@saltcorn/server 1.0.0-beta.0 → 1.0.0-beta.10

package/routes/files.js

@@ -20,7 +20,15 @@ const {
   setTenant,
   is_relative_url,
 } = require("./utils.js");
-const { h1, div, text } = require("@saltcorn/markup/tags");
+const {
+  h1,
+  div,
+  text,
+  script,
+  style,
+  link,
+  domReady,
+} = require("@saltcorn/markup/tags");
 const { editRoleForm, fileUploadForm } = require("../markup/forms.js");
 const { strictParseInt } = require("@saltcorn/data/plugin-helper");
 const {
@@ -43,20 +51,98 @@ const { extract } = require("@saltcorn/admin-models/models/backup");
 const router = new Router();
 module.exports = router;
 
-/**
- * Edit file Role form
- * @param {*} file
- * @param {*} roles
- * @param {*} req
- * @returns {Form}
- */
-const editFileRoleForm = (file, roles, req) =>
-  editRoleForm({
-    url: `/files/setrole/${file.path_to_serve}`,
-    current_role: file.min_role_read,
-    roles,
-    req,
+const send_files_picker = async (folder, noSubdirs, inputId, req, res) => {
+  res.set("SaltcornModalWidth", "1200px");
+  res.sendWrap(req.__("Please select a file"), {
+    above: [
+      script({
+        src: `/static_assets/${db.connectObj.version_tag}/bundle.js`,
+        defer: true,
+      }),
+      script(
+        domReady(
+          `$("head").append('${link({
+            rel: "stylesheet",
+            href: `/static_assets/${db.connectObj.version_tag}/bundle.css`,
+          })}')`
+        )
+      ),
+      div({
+        id: "saltcorn-file-manager",
+        full_manager: "false",
+        folder: folder,
+        input_id: inputId,
+        ...(noSubdirs ? { no_subdirs: "true" } : {}),
+      }),
+    ],
   });
+};
+
+router.get(
+  "/picker",
+  error_catcher(async (req, res) => {
+    const { folder, input_id, no_subdirs } = req.query;
+    send_files_picker(folder, no_subdirs, input_id, req, res);
+  })
+);
+
+router.get(
+  "/visible_entries",
+  error_catcher(async (req, res) => {
+    const role = req.user?.role_id ? req.user.role_id : 100;
+    const userId = req.user?.id;
+    const { dir, no_subdirs } = req.query;
+    const noSubdirs = no_subdirs === "true";
+    const safeDir = File.normalise(dir || "/");
+    const absFolder = path.join(
+      db.connectObj.file_store,
+      db.getTenantSchema(),
+      safeDir
+    );
+    const dirOnDisk = await File.from_file_on_disk(
+      path.basename(absFolder),
+      path.dirname(absFolder)
+    );
+    if (dirOnDisk.min_role_read < role) {
+      getState().log(5, `Directory denied. path=${dir} role=${role}`);
+      res.json({ files: [], roles: [], directories: [] });
+      return;
+    }
+    const rows = (
+      await File.find({ folder: dir }, { orderBy: "filename" })
+    ).filter((f) => {
+      if (noSubdirs && f.isDirectory) return false;
+      else return role <= f.min_role_read || (userId && userId === f.user_id);
+    });
+    const roles = await User.get_roles();
+    if (!no_subdirs && safeDir && safeDir !== "/" && safeDir !== ".") {
+      let dirname = path.dirname(safeDir);
+      if (dirname === ".") dirname = "/";
+      rows.unshift(
+        new File({
+          filename: "..",
+          location: dirname,
+          isDirectory: true,
+          mime_super: "",
+          mime_sub: "",
+        })
+      );
+    }
+
+    for (const file of rows) {
+      file.location = file.path_to_serve;
+    }
+    const directories = !noSubdirs
+      ? (await File.allDirectories(true)).filter(
+          (dir) => role <= dir.min_role_read
+        )
+      : [];
+    for (const dir of directories) {
+      dir.location = dir.path_to_serve;
+    }
+    res.json({ files: rows, roles, directories });
+  })
+);
 
