@saltcorn/server 0.9.1-beta.1 → 0.9.1-beta.11

package/auth/admin.js

@@ -1129,7 +1129,7 @@ router.post(
     await u.changePasswordTo(newpw);
     await u.destroy_sessions();
     req.flash(
-      "success",
+      "warning",
       req.__(`Changed password for user %s to %s`, u.email, newpw)
     );
 

package/auth/routes.js

@@ -877,17 +877,17 @@ router.post(
 
     const unsuitableEmailPassword = async (urecord) => {
       const { email, password, passwordRepeat } = urecord;
-      if (!email || !password) {
+      if (email == "" || !password) {
         req.flash("danger", req.__("E-mail and password required"));
         res.redirect("/auth/signup");
         return true;
       }
-      if (email.length > 127) {
+      if (email && email.length > 127) {
         req.flash("danger", req.__("E-mail too long"));
         res.redirect("/auth/signup");
         return true;
       }
-      if (!User.valid_email(email)) {
+      if (email && !User.valid_email(email)) {
         req.flash("danger", req.__("Not a valid e-mail address"));
         res.redirect("/auth/signup");
         return true;
@@ -905,9 +905,7 @@ router.post(
         res.redirect("/auth/signup");
         return true;
       }
-
-      const us = await User.find({ email });
-      if (us.length > 0) {
+      if (await User.matches_existing_user(urecord)) {
         req.flash("danger", req.__("Account already exists"));
         res.redirect("/auth/signup");
         return true;

package/help/API actions.tmd

@@ -9,4 +9,23 @@ If you make a GET request, the query string values
 are accessible as a JSON object using the `row` variable (e.g. in a `run_js_code`).
 
 If you return a value from the action, it will be available in the `data`
-subfield of the JSON body in the HTTP response
+subfield of the JSON body in the HTTP response
+
+### Redirection as response
+
+Normally API call will return a JSON object with a true/false success field 
+and the response from the action, if any, in the data field. You may instead
+require the API call to redirect to a different URL. You can do this in two 
+different ways.
+
+**Static redirect**: if you set the `scgotourl` HTTP header, the response will 
+redirect to this URL.
+
+**Dynamic redirect**: The redirect URL can also come from the action. If this
+returns an object with the `goto` field (e.g. 
+`return {goto: "https://myapp.com/view/ShowTheThing?id"+newid}`)
+that is normally returned in the JSON post body so it can be processed by client code.
+You can instead request that this is processed server-side, by (a) setting a 
+`_process_result` field to true in the row data, i.e. JSON body in POST and query
+string in GET or (b) setting the `scprocessresults` HTTP header. This will cause the 
+API call to return an HTTP redirect with the `goto` value.

package/help/Event types.tmd

@@ -16,6 +16,13 @@ outbound emails would have a trigger with When = Insert and Action = send_email
 **Update**: run this action when changes are made to an existing row. The old row can 
 be accessed with the `old_row` variable.
 
+**Validate**: run before inserts or updates. If the action returns `error` (for example, 
+`run_js_code` code: `return {error: "Invalid row"}`), the insert/update is aborted. If the 
+trigger returns `set_fields` (for example, `run_js_code` code: `return {set_fields: {full_name: "Unknown"}}`) 
+these values are inserted in row.
+
+Guaranteed to run before any Insert or Update triggers
+
 **Delete**: run this action when a row is deleted
 
 ## Periodic events

package/help/Extra state formula.tmd

@@ -33,6 +33,9 @@ must be enclosed in quotes (single, double or
 [backtick](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals))). 
 You can also as the value use a more complex JavaScript expression.
 
+For examples of how you can use these values for greater than/less than, 
+or-conditions or case insensitivity, see [here](https://saltcorn.github.io/saltcorn/classes/_saltcorn_data.models.Table-1.html#md:querying-table-rows).
+
 You can refer to the logged in user using the variable name user. 
 This is an object and you must use the dot to access user fields,
 e.g. user.id for the logged in users id. A very common scenario 
@@ -60,3 +63,12 @@ in this case the table {{srcTable.name}}:
 
 {{# } }}
 
+The state values from the query string can also be accessed, by preceeding the 
+variable name by a dollar sign (in pages and Show views). For instance if your URL ends in `?id=45&foo=1`, 
+you can access the value of `foo` (here 1) as `$foo`. In Filter views, there is no 
+underlying row and the purpose of the view is fundamentally to manipulate the state
+so the state in extra state formulae is accessed without dollar sign; in the 
+previous example `foo` instead of `$foo`.
+
+Use `session_id` to refer to the current session ID string (unique for the user's session
+whether the are logged in or not).

package/help/JavaScript action code.tmd

@@ -87,20 +87,7 @@ Example: `return { error: "Invalid command!" }`
 
 If this is triggered by an Edit view with the SubmitWithAjax, 
 halt navigation and stay on page. This can be used for complex validation logic, 
-When added as an Insert or Update trigger. If you delete the inserted row, You 
-may also need to clear the returned id in order to allow the user to continue editing.
-
-Example:
-
-```
-if(amount>cash_on_hand) {
-  await table.deleteRows({ id })
-  return { 
-    error: "Invalid order!",
-    id: null 
-  }
-}
-```
+when added as a Validate trigger. 
 
 #### `goto`
 

package/locales/en.json

@@ -1277,5 +1277,11 @@
 	"HTML file": "HTML file",
 	"HTML file to use as page content": "HTML file to use as page content",
 	"Offline mode: cannot load file": "Offline mode: cannot load file",
-	"None - use drag and drop builder": "None - use drag and drop builder"
+	"None - use drag and drop builder": "None - use drag and drop builder",
+	"Do not pick or compare time": "Do not pick or compare time",
+	"Installed theme": "Installed theme",
+	"Theme for role": "Theme for role",
+	"Set theme for each user role »": "Set theme for each user role »",
+	"Available themes": "Available themes",
+	"Install more themes »": "Install more themes »"
 }

package/package.json

@@ -1,28 +1,29 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.1-beta.1",
+  "version": "0.9.1-beta.11",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.9.1-beta.1",
-    "@saltcorn/builder": "0.9.1-beta.1",
-    "@saltcorn/data": "0.9.1-beta.1",
-    "@saltcorn/admin-models": "0.9.1-beta.1",
-    "@saltcorn/filemanager": "0.9.1-beta.1",
-    "@saltcorn/markup": "0.9.1-beta.1",
-    "@saltcorn/sbadmin2": "0.9.1-beta.1",
+    "@aws-sdk/client-s3": "^3.451.0",
+    "@saltcorn/base-plugin": "0.9.1-beta.11",
+    "@saltcorn/builder": "0.9.1-beta.11",
+    "@saltcorn/data": "0.9.1-beta.11",
+    "@saltcorn/admin-models": "0.9.1-beta.11",
+    "@saltcorn/filemanager": "0.9.1-beta.11",
+    "@saltcorn/markup": "0.9.1-beta.11",
+    "@saltcorn/sbadmin2": "0.9.1-beta.11",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",
-    "aws-sdk": "^2.1386.0",
     "connect-flash": "^0.1.1",
     "connect-pg-simple": "^6.1.0",
     "content-disposition": "^0.5.3",
     "contractis": "^0.1.0",
     "cookie-parser": "^1.4.4",
     "cookie-session": "^1.4.0",
+    "cors": "2.8.5",
     "csurf": "^1.11.0",
     "csv-stringify": "^5.5.0",
     "express": "^4.17.1",
@@ -32,7 +33,6 @@
     "express-session": "^1.17.1",
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
-    "underscore": "1.13.6",
     "helmet": "^3.23.3",
     "i18n": "^0.15.1",
     "imapflow": "1.0.123",
@@ -41,7 +41,7 @@
     "markdown-it": "^13.0.2",
     "moment": "^2.29.4",
     "multer": "1.4.5-lts.1",
-    "multer-s3": "^2.10.0",
+    "multer-s3": "^3.0.1",
     "node-fetch": "2.6.9",
     "node-watch": "^0.7.2",
     "notp": "2.0.3",
@@ -59,8 +59,8 @@
     "systeminformation": "^5.21.7",
     "thirty-two": "1.0.2",
     "tmp-promise": "^3.0.2",
-    "uuid": "^8.2.0",
-    "cors": "2.8.5"
+    "underscore": "1.13.6",
+    "uuid": "^8.2.0"
   },
   "optionalDependencies": {
     "connect-sqlite3": "^0.9.11",

