@saltcorn/server 1.1.1-beta.7 → 1.1.1-rc.1

package/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 ## 1.1.1 - In beta
 
+* select_by_view fieldview for Key fields: the user selects the value of a 
+  Key field based on an clicking in a row of rendered views (typically a Show view) of the joined table. Works for both Edit and Filter views.
+
+* Click to edit (Show and List view patterns) is now implemented by rendering
+  the first available edit fieldview. This should be more robust and work with 
+  more data types.
+
+* Data in the admin's data edit grid is now loaded by page. This makes it
+  possible to work with much larger datasets.
+
 * You can now permit to non-admin (role ID > 1) users to edit or inspect tables, or 
   edit views, pages or triggers. In the permissions tab of the Users and security
   settings, minimum roles can be set for these capabilities. The appropriate
@@ -35,12 +45,23 @@
   is changed.
 
 * Mobile builder:
-    - PJAX view loading.
+    - PJAX view loading: Use pjax for all functions like on the web version.
+    - Share content to your app on mobile and PWA. 
+      - Ensure at least one ReceiveMobileShareData trigger exists when the app is built or the PWA is installed.
+      - Shared content is accessible via the row variable.
+      - Android: No additional configuration is needed.
+      - PWA: Ensure a trusted HTTPS connection is used.
+      - iOS:
+        - A second provisioning profile is required, with the bundle ID of the main app followed by share-ext (e.g., com.saltcorn.share-ext).
+        - The iOS project needs a Share Extension target. To set this up, open Xcode and add a Share Extension target from a template (more documentation is is about to come).
+        - The build will stop when the Xcode integration is required, and a "Finish the Build" shows up.
 
 ### Fixes
 
+* Increase plugin install reliability
 * fix workflows on SQLite
 * fix query string build on check_state_field (#2948). Author: St0rml
+* multiple fixes for the Capacitor port
 
 ### Translations
 
@@ -71,6 +92,11 @@
 
 * Webhook action has more options: method, set reponse value, headers.
 
+* Mobile builder:
+    - Ported from Cordova to Capacitor: Cordova's core functionalities and plugins are well-maintained, but for some time now, the trend for mobile application development goes new directions. Capacitor aims to be a drop-in replacement with a more modern approach and an active Community. Existing Cordova plugins do still work, and plugins from the Capacitor ecosystem are available as well. This should make the mobile app development more future-proof.
+    - Screen orientation change handling: A Saltcorn plugin can register a listener for screen orientation changes (Landscape / Portrait modes). For an example, take a look at the [metronic-theme](https://github.com/saltcorn/metronic-theme/blob/35b69ba7b4e94e2bcfe2f1c61508bc579c1d914f/index.js#L844). It registers a listener to adjust the mobile bottom navigation bar when the phone rotates.
+    - PJAX view loading: Changed the full reload to pjax for sortby and gopage (paging). The remainig set_state calls are still full reloads.
+
 ### Security
 
 - SameSite cookie settings

package/auth/admin.js

@@ -422,6 +422,7 @@ const permissions_settings_form = async (req) =>
       "min_role_edit_views",
       "min_role_edit_pages",
       "min_role_edit_triggers",
+      "min_role_edit_menu",
       //hidden            "exttables_min_role_read",
     ],
     action: "/useradmin/permissions",

package/locales/en.json

@@ -1543,5 +1543,7 @@
 	"Minimum role to inspect (see, without editing) tables": "Minimum role to inspect (see, without editing) tables",
 	"Home pages": "Home pages",
 	"The home page is the page that is served when the user visits the home location (/). This can be set for each user role.": "The home page is the page that is served when the user visits the home location (/). This can be set for each user role.",
-	"Trigger %s deleted": "Trigger %s deleted"
+	"Trigger %s deleted": "Trigger %s deleted",
+	"Edit menu": "Edit menu",
+	"Minimum role to edit menu": "Minimum role to edit menu"
 }

package/markup/admin.js

@@ -224,24 +224,29 @@ const send_infoarch_page = (args) => {
   const tenant_list =
     db.is_it_multi_tenant() &&
     db.getTenantSchema() === db.connectObj.default_schema;
+  const isUserAdmin = args.req?.user.role_id === 1;
   return send_settings_page({
     main_section: "Site structure",
     main_section_href: "/site-structure",
     sub_sections: [
       { text: "Menu", href: "/menu" },
-      { text: "Search", href: "/search/config" },
-      { text: "Library", href: "/library/list" },
-      { text: "Languages", href: "/site-structure/localizer" },
-      ...(tenant_list
+      ...(isUserAdmin
         ? [
-            { text: "Tenants", href: "/tenant/list" },
-            { text: "Multitenancy", href: "/tenant/settings" },
+            { text: "Search", href: "/search/config" },
+            { text: "Library", href: "/library/list" },
+            { text: "Languages", href: "/site-structure/localizer" },
+            ...(tenant_list
+              ? [
+                  { text: "Tenants", href: "/tenant/list" },
+                  { text: "Multitenancy", href: "/tenant/settings" },
+                ]
+              : []),
+            { text: "Pagegroups", href: "/page_group/settings" },
+            { text: "Tags", href: "/tag" },
+            { text: "Diagram", href: "/diagram" },
+            { text: "Registry editor", href: "/registry-editor" },
           ]
         : []),
-      { text: "Pagegroups", href: "/page_group/settings" },
-      { text: "Tags", href: "/tag" },
-      { text: "Diagram", href: "/diagram" },
-      { text: "Registry editor", href: "/registry-editor" },
     ],
     ...args,
   });