 /**
  * @name get
@@ -116,7 +202,7 @@ router.get(
       contents: {
         type: "card",
         contents: [
-          div({ id: "saltcorn-file-manager" }),
+          div({ full_manager: "true", id: "saltcorn-file-manager" }),
           fileUploadForm(req, safeDir),
         ],
       },

package/routes/notifications.js

@@ -14,6 +14,7 @@ const Form = require("@saltcorn/data/models/form");
 const File = require("@saltcorn/data/models/file");
 const User = require("@saltcorn/data/models/user");
 const { renderForm, post_btn } = require("@saltcorn/markup");
+const db = require("@saltcorn/data/db");
 
 const router = new Router();
 module.exports = router;
@@ -39,9 +40,18 @@ router.get(
       orderDesc: true,
       limit: 20,
     });
-    await Notification.mark_as_read({
-      id: { in: nots.filter((n) => !n.read).map((n) => n.id) },
-    });
+    const unreads = nots.filter((n) => !n.read);
+    if (unreads.length > 0)
+      await Notification.mark_as_read(
+        !db.isSQLite
+          ? {
+              id: { in: unreads.map((n) => n.id) },
+            }
+          : {
+              or: unreads.map((n) => ({ id: n.id })),
+            }
+      );
+
     const form = notificationSettingsForm();
     const user = await User.findOne({ id: req.user?.id });
     form.values = { notify_email: user?._attributes?.notify_email };

package/routes/plugins.js

@@ -59,6 +59,10 @@ const { sleep, removeNonWordChars } = require("@saltcorn/data/utils");
 const { loadAllPlugins } = require("../load_plugins");
 const npmFetch = require("npm-registry-fetch");
 const PluginInstaller = require("@saltcorn/plugins-loader/plugin_installer");
+const {
+  supportedVersion,
+  isVersionSupported,
+} = require("@saltcorn/plugins-loader/stable_versioning");
 
 /**
  * @type {object}
@@ -177,6 +181,8 @@ const get_store_items = async () => {
       has_auth: plugin.has_auth,
       unsafe: plugin.unsafe,
       source: plugin.source,
+      ready_for_mobile:
+        plugin.ready_for_mobile && plugin.ready_for_mobile(plugin.name),
     }))
     .filter((p) => !p.unsafe || isRoot || tenants_unsafe_plugins);
   const local_logins = installed_plugins
@@ -190,6 +196,8 @@ const get_store_items = async () => {
       github: plugin.source === "github",
       git: plugin.source === "git",
       local: plugin.source === "local",
+      ready_for_mobile:
+        plugin.ready_for_mobile && plugin.ready_for_mobile(plugin.name),
     }));
 
   const pack_items = packs_available.map((pack) => ({
@@ -274,7 +282,8 @@ const store_item_html = (req) => (item) => ({
       item.github && badge("GitHub"),
       item.git && badge("Git"),
       item.local && badge(req.__("Local")),
-      item.installed && badge(req.__("Installed"))
+      item.installed && badge(req.__("Installed")),
+      item.ready_for_mobile && badge(req.__("Mobile"))
     ),
     div(item.description || ""),
     item.documentation_link
@@ -584,7 +593,9 @@ router.get(
   error_catcher(async (req, res) => {
     const { name } = req.params;
     const withoutOrg = name.replace(/^@saltcorn\//, "");
-    const plugin = await Plugin.store_by_name(decodeURIComponent(withoutOrg));
+    let plugin = await Plugin.store_by_name(decodeURIComponent(withoutOrg));
+    if (!plugin)
+      plugin = await Plugin.findOne({ name: decodeURIComponent(name) });
     if (!plugin) {
       getState().log(
         2,
@@ -609,6 +620,7 @@ router.get(
           if (mod) selected = mod.version;
         }
         if (!selected) selected = versions[versions.length - 1];
+        const packageJson = require("../package.json");
         return res.send(
           form(
             {
@@ -631,14 +643,18 @@ router.get(
                   class: "form-control form-select",
                   name: "version",
                 },
-                versions.map((version) =>
-                  option({
-                    id: `${version}_opt`,
-                    value: version,
-                    label: version,
-                    selected: version === selected,
-                  })
-                )
+                versions
+                  .filter((v) =>
+                    isVersionSupported(v, pkgInfo.versions, packageJson.version)
+                  )
+                  .map((version) =>
+                    option({
+                      id: `${version}_opt`,
+                      value: version,
+                      label: version,
+                      selected: version === selected,
+                    })
+                  )
               )
             ),
             div(
@@ -1354,7 +1370,17 @@ router.get(
     const { name } = req.params;
 
     const plugin = await Plugin.findOne({ name });
-    await plugin.upgrade_version((p, f) => load_plugins.loadPlugin(p, f));
+    const pkgInfo = await npmFetch.json(
+      `https://registry.npmjs.org/${plugin.location}`
+    );
+    await plugin.upgrade_version(
+      (p, f) => load_plugins.loadPlugin(p, f),
+      supportedVersion(
+        "latest",
+        pkgInfo.versions,
+        require("../package.json").version
+      )
+    );
     req.flash("success", req.__(`Module up-to-date`));
 