package/public/dayjs.min.js

@@ -1 +1,3 @@
-!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).dayjs=e()}(this,(function(){"use strict";var t=1e3,e=6e4,n=36e5,r="millisecond",i="second",s="minute",u="hour",a="day",o="week",f="month",h="quarter",c="year",d="date",l="Invalid Date",$=/^(\d{4})[-/]?(\d{1,2})?[-/]?(\d{0,2})[Tt\s]*(\d{1,2})?:?(\d{1,2})?:?(\d{1,2})?[.:]?(\d+)?$/,y=/\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g,M={name:"en",weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),ordinal:function(t){var e=["th","st","nd","rd"],n=t%100;return"["+t+(e[(n-20)%10]||e[n]||e[0])+"]"}},m=function(t,e,n){var r=String(t);return!r||r.length>=e?t:""+Array(e+1-r.length).join(n)+t},v={s:m,z:function(t){var e=-t.utcOffset(),n=Math.abs(e),r=Math.floor(n/60),i=n%60;return(e<=0?"+":"-")+m(r,2,"0")+":"+m(i,2,"0")},m:function t(e,n){if(e.date()<n.date())return-t(n,e);var r=12*(n.year()-e.year())+(n.month()-e.month()),i=e.clone().add(r,f),s=n-i<0,u=e.clone().add(r+(s?-1:1),f);return+(-(r+(n-i)/(s?i-u:u-i))||0)},a:function(t){return t<0?Math.ceil(t)||0:Math.floor(t)},p:function(t){return{M:f,y:c,w:o,d:a,D:d,h:u,m:s,s:i,ms:r,Q:h}[t]||String(t||"").toLowerCase().replace(/s$/,"")},u:function(t){return void 0===t}},g="en",D={};D[g]=M;var p=function(t){return t instanceof _},S=function t(e,n,r){var i;if(!e)return g;if("string"==typeof e){var s=e.toLowerCase();D[s]&&(i=s),n&&(D[s]=n,i=s);var u=e.split("-");if(!i&&u.length>1)return t(u[0])}else{var a=e.name;D[a]=e,i=a}return!r&&i&&(g=i),i||!r&&g},w=function(t,e){if(p(t))return t.clone();var n="object"==typeof e?e:{};return n.date=t,n.args=arguments,new _(n)},O=v;O.l=S,O.i=p,O.w=function(t,e){return w(t,{locale:e.$L,utc:e.$u,x:e.$x,$offset:e.$offset})};var _=function(){function M(t){this.$L=S(t.locale,null,!0),this.parse(t)}var m=M.prototype;return m.parse=function(t){this.$d=function(t){var e=t.date,n=t.utc;if(null===e)return new Date(NaN);if(O.u(e))return new Date;if(e instanceof Date)return new Date(e);if("string"==typeof e&&!/Z$/i.test(e)){var r=e.match($);if(r){var i=r[2]-1||0,s=(r[7]||"0").substring(0,3);return n?new Date(Date.UTC(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)):new Date(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)}}return new Date(e)}(t),this.$x=t.x||{},this.init()},m.init=function(){var t=this.$d;this.$y=t.getFullYear(),this.$M=t.getMonth(),this.$D=t.getDate(),this.$W=t.getDay(),this.$H=t.getHours(),this.$m=t.getMinutes(),this.$s=t.getSeconds(),this.$ms=t.getMilliseconds()},m.$utils=function(){return O},m.isValid=function(){return!(this.$d.toString()===l)},m.isSame=function(t,e){var n=w(t);return this.startOf(e)<=n&&n<=this.endOf(e)},m.isAfter=function(t,e){return w(t)<this.startOf(e)},m.isBefore=function(t,e){return this.endOf(e)<w(t)},m.$g=function(t,e,n){return O.u(t)?this[e]:this.set(n,t)},m.unix=function(){return Math.floor(this.valueOf()/1e3)},m.valueOf=function(){return this.$d.getTime()},m.startOf=function(t,e){var n=this,r=!!O.u(e)||e,h=O.p(t),l=function(t,e){var i=O.w(n.$u?Date.UTC(n.$y,e,t):new Date(n.$y,e,t),n);return r?i:i.endOf(a)},$=function(t,e){return O.w(n.toDate()[t].apply(n.toDate("s"),(r?[0,0,0,0]:[23,59,59,999]).slice(e)),n)},y=this.$W,M=this.$M,m=this.$D,v="set"+(this.$u?"UTC":"");switch(h){case c:return r?l(1,0):l(31,11);case f:return r?l(1,M):l(0,M+1);case o:var g=this.$locale().weekStart||0,D=(y<g?y+7:y)-g;return l(r?m-D:m+(6-D),M);case a:case d:return $(v+"Hours",0);case u:return $(v+"Minutes",1);case s:return $(v+"Seconds",2);case i:return $(v+"Milliseconds",3);default:return this.clone()}},m.endOf=function(t){return this.startOf(t,!1)},m.$set=function(t,e){var n,o=O.p(t),h="set"+(this.$u?"UTC":""),l=(n={},n[a]=h+"Date",n[d]=h+"Date",n[f]=h+"Month",n[c]=h+"FullYear",n[u]=h+"Hours",n[s]=h+"Minutes",n[i]=h+"Seconds",n[r]=h+"Milliseconds",n)[o],$=o===a?this.$D+(e-this.$W):e;if(o===f||o===c){var y=this.clone().set(d,1);y.$d[l]($),y.init(),this.$d=y.set(d,Math.min(this.$D,y.daysInMonth())).$d}else l&&this.$d[l]($);return this.init(),this},m.set=function(t,e){return this.clone().$set(t,e)},m.get=function(t){return this[O.p(t)]()},m.add=function(r,h){var d,l=this;r=Number(r);var $=O.p(h),y=function(t){var e=w(l);return O.w(e.date(e.date()+Math.round(t*r)),l)};if($===f)return this.set(f,this.$M+r);if($===c)return this.set(c,this.$y+r);if($===a)return y(1);if($===o)return y(7);var M=(d={},d[s]=e,d[u]=n,d[i]=t,d)[$]||1,m=this.$d.getTime()+r*M;return O.w(m,this)},m.subtract=function(t,e){return this.add(-1*t,e)},m.format=function(t){var e=this,n=this.$locale();if(!this.isValid())return n.invalidDate||l;var r=t||"YYYY-MM-DDTHH:mm:ssZ",i=O.z(this),s=this.$H,u=this.$m,a=this.$M,o=n.weekdays,f=n.months,h=function(t,n,i,s){return t&&(t[n]||t(e,r))||i[n].slice(0,s)},c=function(t){return O.s(s%12||12,t,"0")},d=n.meridiem||function(t,e,n){var r=t<12?"AM":"PM";return n?r.toLowerCase():r},$={YY:String(this.$y).slice(-2),YYYY:this.$y,M:a+1,MM:O.s(a+1,2,"0"),MMM:h(n.monthsShort,a,f,3),MMMM:h(f,a),D:this.$D,DD:O.s(this.$D,2,"0"),d:String(this.$W),dd:h(n.weekdaysMin,this.$W,o,2),ddd:h(n.weekdaysShort,this.$W,o,3),dddd:o[this.$W],H:String(s),HH:O.s(s,2,"0"),h:c(1),hh:c(2),a:d(s,u,!0),A:d(s,u,!1),m:String(u),mm:O.s(u,2,"0"),s:String(this.$s),ss:O.s(this.$s,2,"0"),SSS:O.s(this.$ms,3,"0"),Z:i};return r.replace(y,(function(t,e){return e||$[t]||i.replace(":","")}))},m.utcOffset=function(){return 15*-Math.round(this.$d.getTimezoneOffset()/15)},m.diff=function(r,d,l){var $,y=O.p(d),M=w(r),m=(M.utcOffset()-this.utcOffset())*e,v=this-M,g=O.m(this,M);return g=($={},$[c]=g/12,$[f]=g,$[h]=g/3,$[o]=(v-m)/6048e5,$[a]=(v-m)/864e5,$[u]=v/n,$[s]=v/e,$[i]=v/t,$)[y]||v,l?g:O.a(g)},m.daysInMonth=function(){return this.endOf(f).$D},m.$locale=function(){return D[this.$L]},m.locale=function(t,e){if(!t)return this.$L;var n=this.clone(),r=S(t,e,!0);return r&&(n.$L=r),n},m.clone=function(){return O.w(this.$d,this)},m.toDate=function(){return new Date(this.valueOf())},m.toJSON=function(){return this.isValid()?this.toISOString():null},m.toISOString=function(){return this.$d.toISOString()},m.toString=function(){return this.$d.toUTCString()},M}(),T=_.prototype;return w.prototype=T,[["$ms",r],["$s",i],["$m",s],["$H",u],["$W",a],["$M",f],["$y",c],["$D",d]].forEach((function(t){T[t[1]]=function(e){return this.$g(e,t[0],t[1])}})),w.extend=function(t,e){return t.$i||(t(e,_,w),t.$i=!0),w},w.locale=S,w.isDayjs=p,w.unix=function(t){return w(1e3*t)},w.en=D[g],w.Ls=D,w.p={},w}));