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "@saltcorn/server",
-  "version": "1.1.1-beta.7",
+  "version": "1.1.1-rc.1",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "1.1.1-beta.7",
-    "@saltcorn/builder": "1.1.1-beta.7",
-    "@saltcorn/data": "1.1.1-beta.7",
-    "@saltcorn/admin-models": "1.1.1-beta.7",
-    "@saltcorn/filemanager": "1.1.1-beta.7",
-    "@saltcorn/markup": "1.1.1-beta.7",
-    "@saltcorn/plugins-loader": "1.1.1-beta.7",
-    "@saltcorn/sbadmin2": "1.1.1-beta.7",
+    "@saltcorn/base-plugin": "1.1.1-rc.1",
+    "@saltcorn/builder": "1.1.1-rc.1",
+    "@saltcorn/data": "1.1.1-rc.1",
+    "@saltcorn/admin-models": "1.1.1-rc.1",
+    "@saltcorn/filemanager": "1.1.1-rc.1",
+    "@saltcorn/markup": "1.1.1-rc.1",
+    "@saltcorn/plugins-loader": "1.1.1-rc.1",
+    "@saltcorn/sbadmin2": "1.1.1-rc.1",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -965,6 +965,38 @@ function initialize_page() {
     var current =
       $(this).attr("data-inline-edit-current") ||
       $(this).children("span.current").html();
+    const resetHtml = this.outerHTML;
+
+    let fielddata = $(this).attr("data-inline-edit-fielddata");
+    if (fielddata) {
+      //fetch edit
+      $.ajax(`/field/edit-get-fieldview`, {
+        type: "POST",
+        headers: {
+          "CSRF-Token": _sc_globalCsrf,
+        },
+        contentType: "application/json",
+        data: decodeURIComponent(fielddata),
+      }).then((resp) => {
+        const opts = encodeURIComponent(
+          JSON.stringify({
+            resetHtml,
+          })
+        );
+        $(this).replaceWith(
+          `<form method="post" action="/field/save-click-edit" onsubmit="inline_ajax_submit_with_fielddata(event, '${opts}')"        
+      <input type="hidden" name="_csrf" value="${_sc_globalCsrf}">
+      <input type="hidden" name="_fielddata" value="${fielddata}">
+      <div class="input-group">
+      ${resp}
+      <button type="submit" class="btn btn-sm btn-primary">OK</button>
+      <button onclick="cancel_inline_edit(event, '${opts}')" type="button" class="btn btn-sm btn-danger"><i class="fas fa-times"></i></button>
+      </div>
+      </form>`
+        );
+      });
+      return;
+    }
     var key = $(this).attr("data-inline-edit-field") || "value";
     var ajax = !!$(this).attr("data-inline-edit-ajax");
     var type = $(this).attr("data-inline-edit-type");
@@ -984,7 +1016,6 @@ function initialize_page() {
       current = current === "true";
     }
     var is_key = type?.startsWith("Key:");
-    const resetHtml = this.outerHTML;
     const opts = encodeURIComponent(
       JSON.stringify({
         url,
@@ -1267,6 +1298,37 @@ function inline_submit_success(e, form, opts) {
   } else location.reload();
 }
 
+function inline_ajax_submit_with_fielddata(e, opts1) {
+  var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
+  e.preventDefault();
+
+  var form = $(e.target).closest("form");
+  var form_data = form.serialize();
+  var url = form.attr("action");
+  if (opts.type === "Bool" && !form_data.includes(`${opts.key}=on`)) {
+    form_data += `&${opts.key}=off`;
+  }
+  $.ajax(url, {
+    type: "POST",
+    headers: {
+      "CSRF-Token": _sc_globalCsrf,
+    },
+    data: form_data,
+    success: function (res) {
+      var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
+      var form = $(e.target).closest("form");
+      form.replaceWith(res);
+      initialize_page();
+    },
+    error: function (e) {
+      if (!checkNetworkError(e))
+        ajax_done(
+          e.responseJSON || { error: "Unknown error: " + e.responseText }
+        );
+    },
+  });
+}
+
 function inline_ajax_submit(e, opts1) {
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   e.preventDefault();
@@ -2032,6 +2094,28 @@ function update_time_of_week(nm) {
   };
 }
 
+function select_by_view_click(element, event, required) {
+  const isAlreadySelected = $(element).hasClass("selected");
+  $(element)
+    .closest(".select-by-view-container")
+    .find(".select-by-view-option")
+    .removeClass("selected");
+  if (!required && isAlreadySelected) {
+    $(element)
+      .closest(".select-by-view-container")
+      .find("input[type=hidden]")
+      .val("")
+      .trigger("change");
+  } else {
+    $(element).addClass("selected");
+    $(element)
+      .closest(".select-by-view-container")
+      .find("input[type=hidden]")
+      .val($(element).attr("data-id"))
+      .trigger("change");
+  }
+}
+
 const observer = new IntersectionObserver(
   (entries, observer) => {
     entries.forEach((entry) => {

