@saltcorn/server 0.9.6-beta.9 → 0.9.7-rc.0

package/help/User roles.tmd

@@ -0,0 +1,30 @@
+Each user in Saltcorn has a role and the roles have a strictly hierachical ordering, 
+which you [can edit](/roleadmin). The ordering means that users in a role can access
+everything the users in the role "below" then can acceess, but the users in the role
+"above" have further access. 
+
+Assigning access by role is a quick way to give users more or less access based on how
+much you trust them. Use the role to Determine access to views, pages (by setting the 
+minimum role to run on each entity) and tables (by setting the minimum role to read or write.)
+In addition many components of views, such as actionsm containers or columns in lists have a 
+setting for the minimum role to show or run.
+
+Sometimes you need more refined access control than that afforded by a simple hierarchical
+role system. For these purposes you can use table ownership (see the help topics in the table
+properties). 
+
+When there is no logged in user, The permissions will treat the session as if it is a user 
+with the role public (role id = 100). You can use this to give access to resources to non-logged-in
+visitors.
+
+For each role, you can set the theme (out of the themes installed in the module store) and the 
+two-factor authentication (2FA) policy, where you can allow users to set up 2FA (Optional), 
+disallow 2FA (Disabled), or force users to set up 2FA (Mandatory)
+
+In the role editor you can also create new roles. When you do so, you set the role name and the 
+role ID. The role ID determines the how high the new role is in the role hierarchy, with a lower 
+role ID indicating a more powerful role. The lowest role ID is the admin user role, with ID = 1, 
+who have access to all resource and in addition can edit views, pages etc. The least powerful role is 
+the public (not logged in) users, with role ID = 100. Normally newly created users have role 80 
+(role ID = 80), but you can set the role of signed up users in the 
+[Login and signup settings](useradmin/settings).

package/load_plugins.js

@@ -8,6 +8,8 @@
 const db = require("@saltcorn/data/db");
 const { getState, getRootState } = require("@saltcorn/data/db/state");
 const Plugin = require("@saltcorn/data/models/plugin");
+const { isRoot } = require("@saltcorn/data/utils");
+const { eachTenant } = require("@saltcorn/admin-models/models/tenant");
 
 const PluginInstaller = require("@saltcorn/plugins-loader/plugin_installer");
 
@@ -60,9 +62,23 @@ const loadPlugin = async (plugin, force) => {
       console.error(error); // todo i think that situation is not resolved
     }
   }
+
+  if (isRoot() && res.plugin_module.authentication)
+    await eachTenant(reloadAuthFromRoot);
   return res;
 };
 
+const reloadAuthFromRoot = () => {
+  if (isRoot()) return;
+  const rootState = getRootState();
+  const tenantState = getState();
+  if (!rootState || !tenantState || rootState === tenantState) return;
+  tenantState.auth_methods = {};
+  for (const [k, v] of Object.entries(rootState.auth_methods)) {
+    if (v.shareWithTenants) tenantState.auth_methods[k] = v;
+  }
+};
+
 /**
  * Install plugin
  * @param plugin - plugin name
@@ -90,6 +106,7 @@ const loadAllPlugins = async (force) => {
   }
   await getState().refreshUserLayouts();
   await getState().refresh(true);
+  if (!isRoot()) reloadAuthFromRoot();
 };
 