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).dayjs=e()}(this,(function(){"use strict";var t=1e3,e=6e4,n=36e5,r="millisecond",i="second",s="minute",u="hour",a="day",o="week",f="month",h="quarter",c="year",d="date",l="Invalid Date",$=/^(\d{4})[-/]?(\d{1,2})?[-/]?(\d{0,2})[Tt\s]*(\d{1,2})?:?(\d{1,2})?:?(\d{1,2})?[.:]?(\d+)?$/,y=/\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g,M={name:"en",weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),ordinal:function(t){var e=["th","st","nd","rd"],n=t%100;return"["+t+(e[(n-20)%10]||e[n]||e[0])+"]"}},m=function(t,e,n){var r=String(t);return!r||r.length>=e?t:""+Array(e+1-r.length).join(n)+t},v={s:m,z:function(t){var e=-t.utcOffset(),n=Math.abs(e),r=Math.floor(n/60),i=n%60;return(e<=0?"+":"-")+m(r,2,"0")+":"+m(i,2,"0")},m:function t(e,n){if(e.date()<n.date())return-t(n,e);var r=12*(n.year()-e.year())+(n.month()-e.month()),i=e.clone().add(r,f),s=n-i<0,u=e.clone().add(r+(s?-1:1),f);return+(-(r+(n-i)/(s?i-u:u-i))||0)},a:function(t){return t<0?Math.ceil(t)||0:Math.floor(t)},p:function(t){return{M:f,y:c,w:o,d:a,D:d,h:u,m:s,s:i,ms:r,Q:h}[t]||String(t||"").toLowerCase().replace(/s$/,"")},u:function(t){return void 0===t}},g="en",D={};D[g]=M;var p=function(t){return t instanceof _},S=function t(e,n,r){var i;if(!e)return g;if("string"==typeof e){var s=e.toLowerCase();D[s]&&(i=s),n&&(D[s]=n,i=s);var u=e.split("-");if(!i&&u.length>1)return t(u[0])}else{var a=e.name;D[a]=e,i=a}return!r&&i&&(g=i),i||!r&&g},w=function(t,e){if(p(t))return t.clone();var n="object"==typeof e?e:{};return n.date=t,n.args=arguments,new _(n)},O=v;O.l=S,O.i=p,O.w=function(t,e){return w(t,{locale:e.$L,utc:e.$u,x:e.$x,$offset:e.$offset})};var _=function(){function M(t){this.$L=S(t.locale,null,!0),this.parse(t)}var m=M.prototype;return m.parse=function(t){this.$d=function(t){var e=t.date,n=t.utc;if(null===e)return new Date(NaN);if(O.u(e))return new Date;if(e instanceof Date)return new Date(e);if("string"==typeof e&&!/Z$/i.test(e)){var r=e.match($);if(r){var i=r[2]-1||0,s=(r[7]||"0").substring(0,3);return n?new Date(Date.UTC(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)):new Date(r[1],i,r[3]||1,r[4]||0,r[5]||0,r[6]||0,s)}}return new Date(e)}(t),this.$x=t.x||{},this.init()},m.init=function(){var t=this.$d;this.$y=t.getFullYear(),this.$M=t.getMonth(),this.$D=t.getDate(),this.$W=t.getDay(),this.$H=t.getHours(),this.$m=t.getMinutes(),this.$s=t.getSeconds(),this.$ms=t.getMilliseconds()},m.$utils=function(){return O},m.isValid=function(){return!(this.$d.toString()===l)},m.isSame=function(t,e){var n=w(t);return this.startOf(e)<=n&&n<=this.endOf(e)},m.isAfter=function(t,e){return w(t)<this.startOf(e)},m.isBefore=function(t,e){return this.endOf(e)<w(t)},m.$g=function(t,e,n){return O.u(t)?this[e]:this.set(n,t)},m.unix=function(){return Math.floor(this.valueOf()/1e3)},m.valueOf=function(){return this.$d.getTime()},m.startOf=function(t,e){var n=this,r=!!O.u(e)||e,h=O.p(t),l=function(t,e){var i=O.w(n.$u?Date.UTC(n.$y,e,t):new Date(n.$y,e,t),n);return r?i:i.endOf(a)},$=function(t,e){return O.w(n.toDate()[t].apply(n.toDate("s"),(r?[0,0,0,0]:[23,59,59,999]).slice(e)),n)},y=this.$W,M=this.$M,m=this.$D,v="set"+(this.$u?"UTC":"");switch(h){case c:return r?l(1,0):l(31,11);case f:return r?l(1,M):l(0,M+1);case o:var g=this.$locale().weekStart||0,D=(y<g?y+7:y)-g;return l(r?m-D:m+(6-D),M);case a:case d:return $(v+"Hours",0);case u:return $(v+"Minutes",1);case s:return $(v+"Seconds",2);case i:return $(v+"Milliseconds",3);default:return this.clone()}},m.endOf=function(t){return this.startOf(t,!1)},m.$set=function(t,e){var n,o=O.p(t),h="set"+(this.$u?"UTC":""),l=(n={},n[a]=h+"Date",n[d]=h+"Date",n[f]=h+"Month",n[c]=h+"FullYear",n[u]=h+"Hours",n[s]=h+"Minutes",n[i]=h+"Seconds",n[r]=h+"Milliseconds",n)[o],$=o===a?this.$D+(e-this.$W):e;if(o===f||o===c){var y=this.clone().set(d,1);y.$d[l]($),y.init(),this.$d=y.set(d,Math.min(this.$D,y.daysInMonth())).$d}else l&&this.$d[l]($);return this.init(),this},m.set=function(t,e){return this.clone().$set(t,e)},m.get=function(t){return this[O.p(t)]()},m.add=function(r,h){var d,l=this;r=Number(r);var $=O.p(h),y=function(t){var e=w(l);return O.w(e.date(e.date()+Math.round(t*r)),l)};if($===f)return this.set(f,this.$M+r);if($===c)return this.set(c,this.$y+r);if($===a)return y(1);if($===o)return y(7);var M=(d={},d[s]=e,d[u]=n,d[i]=t,d)[$]||1,m=this.$d.getTime()+r*M;return O.w(m,this)},m.subtract=function(t,e){return this.add(-1*t,e)},m.format=function(t){var e=this,n=this.$locale();if(!this.isValid())return n.invalidDate||l;var r=t||"YYYY-MM-DDTHH:mm:ssZ",i=O.z(this),s=this.$H,u=this.$m,a=this.$M,o=n.weekdays,f=n.months,h=function(t,n,i,s){return t&&(t[n]||t(e,r))||i[n].slice(0,s)},c=function(t){return O.s(s%12||12,t,"0")},d=n.meridiem||function(t,e,n){var r=t<12?"AM":"PM";return n?r.toLowerCase():r},$={YY:String(this.$y).slice(-2),YYYY:this.$y,M:a+1,MM:O.s(a+1,2,"0"),MMM:h(n.monthsShort,a,f,3),MMMM:h(f,a),D:this.$D,DD:O.s(this.$D,2,"0"),d:String(this.$W),dd:h(n.weekdaysMin,this.$W,o,2),ddd:h(n.weekdaysShort,this.$W,o,3),dddd:o[this.$W],H:String(s),HH:O.s(s,2,"0"),h:c(1),hh:c(2),a:d(s,u,!0),A:d(s,u,!1),m:String(u),mm:O.s(u,2,"0"),s:String(this.$s),ss:O.s(this.$s,2,"0"),SSS:O.s(this.$ms,3,"0"),Z:i};return r.replace(y,(function(t,e){return e||$[t]||i.replace(":","")}))},m.utcOffset=function(){return 15*-Math.round(this.$d.getTimezoneOffset()/15)},m.diff=function(r,d,l){var $,y=O.p(d),M=w(r),m=(M.utcOffset()-this.utcOffset())*e,v=this-M,g=O.m(this,M);return g=($={},$[c]=g/12,$[f]=g,$[h]=g/3,$[o]=(v-m)/6048e5,$[a]=(v-m)/864e5,$[u]=v/n,$[s]=v/e,$[i]=v/t,$)[y]||v,l?g:O.a(g)},m.daysInMonth=function(){return this.endOf(f).$D},m.$locale=function(){return D[this.$L]},m.locale=function(t,e){if(!t)return this.$L;var n=this.clone(),r=S(t,e,!0);return r&&(n.$L=r),n},m.clone=function(){return O.w(this.$d,this)},m.toDate=function(){return new Date(this.valueOf())},m.toJSON=function(){return this.isValid()?this.toISOString():null},m.toISOString=function(){return this.$d.toISOString()},m.toString=function(){return this.$d.toUTCString()},M}(),T=_.prototype;return w.prototype=T,[["$ms",r],["$s",i],["$m",s],["$H",u],["$W",a],["$M",f],["$y",c],["$D",d]].forEach((function(t){T[t[1]]=function(e){return this.$g(e,t[0],t[1])}})),w.extend=function(t,e){return t.$i||(t(e,_,w),t.$i=!0),w},w.locale=S,w.isDayjs=p,w.unix=function(t){return w(1e3*t)},w.en=D[g],w.Ls=D,w.p={},w}));
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).dayjs_plugin_advancedFormat=t()}(this,(function(){"use strict";return function(e,t){var r=t.prototype,n=r.format;r.format=function(e){var t=this,r=this.$locale();if(!this.isValid())return n.bind(this)(e);var s=this.$utils(),a=(e||"YYYY-MM-DDTHH:mm:ssZ").replace(/\[([^\]]+)]|Q|wo|ww|w|WW|W|zzz|z|gggg|GGGG|Do|X|x|k{1,2}|S/g,(function(e){switch(e){case"Q":return Math.ceil((t.$M+1)/3);case"Do":return r.ordinal(t.$D);case"gggg":return t.weekYear();case"GGGG":return t.isoWeekYear();case"wo":return r.ordinal(t.week(),"W");case"w":case"ww":return s.s(t.week(),"w"===e?1:2,"0");case"W":case"WW":return s.s(t.isoWeek(),"W"===e?1:2,"0");case"k":case"kk":return s.s(String(0===t.$H?24:t.$H),"k"===e?1:2,"0");case"X":return Math.floor(t.$d.getTime()/1e3);case"x":return t.$d.getTime();case"z":return"["+t.offsetName()+"]";case"zzz":return"["+t.offsetName("long")+"]";default:return e}}));return n.bind(this)(a)}}}));
+dayjs.extend(window.dayjs_plugin_advancedFormat)