package/public/saltcorn.css

@@ -773,3 +773,42 @@ i[class*=" unicode-"] {
 [data-animate-initial-hide] {
   opacity: 0;
 }
+
+div.select-by-view-container {
+  display: flex;
+}
+div.select-by-view-container.justify-start {
+  justify-content: flex-start;
+}
+div.select-by-view-container.justify-end {
+  justify-content: flex-end;
+}
+div.select-by-view-container.justify-center {
+  justify-content: center;
+}
+div.select-by-view-container.justify-between {
+  justify-content: space-between;
+}
+div.select-by-view-container.justify-around {
+  justify-content: space-around;
+}
+div.select-by-view-container.justify-evenly {
+  justify-content: space-evenly;
+}
+
+div.select-by-view-option.no-card {
+  border: 1px solid var(--bs-secondary, var(--tblr-secondary, blue));
+}
+div.select-by-view-option:hover {
+  border: 1px solid var(--bs-primary, var(--tblr-primary, blue));
+}
+div.select-by-view-option.selected {
+  border: 2px solid var(--bs-primary, var(--tblr-primary, blue));
+}
+tr span.add-tag {
+  opacity: 0;
+}
+
+tr:hover span.add-tag {
+  opacity: 1;
+}

package/public/saltcorn.js

@@ -34,7 +34,10 @@ function updateQueryStringParameter(uri1, key, value) {
     uri = uris[0];
   }
 
-  var re = new RegExp("([?&])" + key + "=.*?(&|$)", "i");
+  var re = new RegExp(
+    "([?&])" + escapeRegExp(key) + "=.*?(&|$)",
+    "i"
+  );
   var separator = uri.indexOf("?") !== -1 ? "&" : "?";
   if (uri.match(re)) {
     if (Array.isArray(value)) {
@@ -75,9 +78,12 @@ function removeQueryStringParameter(uri1, key, value) {
   }
   let re;
   if (value) {
-    re = new RegExp("([?&])" + key + "=" + value + "?(&|$)", "gi");
+    re = new RegExp(
+      "([?&])" + escapeRegExp(key) + "=" + value + "?(&|$)",
+      "gi"
+    );
   } else {
-    re = new RegExp("([?&])" + key + "=.*?(&|$)", "gi");
+    re = new RegExp("([?&])" + escapeRegExp(key) + "=.*?(&|$)", "gi");
   }
   if (uri.match(re)) {
     uri = uri.replace(re, "$1" + "$2");
@@ -88,6 +94,10 @@ function removeQueryStringParameter(uri1, key, value) {
   return uri + hash;
 }
 
+function escapeRegExp(string) {
+  return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
 function addQueryStringParameter(uri1, key, value) {
   let hash = "";
   let uri = uri1;
@@ -96,7 +106,10 @@ function addQueryStringParameter(uri1, key, value) {
     hash = "#" + uris[1];
     uri = uris[0];
   }
-  var re = new RegExp("([?&])" + key + "=" + value + "?(&|$)", "gi");
+  var re = new RegExp(
+    "([?&])" + escapeRegExp(key) + "=" + value + "?(&|$)",
+    "gi"
+  );
   if (uri.match(re)) return uri1;
 
   var separator = uri.indexOf("?") !== -1 ? "&" : "?";

package/routes/actions.js

@@ -731,6 +731,7 @@ const getWorkflowStepForm = async (
             },
           };
         if (cfgFld.input_type === "code") cfgFld.input_type = "textarea";
+        actionConfigFields.push(cfgFld)
       }
     } catch {}
   }

package/routes/admin.js

@@ -14,6 +14,7 @@ const {
   get_sys_info,
   tenant_letsencrypt_name,
   isAdminOrHasConfigMinRole,
+  checkEditPermission,
 } = require("./utils.js");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
@@ -567,7 +568,11 @@ router.get(
   error_catcher(async (req, res) => {
     const snaps = await Snapshot.find(
       {},
-      { orderBy: "created", orderDesc: true, fields: ["id", "created", "hash"] }
+      {
+        orderBy: "created",
+        orderDesc: true,
+        fields: ["id", "created", "hash", "name"],
+      }
     );
     const locale = getState().getConfig("default_locale", "en");
     send_admin_page({
@@ -595,7 +600,9 @@ router.get(
                             snap.created,
                             {},
                             locale
-                          )} (${moment(snap.created).fromNow()})`
+                          )} (${moment(snap.created).fromNow()})${
+                            snap.name ? ` [${snap.name}]` : ""
+                          }`
                         )
                       )
                     )
@@ -627,20 +634,6 @@ router.get(
   })
 );
 
