@saltcorn/server 1.0.0-beta.2 → 1.0.0-beta.3

package/help/Android App Signing.tmd

@@ -8,7 +8,7 @@ To build an Android app for the Play Store, you need to create an Android Applic
 
 *Note: You need a [Play Console developer account](https://support.google.com/googleplay/android-developer/answer/6112435?hl=en&ref_topic=3450769&sjid=11090022771305927482-EU) to publish your app on the Play Store.*
 
-### Create a Keysore file
+### Create a Keystore file
 On any Unix-based system, you can use the `keytool` command to create the keystore file. For example:
 ```sh
 keytool -genkey -v -keystore my-app-key.jks 

package/locales/en.json

@@ -1459,5 +1459,10 @@
 	"Hourly": "Hourly",
 	"Daily": "Daily",
 	"Weekly": "Weekly",
-	"Code pages": "Code pages"
+	"Code pages": "Code pages",
+	"Please select a file": "Please select a file",
+	"Zip compression level": "Zip compression level",
+	"1=Fast, larger file, 9=Slow, smaller files": "1=Fast, larger file, 9=Slow, smaller files",
+	"Use system zip": "Use system zip",
+	"Recommended. Executable <code>zip</code> must be installed": "Recommended. Executable <code>zip</code> must be installed"
 }

package/markup/blockly.js

@@ -22,16 +22,16 @@ const db = require("@saltcorn/data/db");
  */
 const blocklyImportScripts = ({ locale }) =>
   script({
-    src: "/plugins/pubdeps/base/blockly/6.20210701.0/blockly_compressed.js",
+    src: "/plugins/pubdeps/base/blockly/8.0.5/blockly_compressed.js",
   }) +
   script({
-    src: "/plugins/pubdeps/base/blockly/6.20210701.0/blocks_compressed.js",
+    src: "/plugins/pubdeps/base/blockly/8.0.5/blocks_compressed.js",
   }) +
   script({
-    src: `/plugins/pubdeps/base/blockly/6.20210701.0/msg/${locale}.js`,
+    src: `/plugins/pubdeps/base/blockly/8.0.5/msg/${locale}.js`,
   }) +
   script({
-    src: "/plugins/pubdeps/base/blockly/6.20210701.0/javascript_compressed.js",
+    src: "/plugins/pubdeps/base/blockly/8.0.5/javascript_compressed.js",
   }) +
   script({
     src: `/static_assets/${db.connectObj.version_tag}/blockly.js`,

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "@saltcorn/server",
-  "version": "1.0.0-beta.2",
+  "version": "1.0.0-beta.3",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "1.0.0-beta.2",
-    "@saltcorn/builder": "1.0.0-beta.2",
-    "@saltcorn/data": "1.0.0-beta.2",
-    "@saltcorn/admin-models": "1.0.0-beta.2",
-    "@saltcorn/filemanager": "1.0.0-beta.2",
-    "@saltcorn/markup": "1.0.0-beta.2",
-    "@saltcorn/plugins-loader": "1.0.0-beta.2",
-    "@saltcorn/sbadmin2": "1.0.0-beta.2",
+    "@saltcorn/base-plugin": "1.0.0-beta.3",
+    "@saltcorn/builder": "1.0.0-beta.3",
+    "@saltcorn/data": "1.0.0-beta.3",
+    "@saltcorn/admin-models": "1.0.0-beta.3",
+    "@saltcorn/filemanager": "1.0.0-beta.3",
+    "@saltcorn/markup": "1.0.0-beta.3",
+    "@saltcorn/plugins-loader": "1.0.0-beta.3",
+    "@saltcorn/sbadmin2": "1.0.0-beta.3",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",
@@ -63,7 +63,7 @@
     "tmp-promise": "^3.0.2",
     "ua-parser-js": "^1.0.37",
     "underscore": "1.13.6",
-    "uuid": "^8.2.0"
+    "uuid": "^10.0.0"
   },
   "optionalDependencies": {
     "connect-sqlite3": "^0.9.11",
@@ -71,9 +71,9 @@
   },
   "repository": "github:saltcorn/saltcorn",
   "devDependencies": {
-    "jest": "^28.1.3",
-    "jest-environment-jsdom": "28.1.3",
-    "supertest": "^6.3.3"
+    "jest": "^29.7.0",
+    "jest-environment-jsdom": "29.7.0",
+    "supertest": "7.0.0"
   },
   "scripts": {
     "dev": "nodemon index.js",

package/public/saltcorn-common.js

@@ -421,7 +421,14 @@ function apply_showif() {
     navigator.systemLanguage ||
     "en";
   window.detected_locale = locale;
-  const parse = (s) => JSON.parse(decodeURIComponent(s));
+  const parse = (s, def = {}) => {
+    try {
+      return JSON.parse(decodeURIComponent(s));
+    } catch (e) {
+      console.error("failed to parse time format", e);
+      return def;
+    }
+  };
