes: {
           explainers: {
             Often: req.__("Every 5 minutes"),
-            Never:
-              req.__("Not scheduled but can be run as an action from a button click"),
+            Never: req.__(
+              "Not scheduled but can be run as an action from a button click"
+            ),
           },
         },
       },
@@ -201,6 +202,7 @@ const triggerForm = async (req, trigger) => {
         label: req.__("Action"),
         type: "String",
         required: true,
+        help: { topic: "Actions" },
         attributes: {
           calcOptions: ["when_trigger", action_options],
         },
@@ -402,7 +404,7 @@ router.get(
       form.values = trigger.configuration;
       const events = Trigger.when_options;
       const actions = Trigger.find({
-        when_trigger: {or: ["API call", "Never"]},
+        when_trigger: { or: ["API call", "Never"] },
       });
       const tables = (await Table.find({})).map((t) => ({
         name: t.name,

package/routes/admin.js

@@ -285,6 +285,9 @@ router.get(
     backupForm.values.auto_backup_expire_days = getState().getConfig(
       "auto_backup_expire_days"
     );
+    backupForm.values.backup_with_event_log = getState().getConfig(
+      "backup_with_event_log"
+    );
     //
     const aSnapshotForm = snapshotForm(req);
     aSnapshotForm.values.snapshots_enabled =
@@ -721,6 +724,15 @@ const autoBackupForm = (req) =>
           auto_backup_destination: "Local directory",
         },
       },
+      {
+        type: "Bool",
+        label: req.__("Include Event Logs"),
+        sublabel: req.__("Backup with event logs"),
+        name: "backup_with_event_log",
+        showIf: {
+          auto_backup_frequency: ["Daily", "Weekly"],
+        },
+      },
     ],
   });
 

package/routes/fields.js

@@ -409,7 +409,7 @@ const fieldFlow = (req) =>
             instance_options[model.name].push(...instances.map((i) => i.name));
 
             const outputs = await applyAsync(
-              model.templateObj.prediction_outputs || [],
+              model.templateObj?.prediction_outputs || [], // unit tests can have templateObj undefined
               { table, configuration: model.configuration }
             );
             output_options[model.name] = outputs.map((o) => o.name);
@@ -840,6 +840,11 @@ router.post(
     const table = Table.findOne({ name: tableName });
     const role = req.user && req.user.id ? req.user.role_id : 100;
 
+    getState().log(
+      5,
+      `Route /fields/show-calculated/${tableName}/${fieldName}/${fieldview} user=${req.user?.id}`
+    );
+
     const fields = table.getFields();
     let row = { ...req.body };
     if (row && Object.keys(row).length > 0) readState(row, fields);
@@ -1018,6 +1023,13 @@ router.post(
     const { tableName, fieldName, fieldview } = req.params;
     const table = Table.findOne({ name: tableName });
     const fields = table.getFields();
+    const state = getState();
+
+    state.log(
+      5,
+      `Route /fields/preview/${tableName}/${fieldName}/${fieldview} user=${req.user?.id}`
+    );
+
     let field, row, value;
     if (fieldName.includes(".")) {
       const [refNm, targetNm] = fieldName.split(".");
@@ -1048,9 +1060,9 @@ router.post(
     }
     const fieldviews =
       field.type === "Key"
-        ? getState().keyFieldviews
+        ? state.keyFieldviews
         : field.type === "File"
-        ? getState().fileviews
+        ? state.fileviews
         : field.type.fieldviews;
     if (!field.type || !fieldviews) {
       res.send("");

package/routes/packs.js

@@ -6,18 +6,19 @@
 
 const Router = require("express-promise-router");
 const { isAdmin, error_catcher } = require("./utils.js");
-const { mkTable, renderForm, link, post_btn } = require("@saltcorn/markup");
-const { getState } = require("@saltcorn/data/db/state");
+const { renderForm } = require("@saltcorn/markup");
 const Table = require("@saltcorn/data/models/table");
 const Form = require("@saltcorn/data/models/form");
 const View = require("@saltcorn/data/models/view");
-const Field = require("@saltcorn/data/models/field");
 const Plugin = require("@saltcorn/data/models/plugin");
 const Page = require("@saltcorn/data/models/page");
+const Tag = require("@saltcorn/data/models/tag");
+const EventLog = require("@saltcorn/data/models/eventlog");
+const Model = require("@saltcorn/data/models/model");
+const ModelInstance = require("@saltcorn/data/models/model_instance");
 const load_plugins = require("../load_plugins");
 