-const checkEditPermission = (type, user) => {
-  if (user.role_id === 1) return true;
-  switch (type) {
-    case "view":
-      return getState().getConfig("min_role_edit_views", 1) >= user.role_id;
-    case "page":
-      return getState().getConfig("min_role_edit_pages", 1) >= user.role_id;
-    case "trigger":
-      return getState().getConfig("min_role_edit_triggers", 1) >= user.role_id;
-    default:
-      return false;
-  }
-};
-
 router.get(
   "/snapshot-restore/:type/:name",
   isAdminOrHasConfigMinRole([
@@ -652,7 +645,7 @@ router.get(
     const { type, name } = req.params;
     const snaps = await Snapshot.entity_history(type, name);
     const locale = getState().getConfig("default_locale", "en");
-    const auth = checkEditPermission(type, req.user);
+    const auth = checkEditPermission(type + "s", req.user);
     if (!auth) {
       res.send("Not authorized");
       return;
@@ -664,11 +657,14 @@ router.get(
           {
             label: req.__("When"),
             key: (r) =>
-              `${localeDateTime(r.created, {}, locale)} (${moment(
+              `${moment(
                 r.created
-              ).fromNow()})`,
+              ).fromNow()}<br><small>${localeDateTime(r.created, {}, locale)}</small>`,
+          },
+          {
+            label: req.__("Name"),
+            key: (r) => r.name || "",
           },
-
           {
             label: req.__("Restore"),
             key: (r) =>
@@ -694,7 +690,7 @@ router.post(
   ]),
   error_catcher(async (req, res) => {
     const { type, name, id } = req.params;
-    const auth = checkEditPermission(type, req.user);
+    const auth = checkEditPermission(type + "s", req.user);
     if (!auth) {
       req.flash("error", "Not authorized");
     } else {
@@ -963,7 +959,8 @@ const snapshotForm = (req) =>
         label: req.__("Snapshot now"),
         id: "btnSnapNow",
         class: "btn btn-outline-secondary",
-        onclick: "ajax_post('/admin/snapshot-now')",
+        onclick:
+          "ajax_post('/admin/snapshot-now/'+prompt('Name of snapshot (optional)'))",
       },
     ],
     fields: [
@@ -1075,11 +1072,18 @@ router.post(
  * Do Snapshot now
  */
 router.post(
-  "/snapshot-now",
+  "/snapshot-now/:snapshotname?",
   isAdmin,
   error_catcher(async (req, res) => {
+    const { snapshotname } = req.params;
+    if (snapshotname == "null") {
+      //user clicked cancel on prompt
+      res.json({ success: true });
+      return;
+    }
+
     try {
-      const taken = await Snapshot.take_if_changed();
+      const taken = await Snapshot.take_if_changed(snapshotname);
       if (taken) req.flash("success", req.__("Snapshot successful"));
       else
         req.flash("success", req.__("No changes detected, snapshot skipped"));
@@ -1574,7 +1578,7 @@ const doInstall = async (req, res, version, deepClean, runPull) => {
     }
     const child = spawn(
       "npm",
-      ["install", "-g", `@saltcorn/cli@${version}`, "--unsafe"],
+      ["install", "-g", `@saltcorn/cli@${version}`, "--omit=dev"],
       {
         stdio: ["ignore", "pipe", "pipe"],
       }

package/routes/api.js

@@ -279,14 +279,58 @@ router.get(
  * @function
  * @memberof module:routes/api~apiRouter
  */
-// todo add paging
+
+function validateNumberMin(value, min) {
+  if (typeof value !== "number") {
+    // return false; //throw new TypeError('Value is not a number');
+    value = strictParseInt(value);
+  }
+
+  if (!Number.isSafeInteger(value)) {
+    return false; //throw new RangeError('Value is outside the valid range for an integer');
+  }
+  if (value < min) return false;
+  return true;
+}
+
 router.get(
   "/:tableName/",
   //passport.authenticate("api-bearer", { session: false }),
   error_catcher(async (req, res, next) => {
     let { tableName } = req.params;
-    const { fields, versioncount, approximate, dereference, ...req_query } =
-      req.query;
+    const {
+      fields,
+      versioncount,
+      limit,
+      offset,
+      sortBy,
+      sortDesc,
+      approximate,
+      dereference,
+      tabulator_pagination_format,
+      ...req_query0
+    } = req.query;
+
+    let req_query = req_query0;
+    let tabulator_size, tabulator_page, tabulator_sort, tabulator_dir;
+    if (tabulator_pagination_format) {
+      const { page, size, sort, ...rq } = req_query0;
+      req_query = rq;
+      tabulator_page = page;
+      tabulator_size = size;
+      tabulator_sort = sort?.[0]?.field;
+      tabulator_dir = sort?.[0]?.dir;
+    }
+    if (typeof limit !== "undefined")
+      if (isNaN(limit) || !validateNumberMin(limit, 1)) {
+        getState().log(3, `API get ${tableName} Invalid limit parameter`);
+        return res.status(400).send({ error: "Invalid limit parameter" });
+      }
+    if (typeof offset !== "undefined")
+      if (isNaN(offset) || !validateNumberMin(offset, 1)) {
+        getState().log(3, `API get ${tableName} Invalid offset parameter`);
+        return res.status(400).send({ error: "Invalid offset parameter" });
+      }
     const table = Table.findOne(
       strictParseInt(tableName)
         ? { id: strictParseInt(tableName) }
@@ -303,6 +347,8 @@ router.get(
       res.status(404).json({ error: req.__("Not found") });
       return;
     }
+    const orderByField =
+      (sortBy || tabulator_sort) && table.getField(sortBy || tabulator_sort);
 
