@saltcorn/server 1.1.1-beta.8 → 1.1.1-rc.2

package/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 ## 1.1.1 - In beta
 
+* Full-text search improvements: 
+    - An index for full-text search can now be created. When creating an index in
+      the constraints setting for a table, you can select "Full-text search" in
+      the field selector. This will dramatically speed up search on large tables.
+    - Use websearch_to_tsquery if available. This is a more natural and modern syntax.
+    - Link to syntax examples in /search
+    - Use default locale's language for search localisation.
+    - Option to show results in tabs in search configuration.
+
+* select_by_view fieldview for Key fields: the user selects the value of a 
+  Key field based on an clicking in a row of rendered views (typically a Show view) of the joined table. Works for both Edit and Filter views.
+
+* Click to edit (Show and List view patterns) is now implemented by rendering
+  the first available edit fieldview. This should be more robust and work with 
+  more data types.
+
+* Data in the admin's data edit grid is now loaded by page. This makes it
+  possible to work with much larger datasets.
+
 * You can now permit to non-admin (role ID > 1) users to edit or inspect tables, or 
   edit views, pages or triggers. In the permissions tab of the Users and security
   settings, minimum roles can be set for these capabilities. The appropriate
@@ -28,6 +47,7 @@
     - ForLoop step type for loops over arrays.
     - Varius UX improvements for editing workflows
     - Integrate copilot, if installed, in workflow editing
+    - Call non-workflow trigger actions.
 
 * sbadmin2 theme - Color update: dark side bar, darker primary blue
 
@@ -35,12 +55,23 @@
   is changed.
 
 * Mobile builder:
-    - PJAX view loading.
+    - PJAX view loading: Use pjax for all functions like on the web version.
+    - Share content to your app on mobile and PWA. 
+      - Ensure at least one ReceiveMobileShareData trigger exists when the app is built or the PWA is installed.
+      - Shared content is accessible via the row variable.
+      - Android: No additional configuration is needed.
+      - PWA: Ensure a trusted HTTPS connection is used.
+      - iOS:
+        - A second provisioning profile is required, with the bundle ID of the main app followed by share-ext (e.g., com.saltcorn.share-ext).
+        - The iOS project needs a Share Extension target. To set this up, open Xcode and add a Share Extension target from a template (more documentation is is about to come).
+        - The build will stop when the Xcode integration is required, and a "Finish the Build" shows up.
 
 ### Fixes
 
+* Increase plugin install reliability
 * fix workflows on SQLite
 * fix query string build on check_state_field (#2948). Author: St0rml
+* multiple fixes for the Capacitor port
 
 ### Translations
 
@@ -71,6 +102,11 @@
 
 * Webhook action has more options: method, set reponse value, headers.
 
+* Mobile builder:
+    - Ported from Cordova to Capacitor: Cordova's core functionalities and plugins are well-maintained, but for some time now, the trend for mobile application development goes new directions. Capacitor aims to be a drop-in replacement with a more modern approach and an active Community. Existing Cordova plugins do still work, and plugins from the Capacitor ecosystem are available as well. This should make the mobile app development more future-proof.
+    - Screen orientation change handling: A Saltcorn plugin can register a listener for screen orientation changes (Landscape / Portrait modes). For an example, take a look at the [metronic-theme](https://github.com/saltcorn/metronic-theme/blob/35b69ba7b4e94e2bcfe2f1c61508bc579c1d914f/index.js#L844). It registers a listener to adjust the mobile bottom navigation bar when the phone rotates.
+    - PJAX view loading: Changed the full reload to pjax for sortby and gopage (paging). The remainig set_state calls are still full reloads.
+
 ### Security
 