     res.redirect(`/plugins/info/${encodeURIComponent(plugin.name)}`);
@@ -1385,11 +1411,12 @@ router.post(
       res.redirect(`/plugins`);
     } else {
       try {
-        await load_plugins.loadAndSaveNewPlugin(
+        const msgs = await load_plugins.loadAndSaveNewPlugin(
           plugin,
           schema === db.connectObj.default_schema || plugin.source === "github"
         );
         req.flash("success", req.__(`Module %s installed`, plugin.name));
+        for (const msg of msgs) req.flash("warning", msg);
         res.redirect(`/plugins`);
       } catch (e) {
         req.flash("error", `${e.message}`);
@@ -1488,12 +1515,23 @@ router.post(
       res.redirect(`/plugins`);
       return;
     }
-    const msgs = await load_plugins.loadAndSaveNewPlugin(
-      plugin,
-      forceReInstall,
-      undefined,
-      req.__
-    );
+
+    let msgs = null;
+    try {
+      msgs = await load_plugins.loadAndSaveNewPlugin(
+        plugin,
+        forceReInstall,
+        undefined,
+        req.__
+      );
+    } catch (e) {
+      req.flash(
+        "error",
+        e.message || req.__("Error installing module %s", plugin.name)
+      );
+      res.redirect(`/plugins`);
+      return;
+    }
     const plugin_module = getState().plugins[name];
     await sleep(1000); // Allow other workers to load this plugin
     await getState().refresh_views();

package/routes/search.js

@@ -202,7 +202,12 @@ const runSearch = async ({ q, _page, table }, req, res) => {
   let tablesWithResults = [];
   let tablesConfigured = 0;
   for (const [tableName, viewName] of Object.entries(cfg)) {
-    if (!viewName || viewName === "" || viewName === "search_table_description")
+    if (
+      !viewName ||
+      viewName === "" ||
+      viewName === "search_table_description" ||
+      tableName === "search_table_description"
+    )
       continue;
     tablesConfigured += 1;
     if (table && tableName !== table) continue;

package/routes/tables.js

@@ -708,6 +708,7 @@ const attribBadges = (f) => {
         ].includes(k)
       )
         return;
+      if(Array.isArray(v) && !v.length) return;
       if (v || v === 0) s += badge("secondary", k);
     });
   }
@@ -1911,7 +1912,7 @@ router.post(
     const table = Table.findOne({ name });
 
     try {
-      await table.deleteRows({});
+      await table.deleteRows({}, req.user);
       req.flash("success", req.__("Deleted all rows"));
     } catch (e) {
       req.flash("error", e.message);

package/routes/viewedit.js

@@ -186,7 +186,11 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
         sublabel: req.__("Display data from this table"),
         options: tableOptions,
         disabled: isEdit,
-        showIf: { viewtemplate: hasTable },
+        showIf: isEdit
+          ? hasTable.includes(values.viewtemplate)
+            ? undefined
+            : { nosuchvar: true }
+          : { viewtemplate: hasTable },
       }),
       new Field({
         name: "min_role",
@@ -242,7 +246,11 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
             mapObjectValues(slugOptions, (lvs) => lvs.map((lv) => lv.label)),
           ],
         },
-        showIf: { viewtemplate: hasTable },
+        showIf: isEdit
+          ? hasTable.includes(values.viewtemplate)
+            ? undefined
+            : { nosuchvar: true }
+          : { viewtemplate: hasTable },
       }),
       new Field({
         name: "no_menu",

package/serve.js

@@ -4,7 +4,7 @@
  * @category server
  * @module serve
  */
-const runScheduler = require("@saltcorn/data/models/scheduler");
+const { runScheduler } = require("@saltcorn/data/models/scheduler");
 const User = require("@saltcorn/data/models/user");
 const Plugin = require("@saltcorn/data/models/plugin");
 const db = require("@saltcorn/data/db");

package/tests/edit.test.js

@@ -346,7 +346,7 @@ describe("JSDOM-E2E edit test", () => {
       showIfFormula: 'publisher?.name == "AK Press"',
     });
     const dom = await load_url_dom("/view/AuthorEditForTest");
-    await sleep(1000);
+    await sleep(2000);
     const pubwarn = dom.window.document.querySelector("div.pubwarn");
     //console.log(dom.serialize());
     expect(pubwarn.style.display).toBe("none");
@@ -362,7 +362,7 @@ describe("JSDOM-E2E edit test", () => {
     select.value = "1";
     select.dispatchEvent(newEvent(dom, "change"));
 