     await passport.authenticate(
       ["api-bearer", "jwt"],
@@ -312,9 +358,17 @@ router.get(
           let rows;
           if (versioncount === "on") {
             const joinOpts = {
-              orderBy: "id",
               forUser: req.user || user || { role_id: 100 },
               forPublic: !(req.user || user),
+              limit: tabulator_pagination_format
+                ? +tabulator_size
+                : limit && +limit,
+              offset: tabulator_pagination_format
+                ? +tabulator_size * (+tabulator_page - 1)
+                : offset && +offset,
+              orderDesc:
+                (sortDesc && sortDesc !== "false") || tabulator_dir == "desc",
+              orderBy: orderByField?.name || "id",
               aggregations: {
                 _versions: {
                   table: table.name + "__history",
@@ -352,11 +406,20 @@ router.get(
             rows = await table.getJoinedRows({
               where: qstate,
               joinFields,
+              limit: limit && +limit,
+              offset: offset && +offset,
+              orderDesc: sortDesc && sortDesc !== "false",
+              orderBy: orderByField?.name || undefined,
               forPublic: !(req.user || user),
               forUser: req.user || user,
             });
           }
-          res.json({ success: rows.map(limitFields(fields)) });
+          if (tabulator_pagination_format) {
+            res.json({
+              last_page: Math.ceil((await table.countRows()) / +tabulator_size),
+              data: rows.map(limitFields(fields)),
+            });
+          } else res.json({ success: rows.map(limitFields(fields)) });
         } else {
           getState().log(3, `API get ${table.name} not authorized`);
           res.status(401).json({ error: req.__("Not authorized") });

package/routes/common_lists.js

@@ -13,7 +13,17 @@ const {
 } = require("@saltcorn/markup");
 const { get_base_url } = require("./utils.js");
 const { getState } = require("@saltcorn/data/db/state");
-const { h4, p, div, a, i, text, span, nbsp } = require("@saltcorn/markup/tags");
+const {
+  h4,
+  p,
+  div,
+  a,
+  i,
+  text,
+  span,
+  nbsp,
+  button,
+} = require("@saltcorn/markup/tags");
 
 /**
  * @param {string} col
@@ -63,9 +73,11 @@ const tablesList = async (
     getState().getConfig("min_role_edit_tables", 1) >= req.user.role_id;
   const tagBadges = (table) => {
     const myTags = tag_entries.filter((te) => te.table_id === table.id);
-    return myTags
-      .map((te) => tagBadge(tagsById[te.tag_id], "tables"))
-      .join(nbsp);
+    const myTagIds = new Set(myTags.map((t) => t.tag_id));
+    return (
+      myTags.map((te) => tagBadge(tagsById[te.tag_id], "tables")).join(nbsp) +
+      mkAddBtn(tags, "tables", table.id, req, myTagIds)
+    );
   };
 
   return (
@@ -278,6 +290,38 @@ const tagsDropdown = (tags, altHeader) =>
     )
   );
 
+const mkAddBtn = (tags, entityType, id, req, myTagIds) =>
+  div(
+    { class: "dropdown d-inline ms-1" },
+    span(
+      {
+        class: "badge bg-secondary add-tag",
+        "data-bs-toggle": "dropdown",
+        "aria-haspopup": "true",
+        "aria-expanded": "false",
+        "data-boundary": "viewport",
+      },
+      i({ class: "fas fa-plus fa-sm" })
+    ),
+    div(
+      {
+        class: "dropdown-menu dropdown-menu-end",
+      },
+
+      tags
+        .filter((t) => !myTagIds.has(t.id))
+        .map((t) =>
+          post_dropdown_item(
+            `/tag-entries/add-tag-entity/${encodeURIComponent(
+              t.name
+            )}/${entityType}/${id}`,
+            t.name,
+            req
+          )
+        )
+    )
+  );
+
 const viewsList = async (
   views,
   req,
@@ -300,9 +344,12 @@ const viewsList = async (
 
   const tagBadges = (view) => {
     const myTags = tag_entries.filter((te) => te.view_id === view.id);
-    return myTags
-      .map((te) => tagBadge(tagsById[te.tag_id], "views"))
-      .join(nbsp);
+    const myTagIds = new Set(myTags.map((t) => t.tag_id));
+    const addBtn = mkAddBtn(tags, "views", view.id, req, myTagIds);
+    return (
+      myTags.map((te) => tagBadge(tagsById[te.tag_id], "views")).join(nbsp) +
+      addBtn
+    );
   };
 
   return (
@@ -504,9 +551,11 @@ const getPageList = async (
 
   const tagBadges = (page) => {
     const myTags = tag_entries.filter((te) => te.page_id === page.id);
-    return myTags
-      .map((te) => tagBadge(tagsById[te.tag_id], "pages"))
-      .join(nbsp);
+    const myTagIds = new Set(myTags.map((t) => t.tag_id));
+    return (
+      myTags.map((te) => tagBadge(tagsById[te.tag_id], "pages")).join(nbsp) +
+      mkAddBtn(tags, "pages", page.id, req, myTagIds)
+    );
   };
   return mkTable(
     [
@@ -602,7 +651,7 @@ const getPageGroupList = (rows, roles, req) => {
   );
 };
 