package/public/saltcorn-common.js

@@ -50,6 +50,11 @@ const nubBy = (prop, xs) => {
     return true;
   });
 };
+
+function valid_js_var_name(s) {
+  if (!s) return false;
+  return !!s.match(/^[a-zA-Z_$][a-zA-Z_$0-9]*$/);
+}
 function apply_showif() {
   const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   $("[data-show-if]").each(function (ix, element) {
@@ -83,7 +88,7 @@ function apply_showif() {
     const e = $(element);
     const rec = get_form_record(e);
     const href = new Function(
-      `{${Object.keys(rec).join(",")}}`,
+      `{${Object.keys(rec).filter(valid_js_var_name).join(",")}}`,
       "return " + e.attr("data-dyn-href")
     )(rec);
     e.attr("href", href);
@@ -155,7 +160,7 @@ function apply_showif() {
       e.prop("data-fetch-options-current-set", qs);
       const toAppend = [];
       if (!dynwhere.required)
-        toAppend.push({ label: dynwhere.neutral_label || "" });
+        toAppend.push({ label: dynwhere.neutral_label || "", value: "" });
       let currentDataOption = undefined;
       const dataOptions = [];
       //console.log(success);
@@ -191,7 +196,7 @@ function apply_showif() {
           .map(
             ({ label, value, selected }) =>
               `<option${selected ? ` selected` : ""}${
-                value ? ` value="${value}"` : ""
+                typeof value !== "undefined" ? ` value="${value}"` : ""
               }>${label || ""}</option>`
           )
           .join("")
@@ -285,9 +290,13 @@ function apply_showif() {
             .closest(".form-namespace")
             .find("input[name=_columndef]");
           try {
-            const def = JSON.parse($def.val());
-            def[k] = v;
-            $def.val(JSON.stringify(def));
+            const defval = $def.val();
+            const def =
+              typeof defval === "undefined" ? undefined : JSON.parse(defval);
+            if (def) {
+              def[k] = v;
+              $def.val(JSON.stringify(def));
+            }
           } catch (e) {
             console.error("Invalid json", e);
           }
@@ -381,24 +390,46 @@ function get_form_record(e_in, select_labels) {
     ? $(`form[data-viewname=${e_in.viewname}]`)
     : e_in.closest(".form-namespace");
 