-    await sleep(1000);
+    await sleep(2000);
     expect([...select_seq.options].map((o) => o.text)).toStrictEqual([
       "",
       "Leo Tolstoy",
@@ -381,7 +381,7 @@ describe("JSDOM-E2E edit test", () => {
     const input = dom.window.document.querySelector("input[name=pages]");
     input.value = "13";
     input.dispatchEvent(newEvent(dom, "change"));
-    await sleep(1000);
+    await sleep(2000);
     const cf = dom.window.document.querySelector(
       `div[data-source-url="/field/show-calculated/books/pagesp1/show?input_type=text"]`
     );
@@ -394,7 +394,7 @@ describe("JSDOM-E2E edit test", () => {
       showIfFormula: "publisher == 1",
     });
     const dom = await load_url_dom("/view/AuthorEditForTest1");
-    await sleep(1000);
+    await sleep(2000);
     const pubwarn = dom.window.document.querySelector("div.pubwarn");
 
     expect(pubwarn.style.display).toBe("none");
@@ -410,7 +410,7 @@ describe("JSDOM-E2E edit test", () => {
     select.value = "1";
     select.dispatchEvent(newEvent(dom, "change"));
 
-    await sleep(1000);
+    await sleep(2000);
     expect([...select_seq.options].map((o) => o.text)).toStrictEqual([
       "",
       "Leo Tolstoy",

package/tests/files.test.js

@@ -30,6 +30,14 @@ const createTestFile = async (folder, name, mimetype, content) => {
   }
 };
 
+const checkFiles = (files, expecteds) =>
+  files.length >= expecteds.length &&
+  expecteds.every(({ filename, location }) =>
+    files.find(
+      (file) => file.filename === filename && file.location === location
+    )
+  );
+
 beforeAll(async () => {
   await resetToFixtures();
   await File.ensure_file_store();
@@ -186,13 +194,7 @@ describe("files admin", () => {
   it("search files by name", async () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getAdminLoginCookie();
-    const checkFiles = (files, expecteds) =>
-      files.length >= expecteds.length &&
-      expecteds.every(({ filename, location }) =>
-        files.find(
-          (file) => file.filename === filename && file.location === location
-        )
-      );
+
     const searchTestHelper = async (dir, search, expected) => {
       await request(app)
         .get("/files")
@@ -345,3 +347,81 @@ describe("files edit", () => {
     expect(!!file).toBe(true);
   });
 });
+
+describe("visible_entries test", () => {
+  const setRole = async (role, entry) => {
+    const app = await getApp({ disableCsrf: true });
+    const adminCookie = await getAdminLoginCookie();
+    await request(app)
+      .post(`/files/setrole/${entry}`)
+      .set("Cookie", adminCookie)
+      .send(`role=${role}`)
+      .expect(toRedirect("/files?dir=_sc_test_subfolder_one"));
+  };
+
+  it("shows allowed files", async () => {
+    await setRole(100, path.join("_sc_test_subfolder_one", "foo_image.png"));
+
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    await request(app)
+      .get("/files/visible_entries?dir=_sc_test_subfolder_one")
+      .set("Cookie", staffCookie)
+      .expect(
+        respondJsonWith(200, (data) =>
+          checkFiles(data.files, [
+            {
+              filename: "foo_image.png",
+              location: path.join("_sc_test_subfolder_one", "foo_image.png"),
+            },
+            {
+              filename: "bar_image.png",
+              location: path.join("_sc_test_subfolder_one", "bar_image.png"),
+            },
+          ])
+        )
+      );
+  });
+
+  it("shows no disallowed files", async () => {
+    await setRole(1, path.join("_sc_test_subfolder_one", "foo_image.png"));
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get("/files/visible_entries?dir=_sc_test_subfolder_one")
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    const files = resp.body.files;
+    expect(
+      files.find((file) => file.filename === "foo_image.png")
+    ).toBeUndefined();
+  });
+
+  it("shows allowed directories", async () => {
+    const dir = path.join("_sc_test_subfolder_one", "subsubfolder");
+    await setRole(80, dir);
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get(`/files/visible_entries?dir=${dir}`)
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    expect(
+      resp.body.directories.find((file) => file.filename === "subsubfolder")
+    ).toBeDefined();
+  });
+
+  it("shows no disallowed directories", async () => {
+    const dir = path.join("_sc_test_subfolder_one", "subsubfolder");
+    await setRole(1, dir);
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get(`/files/visible_entries?dir=${dir}`)
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    const body = resp.body;
+    expect(body.files.length).toBe(0);
+    expect(body.directories.length).toBe(0);
+  });
+});