 - SameSite cookie settings

package/auth/admin.js

@@ -422,6 +422,7 @@ const permissions_settings_form = async (req) =>
       "min_role_edit_views",
       "min_role_edit_pages",
       "min_role_edit_triggers",
+      "min_role_edit_menu",
       //hidden            "exttables_min_role_read",
     ],
     action: "/useradmin/permissions",

package/locales/en.json

@@ -1543,5 +1543,13 @@
 	"Minimum role to inspect (see, without editing) tables": "Minimum role to inspect (see, without editing) tables",
 	"Home pages": "Home pages",
 	"The home page is the page that is served when the user visits the home location (/). This can be set for each user role.": "The home page is the page that is served when the user visits the home location (/). This can be set for each user role.",
-	"Trigger %s deleted": "Trigger %s deleted"
+	"Trigger %s deleted": "Trigger %s deleted",
+	"Edit menu": "Edit menu",
+	"Minimum role to edit menu": "Minimum role to edit menu",
+	"Full-text search index is not available as the table contains Key fields (%s) with the \"Include in full-text search\" option enabled. Disable this before creating a Full-text search index": "Full-text search index is not available as the table contains Key fields (%s) with the \"Include in full-text search\" option enabled. Disable this before creating a Full-text search index",
+	"Share Extension Provisioning Profile": "Share Extension Provisioning Profile",
+	"Show results in": "Show results in",
+	"Show results from each table in this type of element": "Show results from each table in this type of element",
+	"Search syntax help": "Search syntax help",
+	"Search syntax": "Search syntax"
 }

package/markup/admin.js

@@ -224,24 +224,29 @@ const send_infoarch_page = (args) => {
   const tenant_list =
     db.is_it_multi_tenant() &&
     db.getTenantSchema() === db.connectObj.default_schema;
+  const isUserAdmin = args.req?.user.role_id === 1;
   return send_settings_page({
     main_section: "Site structure",
     main_section_href: "/site-structure",
     sub_sections: [
       { text: "Menu", href: "/menu" },
-      { text: "Search", href: "/search/config" },
-      { text: "Library", href: "/library/list" },
-      { text: "Languages", href: "/site-structure/localizer" },
-      ...(tenant_list
+      ...(isUserAdmin
         ? [
-            { text: "Tenants", href: "/tenant/list" },
-            { text: "Multitenancy", href: "/tenant/settings" },
+            { text: "Search", href: "/search/config" },
+            { text: "Library", href: "/library/list" },
+            { text: "Languages", href: "/site-structure/localizer" },
+            ...(tenant_list
+              ? [
+                  { text: "Tenants", href: "/tenant/list" },
+                  { text: "Multitenancy", href: "/tenant/settings" },
+                ]
+              : []),
+            { text: "Pagegroups", href: "/page_group/settings" },
+            { text: "Tags", href: "/tag" },
+            { text: "Diagram", href: "/diagram" },
+            { text: "Registry editor", href: "/registry-editor" },
           ]
         : []),
-      { text: "Pagegroups", href: "/page_group/settings" },
-      { text: "Tags", href: "/tag" },
-      { text: "Diagram", href: "/diagram" },
-      { text: "Registry editor", href: "/registry-editor" },
     ],
     ...args,
   });