+  const form = $(e).closest("form");
+
+  const rowVals = form.attr("data-row-values");
+  if (rowVals)
+    try {
+      const initRow = JSON.parse(decodeURIComponent(rowVals));
+      Object.assign(rec, initRow);
+    } catch (error) {
+      console.error(error);
+    }
+
   e.find("input[name],select[name],textarea[name]").each(function () {
-    const name = $(this).attr("data-fieldname") || $(this).attr("name");
-    if (select_labels && $(this).prop("tagName").toLowerCase() === "select")
-      rec[name] = $(this).find("option:selected").text();
-    else if ($(this).prop("type") === "checkbox")
-      rec[name] = $(this).prop("checked");
-    else rec[name] = $(this).val();
+    const $this = $(this);
+    const name = $this.attr("data-fieldname") || $this.attr("name");
+    if (select_labels && $this.prop("tagName").toLowerCase() === "select")
+      rec[name] = $this.find("option:selected").text();
+    else if ($this.prop("type") === "checkbox")
+      rec[name] = $this.prop("checked");
+    else if ($this.prop("type") === "radio" && !$this.prop("checked")) {
+      //do nothing
+    } else rec[name] = $this.val();
   });
   return rec;
 }
 function showIfFormulaInputs(e, fml) {
   const rec = get_form_record(e);
+  if (window._sc_loglevel > 4)
+    console.log(`show if fml ${fml} form_record`, rec);
   try {
-    return new Function(`{${Object.keys(rec).join(",")}}`, "return " + fml)(
-      rec
-    );
+    return new Function(
+      "row",
+      `{${Object.keys(rec).join(",")}}`,
+      "return " + fml
+    )(rec, rec);
   } catch (e) {
-    throw new Error(`Error in evaluating showIf formula ${fml}: ${e.message}`);
+    throw new Error(
+      `Error in evaluating showIf formula ${fml} with values ${JSON.stringify(
+        rec
+      )}: ${e.message}`
+    );
   }
 }
 
@@ -579,7 +610,7 @@ function initialize_page() {
       schema = JSON.parse(decodeURIComponent(schema));
     }
     if (type === "Date") {
-      console.log("timeelsems", $(this).find("span.current time"));
+      //console.log("timeelsems", $(this).find("span.current time"));
       current =
         $(this).attr("data-inline-edit-current") ||
         $(this).find("span.current time").attr("datetime"); // ||
@@ -736,12 +767,37 @@ function initialize_page() {
           $(el).addClass("codemirror-enabled");
           cm.on(
             "change",
-            $.debounce(() => {
-              $(el).closest("form").trigger("change");
-            }),
-            500,
-            null,
-            true
+            $.debounce(
+              (cm1) => {
+                cm1.save();
+                if ($(el).hasClass("validate-statements")) {
+                  try {
+                    let AsyncFunction = Object.getPrototypeOf(
+                      async function () {}
+                    ).constructor;
+                    AsyncFunction(cm.getValue());
+                    $(el).closest("form").trigger("change");
+                  } catch (e) {
+                    const form = $(el).closest("form");
+                    const errorArea = form.parent().find(".full-form-error");
+                    if (errorArea.length) errorArea.text(e.message);
+                    else
+                      form
+                        .parent()
+                        .append(
+                          `<p class="text-danger full-form-error">${e.message}</p>`
+                        );
+                    return;
+                  }
+                } else {
+                  cm1.save();
+                  $(el).closest("form").trigger("change");
+                }
+              },
+              500,
+              null,
+              true
+            )
           );
         });
       }, 100);
@@ -1350,3 +1406,35 @@ function check_saltcorn_notifications() {
     }
   });
 }
+
+function disable_inactive_tab_inputs(id) {
+  setTimeout(() => {
+    const isAccordion = $(`#${id}`).hasClass("accordion");
+    const iterElem = isAccordion
+      ? `#${id} div.accordion-item .accordion-button`
+      : `#${id} li a`;
+    $(iterElem).each(function () {
+      const isActive = isAccordion
+        ? !$(this).hasClass("collapsed")
+        : $(this).hasClass("active");
+      const target = isAccordion
+        ? $(this).attr("data-bs-target")
+        : $(this).attr("href");
+      if (isActive) {
+        //activate previously disabled
+        $(target)
+          .find("[disabled-by-tab]")
+          .prop("disabled", false)
+          .removeAttr("disabled-by-tab");
+      } else {
+        //disable all input
+        $(target)
+          .find(
+            "input:not(:disabled), textarea:not(:disabled), button:not(:disabled), select:not(:disabled)"
+          )
+          .prop("disabled", true)
+          .attr("disabled-by-tab", "1");
+      }
+    });
+  }, 100);
+}

package/public/saltcorn.css

@@ -241,6 +241,7 @@ input.hideupdownbtns::-webkit-inner-spin-button {
 
 input.hideupdownbtns[type="number"] {
   -moz-appearance: textfield;
+  text-align: center;
 }
 
 section.range-slider {

package/public/saltcorn.js

@@ -360,7 +360,7 @@ function submitWithAjax(e) {
   saveAndContinue(e, (res) => {
     if (res && res.responseJSON && res.responseJSON.url_when_done)
       window.location.href = res.responseJSON.url_when_done;
-    if (res && res.responseJSON && res.responseJSON.error)
+    if (res && res.responseJSON && res.responseJSON.error && res.status < 300)
       notifyAlert({ type: "danger", text: res.responseJSON.error });
   });
 }

package/routes/actions.js

@@ -145,7 +145,7 @@ const triggerForm = async (req, trigger) => {
     .filter(([k, v]) => v.hasChannel)
     .map(([k, v]) => k);
   const allActions = actions.map((t) => t.name);
-  const table_triggers = ["Insert", "Update", "Delete"];
+  const table_triggers = ["Insert", "Update", "Delete", "Validate"];
   const action_options = {};
   const actionsNotRequiringRow = actions
     .filter((a) => !a.requireRow)

package/routes/api.js

@@ -358,14 +358,22 @@ router.all(
         if (accessAllowed(req, user, trigger)) {
           try {
             const action = getState().actions[trigger.action];
+            const row = req.method === "GET" ? req.query : req.body;
             const resp = await action.run({
               configuration: trigger.configuration,
               body: req.body,
-              row: req.method === "GET" ? req.query : req.body,
+              row,
               req,
               user: user || req.user,
             });
-            res.json({ success: true, data: resp });
+            if (
+              (row._process_result || req.headers?.scprocessresults) &&
+              resp?.goto
+            )
+              res.redirect(resp.goto);
+            else if (req.headers?.scgotourl)
+              res.redirect(req.headers?.scgotourl);
+            else res.json({ success: true, data: resp });
           } catch (e) {
             Crash.create(e, req);
             res.status(400).json({ success: false, error: e.message });

package/routes/common_lists.js

@@ -344,11 +344,7 @@ const getPageList = (rows, roles, req, { tagId, domId, showList } = {}) => {
       },
       {
         label: req.__("Edit"),
-        key: (r) =>
-          link(
-            `/pageedit/${!r.html_file ? "edit" : "edit-properties"}/${r.name}`,
-            req.__(!r.html_file ? "Edit" : "Edit properties")
-          ),
+        key: (r) => link(`/pageedit/edit/${r.name}`, req.__("Edit")),
       },
       !tagId
         ? {

package/routes/fields.js

@@ -996,6 +996,30 @@ router.post(
         result = row[field.name];
       } else if (field.stored) {
         const f = get_async_expression_function(formula, fields);
+        //are there join fields in formula?
+        const joinFields = {};
+        add_free_variables_to_joinfields(
+          freeVariables(formula),
+          joinFields,
+          table.fields
+        );
+        for (const { target, ref, through, rename_object } of Object.values(
+          joinFields
+        )) {
+          const jf = table.getField(ref);
+          const jtable = Table.findOne(jf.reftable_name);
+          const jrow = await jtable.getRow({ [jtable.pk_name]: row[ref] });
+          row[ref] = jrow;
+          if (through) {
+            const jf2 = jtable.getField(through);
+            const jtable2 = Table.findOne(jf2.reftable_name);
+            const jrow2 = await jtable2.getRow({
+              [jtable2.pk_name]: jrow[through],
+            });
+            row[ref][through] = jrow2;
+          }
+        }
+
         result = await f(row);
       } else {
         const f = get_expression_function(formula, fields);
@@ -1145,7 +1169,10 @@ router.post(
     }
 
