@saltcorn/server 1.1.1-beta.5 → 1.1.1-beta.7

package/routes/actions.js

@@ -7,6 +7,7 @@
 const Router = require("express-promise-router");
 const {
   isAdmin,
+  isAdminOrHasConfigMinRole,
   error_catcher,
   addOnDoneRedirect,
   is_relative_url,
@@ -85,7 +86,7 @@ const {
  */
 router.get(
   "/",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     let triggers = await Trigger.findAllWithTableName();
     let filterOnTag;
@@ -347,7 +348,7 @@ const triggerForm = async (req, trigger) => {
  */
 router.get(
   "/new",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const form = await triggerForm(req);
     if (req.query.table) {
@@ -388,7 +389,7 @@ router.get(
  */
 router.get(
   "/edit/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
@@ -419,7 +420,7 @@ router.get(
  */
 router.post(
   "/new",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const form = await triggerForm(req);
 
@@ -462,7 +463,7 @@ router.post(
  */
 router.post(
   "/edit/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
@@ -523,7 +524,7 @@ function genWorkflowDiagram(steps) {
       );
     if (stepNames.includes(step.next_step)) {
       linkLines.push(
-        `  ${step.mmname}-- <i class="fas fa-plus add-btw-nodes btw-nodes-${step.id}-${step.next_step}"></i> ---${step.mmnext}`
+        `  ${step.mmname} -- <i class="fas fa-plus add-btw-nodes btw-nodes-${step.id}-${step.next_step}"></i> --- ${step.mmnext}`
       );
     } else if (step.next_step) {
       let found = false;
@@ -928,7 +929,7 @@ const getMultiStepForm = async (req, id, table) => {
  */
 router.get(
   "/configure/:idorname",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { idorname } = req.params;
     let trigger;
@@ -1130,7 +1131,7 @@ router.get(
  */
 router.post(
   "/configure/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
@@ -1202,7 +1203,7 @@ router.post(
  */
 router.post(
   "/delete/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
@@ -1211,7 +1212,13 @@ router.post(
       entity_name: trigger.name,
     });
     await trigger.delete();
-    res.redirect(`/actions/`);
+    req.flash("success", req.__(`Trigger %s deleted`, trigger.name));
+    let redirectTarget =
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
+        ? `/${req.query.on_done_redirect}`
+        : "/actions/";
+    res.redirect(redirectTarget);
   })
 );
 
@@ -1222,7 +1229,7 @@ router.post(
  */
 router.get(
   "/testrun/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
@@ -1333,7 +1340,7 @@ router.get(
  */
 router.post(
   "/clone/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const trig = await Trigger.findOne({ id });
@@ -1358,7 +1365,7 @@ router.post(
  */
 router.get(
   "/stepedit/:trigger_id/:step_id?",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { trigger_id, step_id } = req.params;
     const { initial_step, after_step, before_step } = req.query;
@@ -1400,7 +1407,7 @@ router.get(
 
 router.post(
   "/stepedit/:trigger_id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { trigger_id } = req.params;
     const trigger = await Trigger.findOne({ id: trigger_id });
@@ -1499,7 +1506,7 @@ router.post(
 
 router.post(
   "/gen-copilot/:trigger_id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { trigger_id } = req.params;
     const trigger = await Trigger.findOne({ id: trigger_id });
@@ -1525,18 +1532,18 @@ router.post(
 
 router.post(
   "/delete-step/:step_id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { step_id } = req.params;
     const step = await WorkflowStep.findOne({ id: step_id });
-    await step.delete();
+    await step.delete(true);
     res.json({ goto: `/actions/configure/${step.trigger_id}` });
   })
 );
 
 router.get(
   "/runs",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const trNames = {};
     const { _page, trigger } = req.query;
@@ -1563,7 +1570,7 @@ router.get(
           key: (run) => {
             switch (run.status) {
               case "Running":
-                return run.current_step;
+                return run.current_step_name;
               case "Error":
                 return run.error;
               case "Waiting":
@@ -1571,9 +1578,9 @@ router.get(
                   return a(
                     { href: `/actions/fill-workflow-form/${run.id}` },
                     run.wait_info.output ? "Show " : "Fill ",
-                    run.current_step
+                    run.current_step_name
                   );
-                return run.current_step;
+                return run.current_step_name;
               default:
                 return "";
             }
@@ -1607,7 +1614,7 @@ router.get(
 
 router.get(
   "/run/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
 
@@ -1730,7 +1737,7 @@ router.get(
 
 router.post(
   "/delete-run/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
 