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "@saltcorn/server",
-  "version": "1.1.1-beta.8",
+  "version": "1.1.1-rc.2",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "1.1.1-beta.8",
-    "@saltcorn/builder": "1.1.1-beta.8",
-    "@saltcorn/data": "1.1.1-beta.8",
-    "@saltcorn/admin-models": "1.1.1-beta.8",
-    "@saltcorn/filemanager": "1.1.1-beta.8",
-    "@saltcorn/markup": "1.1.1-beta.8",
-    "@saltcorn/plugins-loader": "1.1.1-beta.8",
-    "@saltcorn/sbadmin2": "1.1.1-beta.8",
+    "@saltcorn/base-plugin": "1.1.1-rc.2",
+    "@saltcorn/builder": "1.1.1-rc.2",
+    "@saltcorn/data": "1.1.1-rc.2",
+    "@saltcorn/admin-models": "1.1.1-rc.2",
+    "@saltcorn/filemanager": "1.1.1-rc.2",
+    "@saltcorn/markup": "1.1.1-rc.2",
+    "@saltcorn/plugins-loader": "1.1.1-rc.2",
+    "@saltcorn/sbadmin2": "1.1.1-rc.2",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -965,6 +965,38 @@ function initialize_page() {
     var current =
       $(this).attr("data-inline-edit-current") ||
       $(this).children("span.current").html();
+    const resetHtml = this.outerHTML;
+
+    let fielddata = $(this).attr("data-inline-edit-fielddata");
+    if (fielddata) {
+      //fetch edit
+      $.ajax(`/field/edit-get-fieldview`, {
+        type: "POST",
+        headers: {
+          "CSRF-Token": _sc_globalCsrf,
+        },
+        contentType: "application/json",
+        data: decodeURIComponent(fielddata),
+      }).then((resp) => {
+        const opts = encodeURIComponent(
+          JSON.stringify({
+            resetHtml,
+          })
+        );
+        $(this).replaceWith(
+          `<form method="post" action="/field/save-click-edit" onsubmit="inline_ajax_submit_with_fielddata(event, '${opts}')"        
+      <input type="hidden" name="_csrf" value="${_sc_globalCsrf}">
+      <input type="hidden" name="_fielddata" value="${fielddata}">
+      <div class="input-group">
+      ${resp}
+      <button type="submit" class="btn btn-sm btn-primary">OK</button>
+      <button onclick="cancel_inline_edit(event, '${opts}')" type="button" class="btn btn-sm btn-danger"><i class="fas fa-times"></i></button>
+      </div>
+      </form>`
+        );
+      });
+      return;
+    }
     var key = $(this).attr("data-inline-edit-field") || "value";
     var ajax = !!$(this).attr("data-inline-edit-ajax");
     var type = $(this).attr("data-inline-edit-type");
@@ -984,7 +1016,6 @@ function initialize_page() {
       current = current === "true";
     }
     var is_key = type?.startsWith("Key:");
-    const resetHtml = this.outerHTML;
     const opts = encodeURIComponent(
       JSON.stringify({
         url,
@@ -1267,6 +1298,37 @@ function inline_submit_success(e, form, opts) {
   } else location.reload();
 }
 
+function inline_ajax_submit_with_fielddata(e, opts1) {
+  var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
+  e.preventDefault();
+
+  var form = $(e.target).closest("form");
+  var form_data = form.serialize();
+  var url = form.attr("action");
+  if (opts.type === "Bool" && !form_data.includes(`${opts.key}=on`)) {
+    form_data += `&${opts.key}=off`;
+  }
+  $.ajax(url, {
+    type: "POST",
+    headers: {
+      "CSRF-Token": _sc_globalCsrf,
+    },
+    data: form_data,
+    success: function (res) {
+      var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
+      var form = $(e.target).closest("form");
+      form.replaceWith(res);
+      initialize_page();
+    },
+    error: function (e) {
+      if (!checkNetworkError(e))
+        ajax_done(
+          e.responseJSON || { error: "Unknown error: " + e.responseText }
+        );
+    },
+  });
+}
+
 function inline_ajax_submit(e, opts1) {
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   e.preventDefault();
@@ -2032,6 +2094,28 @@ function update_time_of_week(nm) {
   };
 }
 
+function select_by_view_click(element, event, required) {
+  const isAlreadySelected = $(element).hasClass("selected");
+  $(element)
+    .closest(".select-by-view-container")
+    .find(".select-by-view-option")
+    .removeClass("selected");
+  if (!required && isAlreadySelected) {
+    $(element)
+      .closest(".select-by-view-container")
+      .find("input[type=hidden]")
+      .val("")
+      .trigger("change");
+  } else {
+    $(element).addClass("selected");
+    $(element)
+      .closest(".select-by-view-container")
+      .find("input[type=hidden]")
+      .val($(element).attr("data-id"))
+      .trigger("change");
+  }
+}
+
 const observer = new IntersectionObserver(
   (entries, observer) => {
     entries.forEach((entry) => {