 const { is_pack } = require("@saltcorn/data/contracts");
-const { contract, is } = require("contractis");
 const {
   table_pack,
   view_pack,
@@ -26,15 +27,20 @@ const {
   role_pack,
   library_pack,
   trigger_pack,
+  tag_pack,
+  model_pack,
+  model_instance_pack,
   install_pack,
   fetch_pack_by_name,
   can_install_pack,
   uninstall_pack,
+  event_log_pack,
 } = require("@saltcorn/admin-models/models/pack");
-const { h5, pre, code, p, text, text_attr } = require("@saltcorn/markup/tags");
+const { pre, code, p, text, text_attr } = require("@saltcorn/markup/tags");
 const Library = require("@saltcorn/data/models/library");
 const Trigger = require("@saltcorn/data/models/trigger");
 const Role = require("@saltcorn/data/models/role");
+const fs = require("fs");
 
 /**
  * @type {object}
@@ -98,6 +104,52 @@ router.get(
       name: `role.${l.role}`,
       type: "Bool",
     }));
+    const tags = await Tag.find({});
+    const tagFields = tags.map((t) => ({
+      label: `${t.name} tag`,
+      name: `tag.${t.name}`,
+      type: "Bool",
+    }));
+    const models = await Model.find({});
+    const modelFields = models.map((m) => {
+      const modelTbl = Table.findOne({ id: m.table_id });
+      return {
+        label: `${m.name} model, table: ${
+          modelTbl.name || req.__("Table not found")
+        }`,
+        name: `model.${m.name}.${modelTbl.name}`,
+        type: "Bool",
+      };
+    });
+    const modelInstances = await ModelInstance.find({});
+    const modelInstanceFields = (
+      await Promise.all(
+        modelInstances.map(async (instance) => {
+          const model = await Model.findOne({ id: instance.model_id });
+          if (!model) {
+            req.flash(
+              "warning",
+              req.__(`Model with '${instance.model_id}' not found`)
+            );
+            return null;
+          }
+          const mTable = await Table.findOne({ id: model.table_id });
+          if (!mTable) {
+            req.flash(
+              "warning",
+              req.__(`Table of model '${model.name}' not found`)
+            );
+            return null;
+          }
+          return {
+            label: `${instance.name} model instance, model: ${model.name}, table: ${mTable.name}`,
+            name: `model_instance.${instance.name}.${model.name}.${mTable.name}`,
+            type: "Bool",
+          };
+        })
+      )
+    ).filter((f) => f);
+
     const form = new Form({
       action: "/packs/create",
       fields: [
@@ -108,6 +160,14 @@ router.get(
         ...trigFields,
         ...roleFields,
         ...libFields,
+        ...tagFields,
+        ...modelFields,
+        ...modelInstanceFields,
+        {
+          name: "with_event_logs",
+          label: req.__("Include Event Logs"),
+          type: "Bool",
+        },
       ],
     });
     res.sendWrap(req.__(`Create Pack`), {
@@ -140,7 +200,7 @@ router.post(
   "/create",
   isAdmin,
   error_catcher(async (req, res) => {
-    var pack = {
+    const pack = {
       tables: [],
       views: [],
       plugins: [],
@@ -148,9 +208,13 @@ router.post(
       roles: [],
       library: [],
       triggers: [],
+      tags: [],
+      models: [],
+      model_instances: [],
+      event_logs: [],
     };
     for (const k of Object.keys(req.body)) {
-      const [type, name] = k.split(".");
+      const [type, name, ...rest] = k.split(".");
       switch (type) {
         case "table":
           pack.tables.push(await table_pack(name));
@@ -173,7 +237,32 @@ router.post(
         case "trigger":
           pack.triggers.push(await trigger_pack(name));
           break;
-
+        case "tag":
+          pack.tags.push(await tag_pack(name));
+          break;
+        case "model": {
+          const table = rest[0];
+          if (!table) throw new Error(`Table for model '${name}' not found`);
+          pack.models.push(await model_pack(name, table));
+          break;
+        }
+        case "model_instance": {
+          const model = rest[0];
+          if (!model)
+            throw new Error(`Model of Model Instance '${name}' not found`);
+          const table = rest[1];
+          if (!table) throw new Error(`Table of Model '${model}' not found`);
+          pack.model_instances.push(
+            await model_instance_pack(name, model, table)
+          );
+          break;
+        }
+        case "with_event_logs":
+          const logs = await EventLog.find({});
+          pack.event_logs = await Promise.all(
+            logs.map(async (l) => await event_log_pack(l))
+          );
+          break;
         default:
           break;
       }
@@ -217,11 +306,33 @@ const install_pack_form = (req) =>
     action: "/packs/install",
     submitLabel: req.__("Install"),
     fields: [
+      {
+        name: "source",
+        label: req.__("Source"),
+        type: "String",
+        attributes: {
+          options: [
+            { label: "from text", name: "from_text" },
+            { label: "from file", name: "from_file" },
+          ],
+        },
+        default: "from_text",
+        required: true,
+      },
       {
         name: "pack",
         label: req.__("Pack"),
         type: "String",
         fieldview: "textarea",
+        showIf: { source: "from_text" },
+      },
+      {
+        name: "pack_file",
+        label: req.__("Pack file"),
+        class: "form-control",
+        type: "File",
+        sublabel: req.__("Upload a pack file"),
+        showIf: { source: "from_file" },
       },
     ],
   });
@@ -267,8 +378,22 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     var pack, error;
+    const source = req.body.source || "from_text";
     try {
-      pack = JSON.parse(req.body.pack);
+      switch (source) {
+        case "from_text":
+          pack = JSON.parse(req.body.pack);
+          break;
+        case "from_file":
+          if (req.files?.pack_file?.tempFilePath)
+            pack = JSON.parse(
+              fs.readFileSync(req.files?.pack_file?.tempFilePath)
+            );
+          else throw new Error(req.__("No file uploaded"));
+          break;
+        default:
+          throw new Error(req.__("Invalid source"));
+      }
     } catch (e) {
       error = e.message;
     }