@@ -1794,7 +1801,7 @@ router.get(
     const trigger = await Trigger.findOne({ id: run.trigger_id });
     const step = await WorkflowStep.findOne({
       trigger_id: trigger.id,
-      name: run.current_step,
+      name: run.current_step_name,
     });
 
     const form = await getWorkflowStepUserForm(run, trigger, step, req);
@@ -1822,7 +1829,7 @@ router.post(
     const trigger = await Trigger.findOne({ id: run.trigger_id });
     const step = await WorkflowStep.findOne({
       trigger_id: trigger.id,
-      name: run.current_step,
+      name: run.current_step_name,
     });
 
     const form = await getWorkflowStepUserForm(run, trigger, step, req);

package/routes/admin.js

@@ -13,6 +13,7 @@ const {
   admin_config_route,
   get_sys_info,
   tenant_letsencrypt_name,
+  isAdminOrHasConfigMinRole,
 } = require("./utils.js");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
@@ -295,7 +296,7 @@ router.get(
   error_catcher(async (req, res) => {
     const fp = path.join(__dirname, "..", "CHANGELOG.md");
     const fileBuf = await fs.promises.readFile(fp);
-    const mdContents = fileBuf.toString().replace("# Notable changes\n","");
+    const mdContents = fileBuf.toString().replace("# Notable changes\n", "");
     const markup = md.render(mdContents);
     res.sendWrap(`What's new in Saltcorn`, { above: [markup] });
   })
@@ -626,13 +627,36 @@ router.get(
   })
 );
 
+const checkEditPermission = (type, user) => {
+  if (user.role_id === 1) return true;
+  switch (type) {
+    case "view":
+      return getState().getConfig("min_role_edit_views", 1) >= user.role_id;
+    case "page":
+      return getState().getConfig("min_role_edit_pages", 1) >= user.role_id;
+    case "trigger":
+      return getState().getConfig("min_role_edit_triggers", 1) >= user.role_id;
+    default:
+      return false;
+  }
+};
+
 router.get(
   "/snapshot-restore/:type/:name",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_views",
+    "min_role_edit_pages",
+    "min_role_edit_triggers",
+  ]),
   error_catcher(async (req, res) => {
     const { type, name } = req.params;
     const snaps = await Snapshot.entity_history(type, name);
     const locale = getState().getConfig("default_locale", "en");
+    const auth = checkEditPermission(type, req.user);
+    if (!auth) {
+      res.send("Not authorized");
+      return;
+    }
     res.set("Page-Title", `Restore ${text(name)}`);
     res.send(
       mkTable(
@@ -663,17 +687,26 @@ router.get(
 
 router.post(
   "/snapshot-restore/:type/:name/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_views",
+    "min_role_edit_pages",
+    "min_role_edit_triggers",
+  ]),
   error_catcher(async (req, res) => {
     const { type, name, id } = req.params;
-    const snap = await Snapshot.findOne({ id });
-    await snap.restore_entity(type, name);
-    req.flash(
-      "success",
-      `${type} ${name} restored to snapshot saved ${moment(
-        snap.created
-      ).fromNow()}`
-    );
+    const auth = checkEditPermission(type, req.user);
+    if (!auth) {
+      req.flash("error", "Not authorized");
+    } else {
+      const snap = await Snapshot.findOne({ id });
+      await snap.restore_entity(type, name);
+      req.flash(
+        "success",
+        `${type} ${name} restored to snapshot saved ${moment(
+          snap.created
+        ).fromNow()}`
+      );
+    }
     res.redirect(
       type === "trigger"
         ? `/actions`
@@ -2414,7 +2447,7 @@ router.get(
                         class: "form-control",
                         name: "appId",
                         id: "appIdInputId",
-                        placeholder: "com.saltcorn.app",
+                        placeholder: "com.saltcorn.mobile.app",
                         value: builderSettings.appId || "",
                       })
                     )
@@ -3114,49 +3147,48 @@ router.get(
                             ].join("")
                           )
                         )
-                      )
+                      ),
                       // Share Extension provisioning profile
-                      // disabled for now
-                      // div(
-                      //   { class: "row pb-3" },
-                      //   div(
-                      //     { class: "col-sm-8" },
-                      //     label(
-                      //       {
-                      //         for: "shareProvisioningProfileInputId",
-                      //         class: "form-label fw-bold",
-                      //       },
-                      //       req.__("Share Extension Provisioning Profile"),
-                      //       a(
-                      //         {
-                      //           href: "javascript:ajax_modal('/admin/help/Provisioning Profile?')",
-                      //         },
-                      //         i({ class: "fas fa-question-circle ps-1" })
-                      //       )
-                      //     ),
-                      //     select(
-                      //       {
-                      //         class: "form-select",
-                      //         name: "shareProvisioningProfile",
-                      //         id: "shareProvisioningProfileInputId",
-                      //       },
-                      //       [
-                      //         option({ value: "" }, ""),
-                      //         ...provisioningFiles.map((file) =>
-                      //           option(
-                      //             {
-                      //               value: file.location,
-                      //               selected:
-                      //                 builderSettings.shareProvisioningProfile ===
-                      //                 file.location,
-                      //             },
-                      //             file.filename
-                      //           )
-                      //         ),
-                      //       ].join("")
-                      //     )
-                      //   )
-                      // )
+                      div(
+                        { class: "row pb-3" },
+                        div(
+                          { class: "col-sm-8" },
+                          label(
+                            {
+                              for: "shareProvisioningProfileInputId",
+                              class: "form-label fw-bold",
+                            },
+                            req.__("Share Extension Provisioning Profile"),
+                            a(
+                              {
+                                href: "javascript:ajax_modal('/admin/help/Provisioning Profile?')",
+                              },
+                              i({ class: "fas fa-question-circle ps-1" })
+                            )
+                          ),
+                          select(
+                            {
+                              class: "form-select",
+                              name: "shareProvisioningProfile",
+                              id: "shareProvisioningProfileInputId",
+                            },
+                            [
+                              option({ value: "" }, ""),
+                              ...provisioningFiles.map((file) =>
+                                option(
+                                  {
+                                    value: file.location,
+                                    selected:
+                                      builderSettings.shareProvisioningProfile ===
+                                      file.location,
+                                  },
+                                  file.filename
+                                )
+                              ),
+                            ].join("")
+                          )
+                        )
+                      )
                     )
                   )
                 ),
@@ -3425,11 +3457,10 @@ router.post(
       keystoreAlias,
       keystorePassword,
     } = req.body;
-    // const receiveShareTriggers = Trigger.find({
-    //   when_trigger: "ReceiveMobileShareData",
-    // });
-    // disabeling share to support for now
-    let allowShareTo = false; // receiveShareTriggers.length > 0;
+    const receiveShareTriggers = Trigger.find({
+      when_trigger: "ReceiveMobileShareData",
+    });
+    let allowShareTo = receiveShareTriggers.length > 0;
     if (allowShareTo && iOSPlatform && !shareProvisioningProfile) {
       allowShareTo = false;
       msgs.push({
@@ -4191,10 +4222,6 @@ admin_config_route({
     { section_header: "Progressive Web Application" },
     "pwa_enabled",
     { name: "pwa_display", showIf: { pwa_enabled: true } },
-    {
-      name: "pwa_share_to_enabled",
-      showIf: { pwa_enabled: true },
-    },
     { name: "pwa_set_colors", showIf: { pwa_enabled: true } },
     {
       name: "pwa_theme_color",