package/public/saltcorn.css

@@ -773,3 +773,42 @@ i[class*=" unicode-"] {
 [data-animate-initial-hide] {
   opacity: 0;
 }
+
+div.select-by-view-container {
+  display: flex;
+}
+div.select-by-view-container.justify-start {
+  justify-content: flex-start;
+}
+div.select-by-view-container.justify-end {
+  justify-content: flex-end;
+}
+div.select-by-view-container.justify-center {
+  justify-content: center;
+}
+div.select-by-view-container.justify-between {
+  justify-content: space-between;
+}
+div.select-by-view-container.justify-around {
+  justify-content: space-around;
+}
+div.select-by-view-container.justify-evenly {
+  justify-content: space-evenly;
+}
+
+div.select-by-view-option.no-card {
+  border: 1px solid var(--bs-secondary, var(--tblr-secondary, blue));
+}
+div.select-by-view-option:hover {
+  border: 1px solid var(--bs-primary, var(--tblr-primary, blue));
+}
+div.select-by-view-option.selected {
+  border: 2px solid var(--bs-primary, var(--tblr-primary, blue));
+}
+tr span.add-tag {
+  opacity: 0;
+}
+
+tr:hover span.add-tag {
+  opacity: 1;
+}

package/public/saltcorn.js

@@ -34,7 +34,10 @@ function updateQueryStringParameter(uri1, key, value) {
     uri = uris[0];
   }
 
-  var re = new RegExp("([?&])" + key + "=.*?(&|$)", "i");
+  var re = new RegExp(
+    "([?&])" + escapeRegExp(key) + "=.*?(&|$)",
+    "i"
+  );
   var separator = uri.indexOf("?") !== -1 ? "&" : "?";
   if (uri.match(re)) {
     if (Array.isArray(value)) {
@@ -75,9 +78,12 @@ function removeQueryStringParameter(uri1, key, value) {
   }
   let re;
   if (value) {
-    re = new RegExp("([?&])" + key + "=" + value + "?(&|$)", "gi");
+    re = new RegExp(
+      "([?&])" + escapeRegExp(key) + "=" + value + "?(&|$)",
+      "gi"
+    );
   } else {
-    re = new RegExp("([?&])" + key + "=.*?(&|$)", "gi");
+    re = new RegExp("([?&])" + escapeRegExp(key) + "=.*?(&|$)", "gi");
   }
   if (uri.match(re)) {
     uri = uri.replace(re, "$1" + "$2");
@@ -88,6 +94,10 @@ function removeQueryStringParameter(uri1, key, value) {
   return uri + hash;
 }
 
+function escapeRegExp(string) {
+  return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
 function addQueryStringParameter(uri1, key, value) {
   let hash = "";
   let uri = uri1;
@@ -96,7 +106,10 @@ function addQueryStringParameter(uri1, key, value) {
     hash = "#" + uris[1];
     uri = uris[0];
   }
-  var re = new RegExp("([?&])" + key + "=" + value + "?(&|$)", "gi");
+  var re = new RegExp(
+    "([?&])" + escapeRegExp(key) + "=" + value + "?(&|$)",
+    "gi"
+  );
   if (uri.match(re)) return uri1;
 
   var separator = uri.indexOf("?") !== -1 ? "&" : "?";

package/routes/actions.js

@@ -731,7 +731,7 @@ const getWorkflowStepForm = async (
             },
           };
         if (cfgFld.input_type === "code") cfgFld.input_type = "textarea";
-        actionConfigFields.push(cfgFld)
+        actionConfigFields.push(cfgFld);
       }
     } catch {}
   }
@@ -745,6 +745,21 @@ const getWorkflowStepForm = async (
       wf_action_name: Trigger.find({ action: "Workflow" }).map((wf) => wf.name),
     },
   });
+  const nonWfTriggerNames = Trigger.find({})
+    .filter((tr) => tr.action !== "Workflow")
+    .map((wf) => wf.name);
+
+  actionConfigFields.push({
+    label: "Row expression",
+    name: "row_expr",
+    type: "String",
+    class: "validate-expression",
+    sublabel:
+      "Expression for the object to set the <code>row</code> value to inside the action. If blank, set to whole context",
+    showIf: {
+      wf_action_name: nonWfTriggerNames,
+    },
+  });
 