package/routes/sync.js

@@ -312,7 +312,10 @@ router.get(
         const translatedIds = JSON.parse(
           await fs.readFile(path.join(syncDir, "translated-ids.json"))
         );
-        res.json({ finished: true, translatedIds });
+        const uniqueConflicts = JSON.parse(
+          await fs.readFile(path.join(syncDir, "unique-conflicts.json"))
+        );
+        res.json({ finished: true, translatedIds, uniqueConflicts });
       } else if (entries.indexOf("error.json") >= 0) {
         const error = JSON.parse(
           await fs.readFile(path.join(syncDir, "error.json"))

package/routes/viewedit.js

@@ -632,6 +632,19 @@ router.post(
 
     const view = await View.findOne({ name });
     const configFlow = await view.get_config_flow(req);
+    configFlow.onStepSuccess = async (step, context) => {
+      let newcfg;
+      if (step.contextField)
+        newcfg = {
+          ...view.configuration,
+          [step.contextField]: {
+            ...view.configuration?.[step.contextField],
+            ...context,
+          },
+        };
+      else newcfg = { ...view.configuration, ...context };
+      await View.update({ configuration: newcfg }, view.id);
+    };
     const wfres = await configFlow.run(req.body, req);
 
     let table;

package/tests/admin.test.js

@@ -568,11 +568,11 @@ describe("tags", () => {
       .post("/tag")
       .set("Cookie", loginCookie)
       .send("name=MyNewTestTag")
-      .expect(toRedirect("/tag/1?show_list=tables"));
+      .expect(toRedirect("/tag/2?show_list=tables"));
   });
 
   itShouldIncludeTextForAdmin("/tag", "MyNewTestTag");
-  itShouldIncludeTextForAdmin("/tag/1", "MyNewTestTag");
+  itShouldIncludeTextForAdmin("/tag/2", "MyNewTestTag");
   itShouldIncludeTextForAdmin("/tag-entries/add/tables/1", "Add entries");
   itShouldIncludeTextForAdmin("/tag-entries/add/pages/1", "Add entries");
   itShouldIncludeTextForAdmin("/tag-entries/add/views/1", "Add entries");

package/tests/sync.test.js

@@ -13,6 +13,7 @@ const db = require("@saltcorn/data/db");
 const { sleep } = require("@saltcorn/data/tests/mocks");
 
 const Table = require("@saltcorn/data/models/table");
+const TableConstraint = require("@saltcorn/data/models/table_constraints");
 const Field = require("@saltcorn/data/models/field");
 const User = require("@saltcorn/data/models/user");
 
@@ -349,8 +350,9 @@ describe("Upload changes", () => {
         .get(`/sync/upload_finished?dir_name=${encodeURIComponent(syncDir)}`)
         .set("Cookie", loginCookie);
       expect(resp.status).toBe(200);
-      const { finished, translatedIds, error } = resp._body;
-      if (finished) return translatedIds ? translatedIds : error;
+      const { finished, translatedIds, uniqueConflicts, error } = resp._body;
+      if (finished)
+        return translatedIds ? { translatedIds, uniqueConflicts } : error;
       await sleep(1000);
     }
     return null;
@@ -401,7 +403,7 @@ describe("Upload changes", () => {
       });
       expect(resp.status).toBe(200);
       const { syncDir } = resp._body;
-      const translatedIds = await getResult(app, loginCookie, syncDir);
+      const { translatedIds } = await getResult(app, loginCookie, syncDir);
       await cleanSyncDir(app, loginCookie, syncDir);
       expect(translatedIds).toBeDefined();
       expect(translatedIds).toEqual({
@@ -414,6 +416,89 @@ describe("Upload changes", () => {
       });
     });
 