   $("time[locale-time-options]").each(function () {
     var el = $(this);
     var date = new Date(el.attr("datetime"));
@@ -443,8 +450,9 @@ function apply_showif() {
   $("time[locale-date-format]").each(function () {
     var el = $(this);
     var date = el.attr("datetime");
-    const format = parse(el.attr("locale-date-format"));
-    el.text(dayjs(date).format(format));
+    const format = parse(el.attr("locale-date-format"), "");
+    if (format) el.text(dayjs(date).format(format));
+    else el.text(dayjs(date));
   });
 
   _apply_showif_plugins.forEach((p) => p());

package/public/saltcorn.js

@@ -391,6 +391,9 @@ function ajax_modal(url, opts = {}) {
       : {}),
   });
 }
+function closeModal() {
+  $("#scmodal").modal("toggle");
+}
 
 function selectVersionError(res, btnId) {
   notifyAlert({

package/routes/admin.js

@@ -312,6 +312,12 @@ router.get(
     backupForm.values.backup_with_event_log = getState().getConfig(
       "backup_with_event_log"
     );
+    backupForm.values.backup_with_system_zip = getState().getConfig(
+      "backup_with_system_zip"
+    );
+    backupForm.values.backup_system_zip_level = getState().getConfig(
+      "backup_system_zip_level"
+    );
     //
     const aSnapshotForm = snapshotForm(req);
     aSnapshotForm.values.snapshots_enabled =
@@ -838,6 +844,31 @@ const autoBackupForm = (req) => {
           auto_backup_frequency: ["Daily", "Weekly"],
         },
       },
+      {
+        type: "Bool",
+        label: req.__("Use system zip"),
+        sublabel: req.__(
+          "Recommended. Executable <code>zip</code> must be installed"
+        ),
+        name: "backup_with_system_zip",
+        showIf: {
+          auto_backup_frequency: ["Daily", "Weekly"],
+        },
+      },
+      {
+        type: "Integer",
+        label: req.__("Zip compression level"),
+        sublabel: req.__("1=Fast, larger file, 9=Slow, smaller files"),
+        name: "backup_system_zip_level",
+        attributes: {
+          min: 1,
+          max: 9,
+        },
+        showIf: {
+          auto_backup_frequency: ["Daily", "Weekly"],
+          backup_with_system_zip: true,
+        },
+      },
     ],
   });
 };

package/routes/files.js

@@ -20,7 +20,15 @@ const {
   setTenant,
   is_relative_url,
 } = require("./utils.js");
-const { h1, div, text } = require("@saltcorn/markup/tags");
+const {
+  h1,
+  div,
+  text,
+  script,
+  style,
+  link,
+  domReady,
+} = require("@saltcorn/markup/tags");
 const { editRoleForm, fileUploadForm } = require("../markup/forms.js");
 const { strictParseInt } = require("@saltcorn/data/plugin-helper");
 const {
@@ -43,20 +51,98 @@ const { extract } = require("@saltcorn/admin-models/models/backup");
 const router = new Router();
 module.exports = router;
 
-/**
- * Edit file Role form
- * @param {*} file
- * @param {*} roles
- * @param {*} req
- * @returns {Form}
- */
-const editFileRoleForm = (file, roles, req) =>
-  editRoleForm({
-    url: `/files/setrole/${file.path_to_serve}`,
-    current_role: file.min_role_read,
-    roles,
-    req,
+const send_files_picker = async (folder, noSubdirs, inputId, req, res) => {
+  res.set("SaltcornModalWidth", "1200px");
+  res.sendWrap(req.__("Please select a file"), {
+    above: [
+      script({
+        src: `/static_assets/${db.connectObj.version_tag}/bundle.js`,
+        defer: true,
+      }),
+      script(
+        domReady(
+          `$("head").append('${link({
+            rel: "stylesheet",
+            href: `/static_assets/${db.connectObj.version_tag}/bundle.css`,
+          })}')`
+        )
+      ),
+      div({
+        id: "saltcorn-file-manager",
+        full_manager: "false",
+        folder: folder,
+        input_id: inputId,
+        ...(noSubdirs ? { no_subdirs: "true" } : {}),
+      }),
+    ],
   });
+};
+
+router.get(
+  "/picker",
+  error_catcher(async (req, res) => {
+    const { folder, input_id, no_subdirs } = req.query;