-const trigger_dropdown = (trigger, req, on_done_redirect_str = "") =>  
+const trigger_dropdown = (trigger, req, on_done_redirect_str = "") =>
   settingsDropdown(`dropdownMenuButton${trigger.id}`, [
     a(
       {
@@ -643,8 +692,8 @@ const getTriggerList = async (
   const base_url = get_base_url(req);
   const tags = await Tag.find();
   const on_done_redirect_str = on_done_redirect
-  ? `?on_done_redirect=${on_done_redirect}`
-  : "";
+    ? `?on_done_redirect=${on_done_redirect}`
+    : "";
   const tag_entries = await TagEntry.find({
     not: { trigger_id: null },
   });
@@ -657,9 +706,11 @@ const getTriggerList = async (
 
   const tagBadges = (trigger) => {
     const myTags = tag_entries.filter((te) => te.trigger_id === trigger.id);
-    return myTags
-      .map((te) => tagBadge(tagsById[te.tag_id], "triggers"))
-      .join(nbsp);
+    const myTagIds = new Set(myTags.map((t) => t.tag_id));
+    return (
+      myTags.map((te) => tagBadge(tagsById[te.tag_id], "triggers")).join(nbsp) +
+      mkAddBtn(tags, "triggers", trigger.id, req, myTagIds)
+    );
   };
   return mkTable(
     [

package/routes/fields.js

@@ -37,8 +37,8 @@ const {
 } = require("@saltcorn/data/plugin-helper");
 const { wizardCardTitle } = require("../markup/forms.js");
 const FieldRepeat = require("@saltcorn/data/models/fieldrepeat");
-const { applyAsync } = require("@saltcorn/data/utils");
-const { text } = require("@saltcorn/markup/tags");
+const { applyAsync, isWeb } = require("@saltcorn/data/utils");
+const { text, div } = require("@saltcorn/markup/tags");
 const { mkFormContentNoLayout } = require("@saltcorn/markup/form");
 
 /**
@@ -1301,6 +1301,19 @@ router.post(
     // - disabled inputs do not dispactch click events
     const firefox = true;
     const fv = fieldviews[fieldview];
+    field.fieldview === fieldview;
+    field.fieldviewObj = fv;
+    field.attributes = { ...configuration, ...field.attributes };
+    if (field.type === "Key")
+      await field.fill_fkey_options(
+        false,
+        {},
+        {},
+        undefined,
+        undefined,
+        undefined,
+        req.user
+      );
     if (!fv && field.type === "Key" && fieldview === "select")
       res.send(
         `<input ${
@@ -1422,3 +1435,101 @@ router.post(
     res.send(mkFormContentNoLayout(form));
   })
 );
+
+router.post(
+  "/edit-get-fieldview",
+  error_catcher(async (req, res) => {
+    const { field_name, table_name, pk, fieldview, configuration } = req.body;
+    const table = Table.findOne({ name: table_name });
+    const row = await table.getRow(
+      { [table.pk_name]: pk },
+      { forUser: req.user, forPublic: !req.user }
+    );
+    const field = table.getField(field_name);
+    let fv;
+    if (field.is_fkey) {
+      await field.fill_fkey_options(
+        false,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        row[field_name],
+        req.user
+      );
+      fv = getState().keyFieldviews.select;
+    } else if (fieldview === "subfield" && field.type?.name === "JSON") {
+      fv = field.type.fieldviews.edit_subfield;
+    } else {
+      //TODO: json subfield is special
+      const fieldviews = field.type.fieldviews;
+      fv = Object.values(fieldviews).find((v) => v.isEdit);
+    }
+    res.send(
+      fv.run(
+        field_name,
+        row[field_name],
+        {
+          ...field.attributes,
+          ...configuration,
+        },
+        "",
+        false,
+        field
+      )
+    );
+  })
+);
+
+router.post(
+  "/save-click-edit",
+  error_catcher(async (req, res) => {
+    const fielddata = JSON.parse(decodeURIComponent(req.body._fielddata));
+    const { field_name, table_name, pk, fieldview, configuration, join_field } =
+      fielddata;
+    const table = Table.findOne({ name: table_name });
+    const field = table.getField(field_name);
+    let val = field.type?.read
+      ? field.type?.read(req.body[field_name])
+      : req.body[field_name];
+    await table.updateRow({ [field_name]: val }, pk, req.user);
+    let fv;
+    if (field.is_fkey) {
+      if (join_field) {
+        const refTable = Table.findOne({ name: field.reftable_name });
+        const refRow = await refTable.getRow({ [refTable.pk_name]: val });
+        val = refRow[join_field];
+        const targetField = refTable.getField(join_field);
+        const fieldviews = targetField.type.fieldviews;
+
+        fv = fieldviews[fieldview];
+      } else fv = { run: (v) => `${v}` };
+    } else {
+      const fieldviews = field.type.fieldviews;
+
+      fv = fieldviews[fieldview];
+
+      if (!fv) {
+        const fv1 = Object.values(fieldviews).find(
+          (v) => !v.isEdit && !v.isFilter
+        );
+        fv = fv1;
+      }
+    }
+
+    res.send(
+      div(
+        {
+          "data-inline-edit-fielddata": req.body._fielddata,
+          "data-inline-edit-ajax": "true",
+          "data-inline-edit-dest-url": `/api/${table.name}/${pk}`,
+          class: !isWeb(req) ? "mobile-data-inline-edit" : "",
+        },
+        fv.run(val, req, {
+          ...field.attributes,
+          ...configuration,
+        })
+      )
+    );
+  })
+);

