@saltcorn/server 1.1.1-beta.5 → 1.1.1-beta.7

package/routes/list.js

@@ -24,7 +24,11 @@ const {
   form,
 } = require("@saltcorn/markup/tags");
 const Table = require("@saltcorn/data/models/table");
-const { isAdmin, error_catcher } = require("./utils");
+const {
+  isAdmin,
+  error_catcher,
+  isAdminOrHasConfigMinRole,
+} = require("./utils");
 const moment = require("moment");
 const { getState } = require("@saltcorn/data/db/state");
 
@@ -49,7 +53,10 @@ module.exports = router;
  */
 router.get(
   "/_versions/:tableName/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { tableName, id } = req.params;
     const table = Table.findOne({ name: tableName });
@@ -97,7 +104,10 @@ router.get(
  */
 router.post(
   "/_restore/:tableName/:id/:_version",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { tableName, id, _version } = req.params;
     const table = Table.findOne({ name: tableName });
@@ -226,7 +236,10 @@ const arrangeIdFirst = (flds) => {
  */
 router.get(
   "/:tname",
-  isAdmin,
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_inspect_tables",
+  ]),
   error_catcher(async (req, res) => {
     const { tname } = req.params;
     const table = Table.findOne({ name: tname });

package/routes/notifications.js

@@ -204,26 +204,31 @@ router.post(
         req.flash("error", msg);
         res.redirect("/auth/login");
       } else res.json({ error: msg });
-    } else if (!getState().getConfig("pwa_share_to_enabled", false)) {
-      const msg = req.__("Sharing not enabled");
-      if (!req.smr) {
-        req.flash("error", msg);
-        res.redirect("/");
-      } else res.json({ error: msg });
     } else {
-      Trigger.emitEvent("ReceiveMobileShareData", null, req.user, {
-        row: req.body,
+      const receiveShareTriggers = Trigger.find({
+        when_trigger: "ReceiveMobileShareData",
       });
-      if (!req.smr) {
-        req.flash(
-          "success",
-          req.__(
-            "Shared: %s",
-            req.body.title || req.body.text || req.body.url || ""
-          )
-        );
-        res.status(303).redirect("/");
-      } else res.json({ success: "ok" });
+      if (receiveShareTriggers.length === 0) {
+        const msg = req.__("Sharing not enabled");
+        if (!req.smr) {
+          req.flash("error", msg);
+          res.redirect("/");
+        } else res.json({ error: msg });
+      } else {
+        Trigger.emitEvent("ReceiveMobileShareData", null, req.user, {
+          row: req.body,
+        });
+        if (!req.smr) {
+          req.flash(
+            "success",
+            req.__(
+              "Shared: %s",
+              req.body.title || req.body.text || req.body.url || ""
+            )
+          );
+          res.status(303).redirect("/");
+        } else res.json({ success: "ok" });
+      }
     }
   })
 );
@@ -240,8 +245,10 @@ router.get(
     };
     const site_logo = state.getConfig("site_logo_id");
     const pwa_icons = state.getConfig("pwa_icons");
-    const pwa_share_to_enabled = state.getConfig("pwa_share_to_enabled", false);
-    if (pwa_share_to_enabled) {
+    const receiveShareTriggers = Trigger.find({
+      when_trigger: "ReceiveMobileShareData",
+    });
+    if (receiveShareTriggers.length > 0) {
       manifest.share_target = {
         action: "/notifications/share-handler",
         method: "POST",

package/routes/pageedit.js

@@ -30,6 +30,7 @@ const {
   addOnDoneRedirect,
   is_relative_url,
   setRole,
+  isAdminOrHasConfigMinRole,
 } = require("./utils.js");
 const { asyncMap } = require("@saltcorn/data/utils");
 const {
@@ -278,7 +279,7 @@ const getRootPageForm = (pages, pageGroups, roles, req) => {
     noSubmitButton: true,
     onChange: "saveAndContinue(this)",
     blurb: req.__(
-      "The root page is the page that is served when the user visits the home location (/). This can be set for each user role."
+      "The home page is the page that is served when the user visits the home location (/). This can be set for each user role."
     ),
     fields: roles.map(
       (r) =>
@@ -314,7 +315,7 @@ const getRootPageForm = (pages, pageGroups, roles, req) => {
  */
 router.get(
   "/",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const pageq = {};
     let filterOnTag;
@@ -357,7 +358,7 @@ router.get(
         },
         {
           type: "card",
-          title: req.__("Root pages"),
+          title: req.__("Home pages"),
           titleAjaxIndicator: true,
           contents: renderForm(
             getRootPageForm(pages, pageGroups, roles, req),
@@ -425,7 +426,7 @@ const wrap = (contents, noCard, req, page) => ({
  */
 router.get(
   "/edit-properties/:pagename",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
     const page = Page.findOne({ name: pagename });
@@ -456,7 +457,7 @@ router.get(
  */
 router.get(
   "/new",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const form = await pagePropertiesForm(req, true);
     res.sendWrap(
@@ -474,7 +475,7 @@ router.get(
  */
 router.post(
   "/edit-properties",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const form = await pagePropertiesForm(req, !req.body.id);
     form.hidden("id");
@@ -652,7 +653,7 @@ const getEditPageWithHtmlFile = async (req, res, page) => {
  */
 router.get(
   "/edit/:pagename",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
     const [page] = await Page.find({ name: pagename });
@@ -674,7 +675,7 @@ router.get(
  */
 router.post(
   "/edit/:pagename",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
 
@@ -765,7 +766,7 @@ router.post(
  */
 router.post(
   "/delete/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const page = await Page.findOne({ id });
@@ -787,7 +788,7 @@ router.post(
  */
 router.post(
   "/set_root_page",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const pages = await Page.find({}, { orderBy: "name" });
     const pageGroups = await PageGroup.find({}, { orderBy: "name" });
@@ -815,7 +816,7 @@ router.post(
  */
 router.post(
   "/add-to-menu/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const page = Page.findOne({ id });
@@ -845,7 +846,7 @@ router.post(
  */
 router.post(
   "/clone/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const page = await Page.findOne({ id });
@@ -870,7 +871,7 @@ router.post(
  */
 router.post(
   "/setrole/:id",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
     await setRole(req, res, Page);
   })

package/routes/plugins.js

@@ -1182,38 +1182,6 @@ router.get(
   })
 );
 
-/**
- * @name get/pubdeps/:plugin/:dependency/:version/*
- * @function
- * @memberof module:routes/plugins~pluginsRouter
- * @function
- */
-router.get(
-  "/pubdeps/:plugin/:dependency/:version/*",
-  error_catcher(async (req, res) => {
-    const { plugin, dependency } = req.params;
-    const filepath = req.params[0];
-
-    const pluginObj = getState().plugins[plugin];
-    if (
-      pluginObj &&
-      pluginObj.serve_dependencies &&
-      pluginObj.serve_dependencies[dependency]
-    ) {
-      const deppath = path.dirname(pluginObj.serve_dependencies[dependency]);
-      const safeFile = path
-        .normalize(filepath)
-        .replace(/^(\.\.(\/|\\|$))+/, "");
-      const abspath = path.join(deppath, safeFile);
-      if (fs.existsSync(abspath)) res.sendFile(abspath, { maxAge: "100d" });
-      //100d
-      else res.status(404).send(req.__("Not found"));
-    } else {
-      res.status(404).send(req.__("Not found"));
-    }
-  })
-);
-
 /**
  * @name get/info/:name
  * @function