package/routes/common_lists.js

@@ -12,6 +12,7 @@ const {
   badge,
 } = require("@saltcorn/markup");
 const { get_base_url } = require("./utils.js");
+const { getState } = require("@saltcorn/data/db/state");
 const { h4, p, div, a, i, text, span, nbsp } = require("@saltcorn/markup/tags");
 
 /**
@@ -57,7 +58,9 @@ const tablesList = async (
   });
   const tagsById = {};
   tags.forEach((t) => (tagsById[t.id] = t));
-
+  const user_can_edit_tables =
+    req.user.role_id === 1 ||
+    getState().getConfig("min_role_edit_tables", 1) >= req.user.role_id;
   const tagBadges = (table) => {
     const myTags = tag_entries.filter((te) => te.table_id === table.id);
     return myTags
@@ -95,23 +98,27 @@ const tablesList = async (
               ? `${getRole(t.min_role_read)} (read only)`
               : `${getRole(t.min_role_read)}/${getRole(t.min_role_write)}`,
         },
-        !tagId
-          ? {
-              label: req.__("Delete"),
-              key: (r) =>
-                r.name === "users" || r.external
-                  ? ""
-                  : post_delete_btn(`/table/delete/${r.id}`, req, r.name),
-            }
-          : {
-              label: req.__("Remove From Tag"),
-              key: (r) =>
-                post_delete_btn(
-                  `/tag-entries/remove/tables/${r.id}/${tagId}`,
-                  req,
-                  `${r.name} from this tag`
-                ),
-            },
+        ...(user_can_edit_tables
+          ? [
+              !tagId
+                ? {
+                    label: req.__("Delete"),
+                    key: (r) =>
+                      r.name === "users" || r.external
+                        ? ""
+                        : post_delete_btn(`/table/delete/${r.id}`, req, r.name),
+                  }
+                : {
+                    label: req.__("Remove From Tag"),
+                    key: (r) =>
+                      post_delete_btn(
+                        `/tag-entries/remove/tables/${r.id}/${tagId}`,
+                        req,
+                        `${r.name} from this tag`
+                      ),
+                  },
+            ]
+          : []),
       ],
       tables,
       {
@@ -286,6 +293,10 @@ const viewsList = async (
   });
   const tagsById = {};
   tags.forEach((t) => (tagsById[t.id] = t));
+  const user_can_inspect_tables =
+    req.user.role_id === 1 ||
+    getState().getConfig("min_role_edit_tables", 1) >= req.user.role_id ||
+    getState().getConfig("min_role_inspect_tables", 1) >= req.user.role_id;
 