package/routes/list.js

@@ -402,25 +402,26 @@ router.get(
                 })
               })   
               window.tabulator_table = new Tabulator("#jsGrid", {
-                  ajaxURL:"/api/${encodeURIComponent(table.name)}${
-                  table.versioned ? "?versioncount=on" : ""
+                  ajaxURL:"/api/${encodeURIComponent(
+                    table.name
+                  )}?tabulator_pagination_format=true${
+                  table.versioned ? "&versioncount=on" : ""
                 }",                   
                   layout:"fitColumns", 
                   columns,
                   height:"100%",
                   pagination:true,
-                  paginationSize:20,
+                  paginationMode:"remote",
+                  paginationSize:10,
                   clipboard:true,
                   persistence:true, 
                   persistenceID:"table_tab_${table.name}",
                   movableColumns: true,
+                  ajaxContentType:"json",
+                  sortMode:"remote",
                   initialSort:[
                     {column:"id", dir:"asc"},
-                  ],
-                  ajaxResponse:function(url, params, response){                    
-            
-                    return response.success; //return the tableData property of a response json object
-                  },
+                  ],                 
               });
               window.tabulator_table.on("cellEdited", function(cell){
                 const row = cell.getRow().getData()

package/routes/menu.js

@@ -9,7 +9,7 @@ const Router = require("express-promise-router");
 
 //const Field = require("@saltcorn/data/models/field");
 const Form = require("@saltcorn/data/models/form");
-const { isAdmin, error_catcher } = require("./utils.js");
+const { isAdmin, error_catcher, isAdminOrHasConfigMinRole } = require("./utils.js");
 const { getState } = require("@saltcorn/data/db/state");
 //const File = require("@saltcorn/data/models/file");
 const User = require("@saltcorn/data/models/user");
@@ -490,7 +490,7 @@ const menuTojQME = (menu_items) =>
  */
 router.get(
   "/",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_menu"),
   error_catcher(async (req, res) => {
     const form = await menuForm(req);
     const state = getState();
@@ -566,7 +566,7 @@ const jQMEtoMenu = (menu_items) =>
  */
 router.post(
   "/",
-  isAdmin,
+  isAdminOrHasConfigMinRole("min_role_edit_menu"),  
   error_catcher(async (req, res) => {
     const new_menu = req.body;
     const menu_items = jQMEtoMenu(new_menu);

package/routes/tag_entries.js

@@ -12,7 +12,13 @@ const Tag = require("@saltcorn/data/models/tag");
 const TagEntry = require("@saltcorn/data/models/tag_entry");
 const Router = require("express-promise-router");
 
-const { isAdmin, error_catcher, csrfField } = require("./utils");
+const {
+  isAdmin,
+  error_catcher,
+  csrfField,
+  isAdminOrHasConfigMinRole,
+  checkEditPermission,
+} = require("./utils");
 
 const Table = require("@saltcorn/data/models/table");
 const View = require("@saltcorn/data/models/view");
@@ -170,6 +176,42 @@ router.post(
   })
 );
 
+router.post(
+  "/add-tag-entity/:tagname/:entitytype/:entityid",
+  isAdminOrHasConfigMinRole([
+    "min_role_edit_tables",
+    "min_role_edit_views",
+    "min_role_edit_pages",
+    "min_role_edit_triggers",
+  ]),
+  error_catcher(async (req, res) => {
+    const { tagname, entitytype, entityid } = req.params;
+    const tag = await Tag.findOne({ name: tagname });
+
+    const fieldName = idField(entitytype);
+    const auth = checkEditPermission(entitytype, req.user);
+    if (!auth) req.flash("error", "Not authorized");
+    else await tag.addEntry({ [fieldName]: +entityid });
+    switch (entitytype) {
+      case "views":
+        res.redirect(`/viewedit`);
+        break;
+      case "pages":
+        res.redirect(`/pageedit`);
+        break;
+      case "tables":
+        res.redirect(`/table`);
+        break;
+      case "triggers":
+        res.redirect(`/actions`);
+        break;
+
+      default:
+        break;
+    }
+  })
+);
+
 // add one object to multiple tags
 router.post(
   "/add/multiple_tags/:entry_type/:object_id",

package/routes/tags.js

@@ -1,6 +1,7 @@
 const { a, text, i, div } = require("@saltcorn/markup/tags");
 
 const Tag = require("@saltcorn/data/models/tag");
+const TagEntry = require("@saltcorn/data/models/tag_entry");
 const Router = require("express-promise-router");
 const Form = require("@saltcorn/data/models/form");
 const User = require("@saltcorn/data/models/user");

package/routes/utils.js

@@ -611,6 +611,20 @@ const getRandomPage = (pageGroup, req) => {
   return Page.findOne({ id: sessionMember.page_id });
 };
 
+const checkEditPermission = (type, user) => {
+  if (user.role_id === 1) return true;
+  switch (type) {
+    case "views":
+      return getState().getConfig("min_role_edit_views", 1) >= user.role_id;
+    case "pages":
+      return getState().getConfig("min_role_edit_pages", 1) >= user.role_id;
+    case "triggers":
+      return getState().getConfig("min_role_edit_triggers", 1) >= user.role_id;
+    default:
+      return false;
+  }
+};
+
 module.exports = {
   sqlsanitize,
   csrfField,
@@ -634,4 +648,5 @@ module.exports = {
   getEligiblePage,
   getRandomPage,
   tenant_letsencrypt_name,
+  checkEditPermission,
 };