+    it("handles inserts with TableConstraint conflicts", async () => {
+      const books = Table.findOne({ name: "books" });
+      const oldCount = await books.countRows();
+      // unique constraint for author + pages
+      const constraint = await TableConstraint.create({
+        table: books,
+        type: "Unique",
+        configuration: {
+          fields: ["author", "pages"],
+        },
+      });
+
+      const app = await getApp({ disableCsrf: true });
+      const loginCookie = await getAdminLoginCookie();
+      const resp = await doUpload(app, loginCookie, new Date().valueOf(), {
+        books: {
+          inserts: [
+            {
+              author: "Herman Melville",
+              pages: 967,
+              publisher: 1,
+            },
+            {
+              author: "Leo Tolstoy",
+              pages: "728",
+              publisher: 2,
+            },
+          ],
+        },
+      });
+
+      expect(resp.status).toBe(200);
+      const { syncDir } = resp._body;
+      const { uniqueConflicts } = await getResult(app, loginCookie, syncDir);
+      await constraint.delete();
+      await cleanSyncDir(app, loginCookie, syncDir);
+      expect(uniqueConflicts).toBeDefined();
+      expect(uniqueConflicts).toEqual({
+        books: [
+          { id: 1, author: "Herman Melville", pages: 967, publisher: null },
+          { id: 2, author: "Leo Tolstoy", pages: 728, publisher: 1 },
+        ],
+      });
+      const newCount = await books.countRows();
+      expect(newCount).toBe(oldCount);
+    });
+
+    it("denies updates with TableConstraint conflicts", async () => {
+      const books = Table.findOne({ name: "books" });
+      const oldCount = await books.countRows();
+      // unique constraint for author + pages
+      const constraint = await TableConstraint.create({
+        table: books,
+        type: "Unique",
+        configuration: {
+          fields: ["author", "pages"],
+        },
+      });
+
+      const app = await getApp({ disableCsrf: true });
+      const loginCookie = await getAdminLoginCookie();
+      const resp = await doUpload(app, loginCookie, new Date().valueOf(), {
+        books: {
+          updates: [
+            {
+              id: 2,
+              author: "Herman Melville",
+              pages: 967,
+            },
+          ],
+        },
+      });
+      expect(resp.status).toBe(200);
+      const { syncDir } = resp._body;
+      const error = await getResult(app, loginCookie, syncDir);
+      await constraint.delete();
+      await cleanSyncDir(app, loginCookie, syncDir);
+      expect(error).toBeDefined();
+      expect(error).toEqual({
+        message: "Duplicate value for unique field: author_pages",
+      });
+    });
+
     it("update with translation", async () => {
       const app = await getApp({ disableCsrf: true });
       const loginCookie = await getAdminLoginCookie();
@@ -438,7 +523,7 @@ describe("Upload changes", () => {
       });
       expect(resp.status).toBe(200);
       const { syncDir } = resp._body;
-      const translatedIds = await getResult(app, loginCookie, syncDir);
+      const { translatedIds } = await getResult(app, loginCookie, syncDir);
       await cleanSyncDir(app, loginCookie, syncDir);
       expect(translatedIds).toBeDefined();
       expect(translatedIds).toEqual({
@@ -476,7 +561,7 @@ describe("Upload changes", () => {
       });
       expect(resp.status).toBe(200);
       const { syncDir } = resp._body;
-      const translatedIds = await getResult(app, loginCookie, syncDir);
+      const { translatedIds } = await getResult(app, loginCookie, syncDir);
       await cleanSyncDir(app, loginCookie, syncDir);
       expect(translatedIds).toBeDefined();
       const afterDelete = await books.getRows();
@@ -520,7 +605,7 @@ describe("Upload changes", () => {
       });
       expect(resp.status).toBe(200);
       const { syncDir } = resp._body;
-      const translatedIds = await getResult(app, loginCookie, syncDir);
+      const { translatedIds } = await getResult(app, loginCookie, syncDir);
       await cleanSyncDir(app, loginCookie, syncDir);
       expect(translatedIds).toBeDefined();
       const afterDelete = await books.getRows();