+    send_files_picker(folder, no_subdirs, input_id, req, res);
+  })
+);
+
+router.get(
+  "/visible_entries",
+  error_catcher(async (req, res) => {
+    const role = req.user?.role_id ? req.user.role_id : 100;
+    const userId = req.user?.id;
+    const { dir, no_subdirs } = req.query;
+    const noSubdirs = no_subdirs === "true";
+    const safeDir = File.normalise(dir || "/");
+    const absFolder = path.join(
+      db.connectObj.file_store,
+      db.getTenantSchema(),
+      safeDir
+    );
+    const dirOnDisk = await File.from_file_on_disk(
+      path.basename(absFolder),
+      path.dirname(absFolder)
+    );
+    if (dirOnDisk.min_role_read < role) {
+      getState().log(5, `Directory denied. path=${dir} role=${role}`);
+      res.json({ files: [], roles: [], directories: [] });
+      return;
+    }
+    const rows = (
+      await File.find({ folder: dir }, { orderBy: "filename" })
+    ).filter((f) => {
+      if (noSubdirs && f.isDirectory) return false;
+      else return role <= f.min_role_read || (userId && userId === f.user_id);
+    });
+    const roles = await User.get_roles();
+    if (!no_subdirs && safeDir && safeDir !== "/" && safeDir !== ".") {
+      let dirname = path.dirname(safeDir);
+      if (dirname === ".") dirname = "/";
+      rows.unshift(
+        new File({
+          filename: "..",
+          location: dirname,
+          isDirectory: true,
+          mime_super: "",
+          mime_sub: "",
+        })
+      );
+    }
+
+    for (const file of rows) {
+      file.location = file.path_to_serve;
+    }
+    const directories = !noSubdirs
+      ? (await File.allDirectories(true)).filter(
+          (dir) => role <= dir.min_role_read
+        )
+      : [];
+    for (const dir of directories) {
+      dir.location = dir.path_to_serve;
+    }
+    res.json({ files: rows, roles, directories });
+  })
+);
 
 /**
  * @name get
@@ -116,7 +202,7 @@ router.get(
       contents: {
         type: "card",
         contents: [
-          div({ id: "saltcorn-file-manager" }),
+          div({ full_manager: "true", id: "saltcorn-file-manager" }),
           fileUploadForm(req, safeDir),
         ],
       },

package/routes/notifications.js

@@ -14,6 +14,7 @@ const Form = require("@saltcorn/data/models/form");
 const File = require("@saltcorn/data/models/file");
 const User = require("@saltcorn/data/models/user");
 const { renderForm, post_btn } = require("@saltcorn/markup");
+const db = require("@saltcorn/data/db");
 
 const router = new Router();
 module.exports = router;
@@ -39,9 +40,18 @@ router.get(
       orderDesc: true,
       limit: 20,
     });
-    await Notification.mark_as_read({
-      id: { in: nots.filter((n) => !n.read).map((n) => n.id) },
-    });
+    const unreads = nots.filter((n) => !n.read);
+    if (unreads.length > 0)
+      await Notification.mark_as_read(
+        !db.isSQLite
+          ? {
+              id: { in: unreads.map((n) => n.id) },
+            }
+          : {
+              or: unreads.map((n) => ({ id: n.id })),
+            }
+      );
+
     const form = notificationSettingsForm();
     const user = await User.findOne({ id: req.user?.id });
     form.values = { notify_email: user?._attributes?.notify_email };

package/routes/viewedit.js

@@ -186,7 +186,11 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
         sublabel: req.__("Display data from this table"),
         options: tableOptions,
         disabled: isEdit,
-        showIf: { viewtemplate: hasTable },
+        showIf: isEdit
+          ? hasTable.includes(values.viewtemplate)
+            ? undefined
+            : { nosuchvar: true }
+          : { viewtemplate: hasTable },
       }),
       new Field({
         name: "min_role",
@@ -242,7 +246,11 @@ const viewForm = async (req, tableOptions, roles, pages, values) => {
             mapObjectValues(slugOptions, (lvs) => lvs.map((lv) => lv.label)),
           ],
         },