     const field = table.getField(fieldName);
-
+    if (!field) {
+      res.send("");
+      return;
+    }
     const fieldViewConfigForms = await calcfldViewConfig([field], false, 0);
     const formFields = fieldViewConfigForms[field.name][fv_name];
     if (!formFields) {

package/routes/homepage.js

@@ -12,8 +12,9 @@ const View = require("@saltcorn/data/models/view");
 const User = require("@saltcorn/data/models/user");
 const File = require("@saltcorn/data/models/file");
 const Page = require("@saltcorn/data/models/page");
+const Plugin = require("@saltcorn/data/models/plugin");
 const { link, mkTable } = require("@saltcorn/markup");
-const { div, a, p, i } = require("@saltcorn/markup/tags");
+const { div, a, p, i, h5, span } = require("@saltcorn/markup/tags");
 const Table = require("@saltcorn/data/models/table");
 const { get_cached_packs } = require("@saltcorn/admin-models/models/pack");
 // const { restore_backup } = require("../markup/admin");
@@ -310,10 +311,80 @@ const packTab = (req, packlist) =>
       { noHeader: true }
     ),
     a(
-      { href: `/plugins?set=packs`, class: "btn btn-primary" },
+      { href: `/plugins?set=packs`, class: "btn btn-sm btn-primary" },
       req.__("Go to pack store »")
     )
   );
+
+const themeCard = (req, roleMap) => {
+  const state_layouts = getState().layouts;
+  const state_layout_names = Object.keys(state_layouts);
+  const layout_by_role = getState().getConfig("layout_by_role");
+  const used_layout_by_role = {};
+  Object.keys(roleMap).forEach((role_id) => {
+    used_layout_by_role[role_id] =
+      layout_by_role[role_id] ||
+      state_layout_names[state_layout_names.length - 1];
+  });
+  const themes_available = Plugin.get_cached_plugins().filter(
+    (p) => p.has_theme && !state_layout_names.includes(p.name)
+  );
+  const layouts = Object.entries(getState().layouts)
+    .filter(([nm, v]) => nm !== "emergency")
+    .map(([name, layout]) => {
+      let plugin = getState().plugins[name];
+      const for_role = Object.entries(used_layout_by_role)
+        .filter(([role, rname]) => rname === name)
+        .map(([role, rname]) =>
+          span({ class: "badge bg-info" }, roleMap[role])
+        );
+
+      return {
+        name,
+        layout,
+        plugin,
+        for_role,
+        edit_cfg_link: plugin?.configuration_workflow
+          ? a(
+              {
+                href: `/plugins/configure/${encodeURIComponent(name)}`,
+              },
+              i({ class: "fa fa-cog ms-2" })
+            )
+          : "",
+      };
+    });
+  const show_installable = themes_available.length > 0 || layouts.length == 1;
+  return div(
+    { class: "pb-3 pt-2 pe-4" },
+    mkTable(
+      [
+        {
+          label: req.__("Installed theme"),
+          key: ({ name, edit_cfg_link }) => `${name}${edit_cfg_link}`,
+        },
+        {
+          label: req.__("Theme for role"),
+          key: ({ for_role }) => for_role.join(" "),
+        },
+      ],
+      layouts
+    ),
+    a({ href: "/roleadmin" }, req.__("Set theme for each user role »")),
+    show_installable && h5({ class: "mt-2" }, req.__("Available themes")),
+    show_installable &&
+      div(
+        themes_available
+          .map((p) => span({ class: "badge bg-secondary" }, p.name))
+          .join(" ")
+      ),
+    show_installable &&
+      a(
+        { href: `/plugins?set=themes`, class: "mt-2" },
+        req.__("Install more themes »")
+      )
+  );
+};
 /**
  * Help Card
  * @param req
@@ -412,10 +483,12 @@ const welcome_page = async (req) => {
               users.length > 4
                 ? {
                     Users: await usersTab(req, users, roleMap),
+                    Theme: themeCard(req, roleMap),
                     Help: helpCard(req),
                   }
                 : {
                     Help: helpCard(req),
+                    Theme: themeCard(req, roleMap),
                     Users: await usersTab(req, users, roleMap),
                   },
           },

package/routes/page.js

@@ -16,6 +16,7 @@ const {
   isAdmin,
   sendHtmlFile,
 } = require("../routes/utils.js");
+const { isTest } = require("@saltcorn/data/utils");
 const { add_edit_bar } = require("../markup/admin.js");
 const { traverseSync } = require("@saltcorn/data/models/layout");
 const { run_action_column } = require("@saltcorn/data/plugin-helper");
@@ -52,12 +53,13 @@ router.get(
       const title = scan_for_page_title(contents, db_page.title);
       const tock = new Date();
       const ms = tock.getTime() - tic.getTime();
-      Trigger.emitEvent("PageLoad", null, req.user, {
-        text: req.__("Page '%s' was loaded", pagename),
-        type: "page",
-        name: pagename,
-        render_time: ms,
-      });
+      if (!isTest())
+        Trigger.emitEvent("PageLoad", null, req.user, {
+          text: req.__("Page '%s' was loaded", pagename),
+          type: "page",
+          name: pagename,
+          render_time: ms,
+        });
       if (contents.html_file) await sendHtmlFile(req, res, contents.html_file);
       else
         res.sendWrap(

package/routes/pageedit.js

@@ -9,7 +9,7 @@ const View = require("@saltcorn/data/models/view");
 const Field = require("@saltcorn/data/models/field");
 const Table = require("@saltcorn/data/models/table");
 const Page = require("@saltcorn/data/models/page");
-const { div, a } = require("@saltcorn/markup/tags");
+const { div, a, iframe, script } = require("@saltcorn/markup/tags");
 const { getState } = require("@saltcorn/data/db/state");
 const User = require("@saltcorn/data/models/user");
 const Workflow = require("@saltcorn/data/models/workflow");
@@ -41,6 +41,7 @@ const {
 const { getActionConfigFields } = require("@saltcorn/data/plugin-helper");
 const Library = require("@saltcorn/data/models/library");
 const path = require("path");
+const fsp = require("fs").promises;
 
 /**
  * @type {object}
@@ -431,6 +432,116 @@ router.post(
 );
 