 /**
@@ -104,14 +121,14 @@ const loadAndSaveNewPlugin = async (
   plugin,
   force,
   noSignalOrDB,
-  __ = (str) => str
+  __ = (str) => str,
+  allowUnsafeOnTenantsWithoutConfigSetting
 ) => {
   const tenants_unsafe_plugins = getRootState().getConfig(
     "tenants_unsafe_plugins",
     false
   );
-  const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
-  if (!isRoot && !tenants_unsafe_plugins) {
+  if (!isRoot() && !tenants_unsafe_plugins) {
     if (plugin.source !== "npm") {
       console.error("\nWARNING: Skipping unsafe plugin ", plugin.name);
       return;
@@ -126,7 +143,10 @@ const loadAndSaveNewPlugin = async (
 
     const instore = getRootState().getConfig("available_plugins", []);
     const safes = instore.filter((p) => !p.unsafe).map((p) => p.location);
-    if (!safes.includes(plugin.location)) {
+    if (
+      !safes.includes(plugin.location) &&
+      !allowUnsafeOnTenantsWithoutConfigSetting
+    ) {
       console.error("\nWARNING: Skipping unsafe plugin ", plugin.name);
       return;
     }
@@ -196,6 +216,10 @@ const loadAndSaveNewPlugin = async (
     }
   }
   if (version) plugin.version = version;
+
+  if (isRoot() && plugin_module.authentication)
+    await eachTenant(reloadAuthFromRoot);
+
   if (!noSignalOrDB) {
     await plugin.upsert();
     getState().processSend({

package/locales/en.json

@@ -1426,5 +1426,32 @@
 	"Keystore Password": "Keystore Password",
 	"xcodebuild": "xcodebuild",
 	"Provisioning Profile": "Provisioning Profile",
-	"Registry editor": "Registry editor"
+	"Registry editor": "Registry editor",
+	"Mobile HTML": "Mobile HTML",
+	"HTML for the item in the bottom navigation bar. Currently, only supported by the metronic theme.": "HTML for the item in the bottom navigation bar. Currently, only supported by the metronic theme.",
+	"A short name that will be in the page URL": "A short name that will be in the page URL",
+	"A longer description that is not visible but appears in the page header and is indexed by search engines": "A longer description that is not visible but appears in the page header and is indexed by search engines",
+	"User role required to access page": "User role required to access page",
+	"Example: <code>`/view/TheOtherView?id=${id}`</code>": "Example: <code>`/view/TheOtherView?id=${id}`</code>",
+	"Older": "Older",
+	"Newest": "Newest",
+	"Delete all read": "Delete all read",
+	"Trigger %s duplicated as %s": "Trigger %s duplicated as %s",
+	"Tooltip": "Tooltip",
+	"Tooltip formula": "Tooltip formula",
+	"Install a different version": "Install a different version",
+	"Page group": "Page group",
+	"Starting upgrade, please wait...\n": "Starting upgrade, please wait...\n",
+	"Upgrade done (if it was available) with code 0.\n\nPress the BACK button in your browser, then RELOAD the page.": "Upgrade done (if it was available) with code 0.\n\nPress the BACK button in your browser, then RELOAD the page.",
+	"Installing %s, please wait...\n": "Installing %s, please wait...\n",
+	"Install done with code 0.\n\nPress the BACK button in your browser, then RELOAD the page.": "Install done with code 0.\n\nPress the BACK button in your browser, then RELOAD the page.",
+	"Pulling the cordova-builder docker image...": "Pulling the cordova-builder docker image...",
+	"Check updates": "Check updates",
+	"Choose version": "Choose version",
+	"Unknown authentication method %s": "Unknown authentication method %s",
+	"Card rows": "Card rows",
+	"Each row in a card. Not supported by all themes": "Each row in a card. Not supported by all themes",
+	"Prune session interval (seconds)": "Prune session interval (seconds)",
+	"Interval in seconds to check for expred sessions in the postgres db. 0, empty or a negative number to disable": "Interval in seconds to check for expred sessions in the postgres db. 0, empty or a negative number to disable",
+	"Progressive Web Application is not enabled": "Progressive Web Application is not enabled"
 }

package/locales/it.json

@@ -518,5 +518,6 @@
 	"Save before going back": "Save before going back",
 	"Reload after going back": "Reload after going back",
 	"Steps to go back": "Steps to go back",
-	"%s configuration": "%s configuration"
-}
+	"%s configuration": "%s configuration",
+	"The current theme has no user specific settings": "The current theme has no user specific settings"
+}

package/markup/forms.js

@@ -28,10 +28,14 @@ const editRoleForm = ({ url, current_role, roles, req }) =>
     {
       action: url,
       method: "post",
+      onchange: "saveAndContinue(this)",
     },
     csrfField(req),
     select(
-      { name: "role", onchange: "form.submit()" },
+      {
+        name: "role",
+        class: "w-unset form-select form-select-sm",
+      },
       roles.map((role) =>
         option(
           {