package/serve.js

@@ -99,20 +99,24 @@ const ensurePluginsFolder = async () => {
   const staticDeps = ["@saltcorn/markup", "@saltcorn/data", "jest"];
   const allPluginFolders = new Set();
   await eachTenant(async () => {
-    const allPlugins = (await Plugin.find()).filter(
-      (p) => !["base", "sbadmin2"].includes(p.name)
-    );
-    for (const plugin of allPlugins) {
-      const tokens =
-        plugin.source === "npm"
-          ? plugin.location.split("/")
-          : plugin.name.split("/");
-      const pluginDir = path.join(
-        rootFolder,
-        plugin.source === "git" ? "git_plugins" : "plugins_folder",
-        ...tokens
+    try {
+      const allPlugins = (await Plugin.find()).filter(
+        (p) => !["base", "sbadmin2"].includes(p.name)
       );
-      allPluginFolders.add(pluginDir);
+      for (const plugin of allPlugins) {
+        const tokens =
+          plugin.source === "npm"
+            ? plugin.location.split("/")
+            : plugin.name.split("/");
+        const pluginDir = path.join(
+          rootFolder,
+          plugin.source === "git" ? "git_plugins" : "plugins_folder",
+          ...tokens
+        );
+        allPluginFolders.add(pluginDir);
+      }
+    } catch {
+      //ignore
     }
   });
   for (const folder of allPluginFolders) {

package/tests/api.test.js

@@ -107,6 +107,19 @@ describe("API read", () => {
         )
       );
   });
+  it("should get books limit", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/books/?limit=1&offset=1&sortBy=pages")
+      .expect(
+        succeedJsonWith(
+          (rows) =>
+            rows.length == 1 &&
+            rows[0].author === "Herman Melville" &&
+            rows[0].pages === 967
+        )
+      );
+  });
   it("should handle fkey args ", async () => {
     const loginCookie = await getAdminLoginCookie();
     const app = await getApp({ disableCsrf: true });

package/tests/clientjs.test.js

@@ -54,6 +54,26 @@ test("updateQueryStringParameter", () => {
       "AK"
     )
   ).toBe("/foo?publisher.publisher->name=AK");
+  expect(
+    updateQueryStringParameter(
+      "/foo?factor.Factors->focus_area.Focus%20area->short_name=Leadership",
+      "factor.Factors->focus_area.Focus%20area->short_name",
+      "Marketing"
+    )
+  ).toBe("/foo?factor.Factors->focus_area.Focus%20area->short_name=Marketing");
+  expect(
+    updateQueryStringParameter(
+      "/foo?factor.Factors%20(Solaris)->focus_area.Focus%20area%20(Solaris)->short_name=Leadership",
+      "factor.Factors%20(Solaris)->focus_area.Focus%20area%20(Solaris)->short_name",
+      "Marketing"
+    )
+  ).toBe(
+    "/foo?factor.Factors%20(Solaris)->focus_area.Focus%20area%20(Solaris)->short_name=Marketing"
+  );
+  expect(removeQueryStringParameter("/foo?name=Bar&factor.Factors%20(Solaris)->focus_area.Focus%20area%20(Solaris)->short_name=Leadership", "factor.Factors%20(Solaris)->focus_area.Focus%20area%20(Solaris)->short_name")).toBe(
+    "/foo?name=Bar"
+  );
+
   expect(updateQueryStringParameter("/foo", "_or_field", ["baz", "bar"])).toBe(
     "/foo?_or_field=baz&_or_field=bar"
   );

package/wrapper.js

@@ -96,6 +96,7 @@ const get_menu = (req) => {
   const canEditViews = state.getConfig("min_role_edit_views", 1) >= role;
   const canEditPages = state.getConfig("min_role_edit_pages", 1) >= role;
   const canEditTriggers = state.getConfig("min_role_edit_triggers", 1) >= role;
+  const canEditMenu = state.getConfig("min_role_edit_menu", 1) >= role;
   const isAdmin = role === 1;
   const hasAdmin =
     isAdmin ||
@@ -103,6 +104,7 @@ const get_menu = (req) => {
     canInspectTables ||
     canEditPages ||
     canEditViews ||
+    canEditMenu ||
     canEditTriggers;
   /*
    * Admin Menu items
@@ -128,13 +130,41 @@ const get_menu = (req) => {
         icon: "far fa-file",
         label: req.__("Pages"),
       });
-    if (canEditTriggers && !isAdmin)
+    if (canEditTriggers && !canEditMenu && !isAdmin)
       adminItems.push({
         link: "/actions",
         altlinks: ["/events", "/eventlog", "/crashlog"],
         icon: "fas fa-calendar-check",
         label: req.__("Triggers"),
       });
+    if (canEditMenu && !isAdmin) {
+      const subitems = [
+        {
+          link: "/menu",
+          altlinks: [
+            "/site-structure",
+            "/search/config",
+            "/library/list",
+            "/tenant/list",
+          ],
+          icon: "fas fa-compass",
+          label: req.__("Menu"),
+        },
+      ];
+      if (canEditTriggers)
+        subitems.push({
+          link: "/actions",
+          altlinks: ["/events", "/eventlog", "/crashlog"],
+          icon: "fas fa-calendar-check",
+          label: req.__("Triggers"),
+        });
+      adminItems.push({
+        label: req.__("Settings"),
+        icon: "fas fa-wrench",
+        subitems,
+      });
+    }
+
     if (isAdmin)
       adminItems.push({
         label: req.__("Settings"),