-        showIf: { viewtemplate: hasTable },
+        showIf: isEdit
+          ? hasTable.includes(values.viewtemplate)
+            ? undefined
+            : { nosuchvar: true }
+          : { viewtemplate: hasTable },
       }),
       new Field({
         name: "no_menu",

package/tests/files.test.js

@@ -30,6 +30,14 @@ const createTestFile = async (folder, name, mimetype, content) => {
   }
 };
 
+const checkFiles = (files, expecteds) =>
+  files.length >= expecteds.length &&
+  expecteds.every(({ filename, location }) =>
+    files.find(
+      (file) => file.filename === filename && file.location === location
+    )
+  );
+
 beforeAll(async () => {
   await resetToFixtures();
   await File.ensure_file_store();
@@ -186,13 +194,7 @@ describe("files admin", () => {
   it("search files by name", async () => {
     const app = await getApp({ disableCsrf: true });
     const loginCookie = await getAdminLoginCookie();
-    const checkFiles = (files, expecteds) =>
-      files.length >= expecteds.length &&
-      expecteds.every(({ filename, location }) =>
-        files.find(
-          (file) => file.filename === filename && file.location === location
-        )
-      );
+
     const searchTestHelper = async (dir, search, expected) => {
       await request(app)
         .get("/files")
@@ -345,3 +347,81 @@ describe("files edit", () => {
     expect(!!file).toBe(true);
   });
 });
+
+describe("visible_entries test", () => {
+  const setRole = async (role, entry) => {
+    const app = await getApp({ disableCsrf: true });
+    const adminCookie = await getAdminLoginCookie();
+    await request(app)
+      .post(`/files/setrole/${entry}`)
+      .set("Cookie", adminCookie)
+      .send(`role=${role}`)
+      .expect(toRedirect("/files?dir=_sc_test_subfolder_one"));
+  };
+
+  it("shows allowed files", async () => {
+    await setRole(100, path.join("_sc_test_subfolder_one", "foo_image.png"));
+
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    await request(app)
+      .get("/files/visible_entries?dir=_sc_test_subfolder_one")
+      .set("Cookie", staffCookie)
+      .expect(
+        respondJsonWith(200, (data) =>
+          checkFiles(data.files, [
+            {
+              filename: "foo_image.png",
+              location: path.join("_sc_test_subfolder_one", "foo_image.png"),
+            },
+            {
+              filename: "bar_image.png",
+              location: path.join("_sc_test_subfolder_one", "bar_image.png"),
+            },
+          ])
+        )
+      );
+  });
+
+  it("shows no disallowed files", async () => {
+    await setRole(1, path.join("_sc_test_subfolder_one", "foo_image.png"));
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get("/files/visible_entries?dir=_sc_test_subfolder_one")
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    const files = resp.body.files;
+    expect(
+      files.find((file) => file.filename === "foo_image.png")
+    ).toBeUndefined();
+  });
+
+  it("shows allowed directories", async () => {
+    const dir = path.join("_sc_test_subfolder_one", "subsubfolder");
+    await setRole(80, dir);
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get(`/files/visible_entries?dir=${dir}`)
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    expect(
+      resp.body.directories.find((file) => file.filename === "subsubfolder")
+    ).toBeDefined();
+  });
+
+  it("shows no disallowed directories", async () => {
+    const dir = path.join("_sc_test_subfolder_one", "subsubfolder");
+    await setRole(1, dir);
+    const app = await getApp({ disableCsrf: true });
+    const staffCookie = await getStaffLoginCookie();
+    const resp = await request(app)
+      .get(`/files/visible_entries?dir=${dir}`)
+      .set("Cookie", staffCookie);
+    expect(resp.statusCode).toBe(200);
+    const body = resp.body;
+    expect(body.files.length).toBe(0);
+    expect(body.directories.length).toBe(0);
+  });
+});