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.6-beta.9",
+  "version": "0.9.7-rc.0",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "0.9.6-beta.9",
-    "@saltcorn/builder": "0.9.6-beta.9",
-    "@saltcorn/data": "0.9.6-beta.9",
-    "@saltcorn/admin-models": "0.9.6-beta.9",
-    "@saltcorn/filemanager": "0.9.6-beta.9",
-    "@saltcorn/markup": "0.9.6-beta.9",
-    "@saltcorn/plugins-loader": "0.9.6-beta.9",
-    "@saltcorn/sbadmin2": "0.9.6-beta.9",
+    "@saltcorn/base-plugin": "0.9.7-rc.0",
+    "@saltcorn/builder": "0.9.7-rc.0",
+    "@saltcorn/data": "0.9.7-rc.0",
+    "@saltcorn/admin-models": "0.9.7-rc.0",
+    "@saltcorn/filemanager": "0.9.7-rc.0",
+    "@saltcorn/markup": "0.9.7-rc.0",
+    "@saltcorn/plugins-loader": "0.9.7-rc.0",
+    "@saltcorn/sbadmin2": "0.9.7-rc.0",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/log_viewer_utils.js

@@ -10,6 +10,9 @@ var logViewerHelpers = (() => {
     second: "2-digit",
   };
   let lostConnection = false;
+  let waitingForTestMessage = false;
+  let startedWaitingAt = null;
+  let waitTimeout = false;
 
   const logLevelColor = (level) => {
     switch (parseInt(level)) {
@@ -94,6 +97,17 @@ var logViewerHelpers = (() => {
     });
   };
 
+  const testMsgWaiter = (waiterStartedAt) => () => {
+    if (waitingForTestMessage && waiterStartedAt === startedWaitingAt) {
+      emptyAlerts();
+      waitTimeout = true;
+      notifyAlert({
+        type: "danger",
+        text: "You are connected but not receiving any messages",
+      });
+    }
+  };
+
   const handleConnect = (socket) => {
     socket.emit("join_log_room", (ack) => {
       if (ack) {
@@ -109,6 +123,10 @@ var logViewerHelpers = (() => {
               text: "You are connected again",
             });
           }
+          waitingForTestMessage = true;
+          waitTimeout = false;
+          startedWaitingAt = new Date().valueOf();
+          setTimeout(testMsgWaiter(startedWaitingAt), 5000);
         } else if (ack.status === "error" && ack.msg) {
           notifyAlert({
             type: "danger",
@@ -129,6 +147,19 @@ var logViewerHelpers = (() => {
     });
   };
 
+  const handleTestConnMsg = () => {
+    waitingForTestMessage = false;
+    startedWaitingAt = null;
+    if (waitTimeout) {
+      emptyAlerts();
+      notifyAlert({
+        type: "success",
+        text: "You are connected and receiving messages",
+      });
+      waitTimeout = false;
+    }
+  };
+
   return {
     init_log_socket: () => {
       let socket = null;
@@ -152,6 +183,7 @@ var logViewerHelpers = (() => {
       socket.on("connect", () => handleConnect(socket));
       socket.on("disconnect", handleDisconnect);
       socket.on("log_msg", handleLogMsg);
+      socket.on("test_conn_msg", handleTestConnMsg);
     },
     goToLogsPage: (n) => {
       currentPage = n;