 /**
+ * open the builder
+ * @param {*} req
+ * @param {*} res
+ * @param {*} page
+ */
+const getEditNormalPage = async (req, res, page) => {
+  // set fixed states in page directly for legacy builds
+  traverseSync(page.layout, {
+    view(s) {
+      if (s.state === "fixed" && !s.configuration) {
+        const fs = page.fixed_states[s.name];
+        if (fs) s.configuration = fs;
+      }
+    },
+  });
+  const options = await pageBuilderData(req, page);
+  const builderData = {
+    options,
+    context: page,
+    layout: page.layout,
+    mode: "page",
+    version_tag: db.connectObj.version_tag,
+  };
+  res.sendWrap(
+    req.__(`%s configuration`, page.name),
+    wrap(renderBuilder(builderData, req.csrfToken()), true, req, page)
+  );
+};
+
+/**
+ * open a file editor with an iframe preview
+ * @param {*} req
+ * @param {*} res
+ * @param {*} page
+ */
+const getEditPageWithHtmlFile = async (req, res, page) => {
+  const htmlFile = page.html_file;
+  const iframeId = "page_preview_iframe";
+  const updateBttnId = "addnUpdBtn";
+  const file = await File.findOne(htmlFile);
+  if (!file) {
+    req.flash("error", req.__("File not found"));
+    return res.redirect(`/pageedit`);
+  }
+  const editForm = new Form({
+    action: `/pageedit/edit/${encodeURIComponent(page.name)}`,
+    fields: [
+      {
+        name: "code",
+        form_name: "code",
+        label: "Code",
+        input_type: "code",
+        attributes: { mode: "text/html" },
+        validator(s) {
+          return true;
+        },
+      },
+    ],
+    values: {
+      code: await fsp.readFile(file.location, "utf8"),
+    },
+    onChange: `document.getElementById('${updateBttnId}').disabled = false;`,
+    additionalButtons: [
+      {
+        label: req.__("Update"),
+        id: updateBttnId,
+        class: "btn btn-primary",
+        onclick: `saveAndContinue(this, () => {
+          document.getElementById('${iframeId}').contentWindow.location.reload();
+          document.getElementById('${updateBttnId}').disabled = true;
+        })`,
+        disabled: true,
+      },
+    ],
+    submitLabel: req.__("Finish") + " »",
+  });
+  res.sendWrap(req.__("Edit %s", page.title), {
+    above: [
+      {
+        type: "card",
+        title: "Edit",
+        titleAjaxIndicator: true,
+        contents: [renderForm(editForm, req.csrfToken())],
+      },
+      {
+        type: "card",
+        title: "Preview",
+        contents: [
+          iframe({
+            id: iframeId,
+            src: `/files/serve/${encodeURIComponent(htmlFile)}`,
+          }),
+          script(`
+            const iframe = document.getElementById("${iframeId}");
+            iframe.onload = () => {
+              const _iframe = document.getElementById("${iframeId}");
+              if (_iframe.contentWindow.document.body) {
+                _iframe.width = _iframe.contentWindow.document.body.scrollWidth;
+                _iframe.height = _iframe.contentWindow.document.body.scrollHeight;
+              }
+            }`),
+        ],
+      },
+    ],
+  });
+};
+
+/**
+ * for normal pages, open the builder
+ * for pages with a fixed html file, open a file editor with an iframe preview
  * @name get/edit/:pagename
  * @function
  * @memberof module:routes/pageedit~pageeditRouter
@@ -446,27 +557,8 @@ router.get(
       req.flash("error", req.__(`Page %s not found`, pagename));
       res.redirect(`/pageedit`);
     } else {
-      // set fixed states in page directly for legacy builds
-      traverseSync(page.layout, {
-        view(s) {
-          if (s.state === "fixed" && !s.configuration) {
-            const fs = page.fixed_states[s.name];
-            if (fs) s.configuration = fs;
-          }
-        },
-      });
-      const options = await pageBuilderData(req, page);
-      const builderData = {
-        options,
-        context: page,
-        layout: page.layout,
-        mode: "page",
-        version_tag: db.connectObj.version_tag,
-      };
-      res.sendWrap(
-        req.__(`%s configuration`, page.name),
-        wrap(renderBuilder(builderData, req.csrfToken()), true, req, page)
-      );
+      if (!page.html_file) await getEditNormalPage(req, res, page);
+      else await getEditPageWithHtmlFile(req, res, page);
     }
   })
 );
@@ -495,13 +587,33 @@ router.post(
       await Page.update(page.id, {
         layout: decodeURIComponent(req.body.layout),
       });
-
       req.flash("success", req.__(`Page %s saved`, pagename));
       res.redirect(redirectTarget);
+    } else if (req.body.code) {
+      try {
+        if (!page.html_file) throw new Error(req.__("File not found"));
+        const file = await File.findOne(page.html_file);
+        if (!file) throw new Error(req.__("File not found"));
+        await fsp.writeFile(file.location, req.body.code);
+        if (!req.xhr) {
+          req.flash("success", req.__(`Page %s saved`, pagename));
+          res.redirect(redirectTarget);
+        } else res.json({ okay: true });
+      } catch (error) {
+        getState().log(2, `POST /edit/${pagename}: '${error.message}'`);
+        req.flash(
+          "error",
+          `${req.__("Error")}: ${error.message || req.__("An error occurred")}`
+        );
+        if (!req.xhr) res.redirect(redirectTarget);
+        else res.json({ error: error.message });
+      }
     } else {
+      getState().log(2, `POST /edit/${pagename}: '${req.body}'`);
       req.flash("error", req.__(`Error processing page`));
       res.redirect(redirectTarget);
     }
+    getState().log(5, `POST /edit/${pagename}: Success`);
   })
 );
 

package/routes/view.js

@@ -18,7 +18,7 @@ const {
   setTenant,
 } = require("../routes/utils.js");
 const { add_edit_bar } = require("../markup/admin.js");
-const { InvalidConfiguration } = require("@saltcorn/data/utils");
+const { InvalidConfiguration, isTest } = require("@saltcorn/data/utils");
 const { getState } = require("@saltcorn/data/db/state");
 
 /**
@@ -88,12 +88,13 @@ router.get(
       res.set("SaltcornModalLinkOut", `true`);
     const tock = new Date();
     const ms = tock.getTime() - tic.getTime();
-    Trigger.emitEvent("PageLoad", null, req.user, {
-      text: req.__("View '%s' was loaded", viewname),
-      type: "view",
-      name: viewname,
-      render_time: ms,
-    });
+    if (!isTest())
+      Trigger.emitEvent("PageLoad", null, req.user, {
+        text: req.__("View '%s' was loaded", viewname),
+        type: "view",
+        name: viewname,
+        render_time: ms,
+      });
     if (typeof contents === "object" && contents.goto)
       res.redirect(contents.goto);
     else

package/s3storage.js

@@ -1,5 +1,4 @@
-require("aws-sdk/lib/maintenance_mode_message").suppress = true;
-const aws = require("aws-sdk");
+const { S3 } = require("@aws-sdk/client-s3");
 const multer = require("multer");
 const multerS3 = require("multer-s3");
 const { getState } = require("@saltcorn/data/db/state");
@@ -8,9 +7,11 @@ const { v4: uuidv4 } = require("uuid");
 const contentDisposition = require("content-disposition");
 const fs = require("fs");
 function createS3Client() {
-  return new aws.S3({
-    secretAccessKey: getState().getConfig("storage_s3_access_secret"),
-    accessKeyId: getState().getConfig("storage_s3_access_key"),
+  return new S3({
+    credentials: {
+      secretAccessKey: getState().getConfig("storage_s3_access_secret"),
+      accessKeyId: getState().getConfig("storage_s3_access_key"),
+    },
     region: getState().getConfig("storage_s3_region"),
     endpoint: getState().getConfig("storage_s3_endpoint"),
   });

package/tests/fields.test.js

@@ -364,7 +364,43 @@ describe("Field Endpoints", () => {
     await request(app)
       .post("/field/show-calculated/books/pagesp1/show")
       .set("Cookie", loginCookie)
-      .expect((r) => +r.body > 1);
+      .expect((r) => +r.body > 2);
+  });
+  it("should show calculated with single joinfield", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const table = Table.findOne({ name: "patients" });
+    await Field.create({
+      table,
+      label: "pagesp1",
+      type: "Integer",
+      calculated: true,
+      stored: true,
+      expression: "favbook.pages+1",
+    });
+    const app = await getApp({ disableCsrf: true });
+
+    await request(app)
+      .post("/field/show-calculated/patients/pagesp1/show")
+      .set("Cookie", loginCookie)
+      .expect((r) => +r.body > 2);
+  });
+  it("should show calculated with double joinfield", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const table = Table.findOne({ name: "readings" });
+    await Field.create({
+      table,
+      label: "pagesp1",
+      type: "Integer",
+      calculated: true,
+      stored: true,
+      expression: "patient_id.favbook.pages+1",
+    });
+    const app = await getApp({ disableCsrf: true });
+
+    await request(app)
+      .post("/field/show-calculated/readings/pagesp1/show")
+      .set("Cookie", loginCookie)
+      .expect((r) => +r.body > 2);
   });
 });
 

package/tests/page.test.js

@@ -16,6 +16,7 @@ const Page = require("@saltcorn/data/models/page");
 const File = require("@saltcorn/data/models/file");
 const { existsSync } = require("fs");
 const { join } = require("path");
+const fs = require("fs");
 
 let htmlFile = null;
 