   const tagBadges = (view) => {
     const myTags = tag_entries.filter((te) => te.view_id === view.id);
@@ -339,7 +350,10 @@ const viewsList = async (
           : [
               {
                 label: req.__("Table"),
-                key: (r) => link(`/table/${r.table}`, r.table),
+                key: (r) =>
+                  user_can_inspect_tables
+                    ? link(`/table/${r.table}`, r.table)
+                    : r.table,
                 sortlink: !tagId
                   ? `set_state_field('_sortby', 'table', this)`
                   : undefined,
@@ -588,7 +602,7 @@ const getPageGroupList = (rows, roles, req) => {
   );
 };
 
-const trigger_dropdown = (trigger, req, on_done_redirect_str = "") =>
+const trigger_dropdown = (trigger, req, on_done_redirect_str = "") =>  
   settingsDropdown(`dropdownMenuButton${trigger.id}`, [
     a(
       {
@@ -624,16 +638,22 @@ const trigger_dropdown = (trigger, req, on_done_redirect_str = "") =>
 const getTriggerList = async (
   triggers,
   req,
-  { tagId, domId, showList, filterOnTag } = {}
+  { tagId, domId, showList, filterOnTag, on_done_redirect } = {}
 ) => {
   const base_url = get_base_url(req);
   const tags = await Tag.find();
-
+  const on_done_redirect_str = on_done_redirect
+  ? `?on_done_redirect=${on_done_redirect}`
+  : "";
   const tag_entries = await TagEntry.find({
     not: { trigger_id: null },
   });
   const tagsById = {};
   tags.forEach((t) => (tagsById[t.id] = t));
+  const user_can_inspect_tables =
+    req.user.role_id === 1 ||
+    getState().getConfig("min_role_edit_tables", 1) >= req.user.role_id ||
+    getState().getConfig("min_role_inspect_tables", 1) >= req.user.role_id;
 
   const tagBadges = (trigger) => {
     const myTags = tag_entries.filter((te) => te.trigger_id === trigger.id);
@@ -682,13 +702,15 @@ const getTriggerList = async (
         label: req.__("Table or Channel"),
         key: (r) =>
           r.table_name
-            ? a({ href: `/table/${r.table_name}` }, r.table_name)
+            ? user_can_inspect_tables
+              ? a({ href: `/table/${r.table_name}` }, r.table_name)
+              : r.table_name
             : r.channel,
       },
       !tagId
         ? {
             label: "",
-            key: (r) => trigger_dropdown(r, req),
+            key: (r) => trigger_dropdown(r, req, on_done_redirect_str),
           }
         : {
             label: req.__("Remove From Tag"),

package/routes/fields.js

@@ -24,7 +24,11 @@ const {
 } = require("@saltcorn/data/models/expression");
 const db = require("@saltcorn/data/db");
 
-const { isAdmin, error_catcher } = require("./utils.js");
+const {
+  isAdmin,
+  error_catcher,
+  isAdminOrHasConfigMinRole,
+} = require("./utils.js");
 const expressionBlurb = require("../markup/expression_blurb");
 const {
   readState,
@@ -774,7 +778,10 @@ const fieldFlow = (req) =>
  */
 router.get(
   "/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const field = await Field.findOne({ id });
@@ -830,7 +837,7 @@ router.get(
  */
 router.get(
   "/new/:table_id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_tables"),
   error_catcher(async (req, res) => {
     const { table_id } = req.params;
     const table = Table.findOne({ id: table_id });
@@ -867,7 +874,7 @@ router.get(
  */
 router.post(
   "/delete/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_tables"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const f = await Field.findOne({ id });
@@ -892,7 +899,7 @@ router.post(
  */
 router.post(
   "/",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_tables"),
   error_catcher(async (req, res) => {
     const wf = fieldFlow(req);
     const wfres = await wf.run(req.body, req);
@@ -941,7 +948,10 @@ router.post(
  */
 router.post(
   "/test-formula",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     let { formula, tablename, stored } = req.body;
     if (stored === "false") stored = false;
@@ -1231,7 +1241,11 @@ router.post(
  */
 router.post(
   "/preview/:tableName/:fieldName/:fieldview",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_edit_views",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { tableName, fieldName, fieldview } = req.params;
     const table = Table.findOne({ name: tableName });
@@ -1323,7 +1337,11 @@ router.post(
  */
 router.post(
   "/preview/:tableName/:fieldName/",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_edit_views",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     res.send("");
   })
@@ -1331,7 +1349,11 @@ router.post(
 
 router.post(
   "/fieldviewcfgform/:tableName",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_edit_views",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { tableName } = req.params;
     let {