@@ -26,24 +27,20 @@ const prepHtmlFiles = async () => {
       db.getTenantSchema(),
       folder
     );
+    const html = `<html><head><title>Landing page</title></head><body><h1>${content}</h1></body></html>`;
     if (!existsSync(scFolder)) await File.new_folder(folder);
     if (!existsSync(join(scFolder, name))) {
-      return await File.from_contents(
-        name,
-        "text/html",
-        `<html><head><title>Landing page</title></head><body><h1>${content}</h1></body></html>`,
-        1,
-        1,
-        folder
-      );
+      return await File.from_contents(name, "text/html", html, 1, 1, folder);
     } else {
       const file = await File.from_file_on_disk(name, scFolder);
+      fs.writeFileSync(file.location, html);
       file.location = File.absPathToServePath(file.location);
       return file;
     }
   };
   htmlFile = await createFile("/", "fixed_page.html", "Land here");
   await createFile("/subfolder", "fixed_page2.html", "Or Land here");
+  await createFile("/", "test.html", "page with fixed html");
 };
 
 beforeAll(async () => {
@@ -135,6 +132,11 @@ describe("page create", () => {
 
   it("does not find the html file for staff or public", async () => {
     const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .post(`/files/setrole/fixed_page.html`)
+      .set("Cookie", await getAdminLoginCookie())
+      .send("role=1")
+      .expect(toRedirect("/files?dir=."));
     const loginCookie = await getStaffLoginCookie();
     await request(app)
       .get("/page/new_page_with_html_file")
@@ -247,6 +249,33 @@ describe("pageedit", () => {
       .set("Cookie", loginCookie)
       .expect(toInclude("<script>builder.renderBuilder"));
   });
+  it("show editor with html file", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .get("/pageedit/edit/page_with_html_file")
+      .set("Cookie", loginCookie)
+      .expect(toInclude(`<textarea mode="text/html"`));
+  });
+  it("edit editor with html file", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    const newHtml =
+      "<html><head><title>title</title></head><body><h1>new html</h1></body</html>";
+    await request(app)
+      .get("/page/page_with_html_file")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("page with fixed html"));
+    await request(app)
+      .post("/pageedit/edit/page_with_html_file")
+      .set("Cookie", loginCookie)
+      .send("code=" + encodeURIComponent(newHtml))
+      .expect(toRedirect("/pageedit"));
+    await request(app)
+      .get("/page/page_with_html_file")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("new html"));
+  });
 
   it("sets root page", async () => {
     const app = await getApp({ disableCsrf: true });

package/tests/table.test.js

@@ -17,8 +17,12 @@ const db = require("@saltcorn/data/db");
 const User = require("@saltcorn/data/models/user");
 const { plugin_with_routes } = require("@saltcorn/data/tests/mocks");
 const { getState } = require("@saltcorn/data/db/state");
+const { sleep } = require("@saltcorn/data/utils");
 
-afterAll(db.close);
+afterAll(async () => {
+  await sleep(200);
+  await db.close();
+});
 beforeAll(async () => {
   await resetToFixtures();
 });

package/tests/view.test.js

@@ -17,6 +17,9 @@ const View = require("@saltcorn/data/models/view");
 const Table = require("@saltcorn/data/models/table");
 
 const { plugin_with_routes } = require("@saltcorn/data/tests/mocks");
+const {
+  prepareArtistsAlbumRelation,
+} = require("@saltcorn/data/tests/common_helpers");
 
 afterAll(db.close);
 beforeAll(async () => {
@@ -586,3 +589,97 @@ describe("inbound relations", () => {
       .expect(toNotInclude("Content of post CPost C"));
   });
 });
+
+describe("many to many relations", () => {
+  beforeAll(async () => {
+    await prepareArtistsAlbumRelation();
+  });
+
+  it("artist_plays_on_album", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .get("/view/show_artist?id=1")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("album A"))
+      .expect(toInclude("album B"));
+
+    await request(app)
+      .get("/view/show_artist?id=2")
+      .set("Cookie", loginCookie)
+      .expect(toInclude("album A"))
+      .expect(toNotInclude("album B"));
+  });
+
+  it("albums feed with query", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+
+    const queryObj_1 = {
+      relation: ".artists.artist_plays_on_album$artist.album",
+      srcId: 1,
+    };
+    await request(app)
+      .get(
+        `/view/albums_feed?_inbound_relation_path_=${encodeURIComponent(
+          JSON.stringify(queryObj_1)
+        )}`
+      )
+      .set("Cookie", loginCookie)
+      .expect(toInclude("album A"))
+      .expect(toInclude("album B"));
+
+    const queryObj_2 = {
+      relation: ".artists.artist_plays_on_album$artist.album",
+      srcId: 2,
+    };
+    await request(app)
+      .get(
+        `/view/albums_feed?_inbound_relation_path_=${encodeURIComponent(
+          JSON.stringify(queryObj_2)
+        )}`
+      )
+      .set("Cookie", loginCookie)
+      .expect(toInclude("album A"))
+      .expect(toNotInclude("album B"));
+  });
+
+  it("fan_club feed with query", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+
+    const queryObj_1 = {
+      relation:
+        ".pressing_job.album.artist_plays_on_album$album.artist.fan_club$artist",
+      srcId: 1,
+    };
+    await request(app)
+      .get(
+        `/view/fan_club_feed?_inbound_relation_path_=${encodeURIComponent(
+          JSON.stringify(queryObj_1)
+        )}`
+      )
+      .set("Cookie", loginCookie)
+      .expect(toInclude("crazy fan club"))
+      .expect(toInclude("another club"))
+      .expect(toInclude("fan club"))
+      .expect(toInclude("fan club official"));
+
+    const queryObj_2 = {
+      relation:
+        ".pressing_job.album.artist_plays_on_album$album.artist.fan_club$artist",
+      srcId: 2,
+    };
+    await request(app)
+      .get(
+        `/view/fan_club_feed?_inbound_relation_path_=${encodeURIComponent(
+          JSON.stringify(queryObj_2)
+        )}`
+      )
+      .set("Cookie", loginCookie)
+      .expect(toInclude("crazy fan club"))
+      .expect(toNotInclude("another club"))
+      .expect(toInclude("fan club"))
+      .expect(toInclude("fan club official"));
+  });
+});

package/wrapper.js

@@ -316,7 +316,14 @@ module.exports = (version_tag) =>
       if (req.xhr) {
         const renderToHtml = layout.renderBody
           ? (h, role, req) =>
-              layout.renderBody({ title, body: h, role, alerts, req })
+              layout.renderBody({
+                title,
+                body: h,
+                role,
+                alerts,
+                req,
+                hints: layout.hints,
+              })
           : defaultRenderToHtml;
         res.header(
           "Cache-Control",