   const builtInActionExplainers = WorkflowStep.builtInActionExplainers({
     api_call: trigger.when_trigger == "API call",
@@ -752,6 +767,7 @@ const getWorkflowStepForm = async (
   const actionsNotRequiringRow = Trigger.action_options({
     notRequireRow: true,
     noMultiStep: true,
+    apiNeverTriggers: true,
     builtInLabel: "Workflow Actions",
     builtIns: Object.keys(builtInActionExplainers),
     forWorkflow: true,

package/routes/admin.js

@@ -14,6 +14,7 @@ const {
   get_sys_info,
   tenant_letsencrypt_name,
   isAdminOrHasConfigMinRole,
+  checkEditPermission,
 } = require("./utils.js");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
@@ -567,7 +568,11 @@ router.get(
   error_catcher(async (req, res) => {
     const snaps = await Snapshot.find(
       {},
-      { orderBy: "created", orderDesc: true, fields: ["id", "created", "hash"] }
+      {
+        orderBy: "created",
+        orderDesc: true,
+        fields: ["id", "created", "hash", "name"],
+      }
     );
     const locale = getState().getConfig("default_locale", "en");
     send_admin_page({
@@ -595,7 +600,9 @@ router.get(
                             snap.created,
                             {},
                             locale
-                          )} (${moment(snap.created).fromNow()})`
+                          )} (${moment(snap.created).fromNow()})${
+                            snap.name ? ` [${snap.name}]` : ""
+                          }`
                         )
                       )
                     )
@@ -627,20 +634,6 @@ router.get(
   })
 );
 
-const checkEditPermission = (type, user) => {
-  if (user.role_id === 1) return true;
-  switch (type) {
-    case "view":
-      return getState().getConfig("min_role_edit_views", 1) >= user.role_id;
-    case "page":
-      return getState().getConfig("min_role_edit_pages", 1) >= user.role_id;
-    case "trigger":
-      return getState().getConfig("min_role_edit_triggers", 1) >= user.role_id;
-    default:
-      return false;
-  }
-};
-
 router.get(
   "/snapshot-restore/:type/:name",
   isAdminOrHasConfigMinRole([
@@ -652,7 +645,7 @@ router.get(
     const { type, name } = req.params;
     const snaps = await Snapshot.entity_history(type, name);
     const locale = getState().getConfig("default_locale", "en");
-    const auth = checkEditPermission(type, req.user);
+    const auth = checkEditPermission(type + "s", req.user);
     if (!auth) {
       res.send("Not authorized");
       return;
@@ -664,11 +657,14 @@ router.get(
           {
             label: req.__("When"),
             key: (r) =>
-              `${localeDateTime(r.created, {}, locale)} (${moment(
+              `${moment(
                 r.created
-              ).fromNow()})`,
+              ).fromNow()}<br><small>${localeDateTime(r.created, {}, locale)}</small>`,
+          },
+          {
+            label: req.__("Name"),
+            key: (r) => r.name || "",
           },
-
           {
             label: req.__("Restore"),
             key: (r) =>
@@ -694,7 +690,7 @@ router.post(
   ]),
   error_catcher(async (req, res) => {
     const { type, name, id } = req.params;
-    const auth = checkEditPermission(type, req.user);
+    const auth = checkEditPermission(type + "s", req.user);
     if (!auth) {
       req.flash("error", "Not authorized");
     } else {
@@ -963,7 +959,8 @@ const snapshotForm = (req) =>
         label: req.__("Snapshot now"),
         id: "btnSnapNow",
         class: "btn btn-outline-secondary",
-        onclick: "ajax_post('/admin/snapshot-now')",
+        onclick:
+          "ajax_post('/admin/snapshot-now/'+prompt('Name of snapshot (optional)'))",
       },
     ],
     fields: [
@@ -1075,11 +1072,18 @@ router.post(
  * Do Snapshot now
  */
 router.post(
-  "/snapshot-now",
+  "/snapshot-now/:snapshotname?",
   isAdmin,
   error_catcher(async (req, res) => {
+    const { snapshotname } = req.params;
+    if (snapshotname == "null") {
+      //user clicked cancel on prompt
+      res.json({ success: true });
+      return;
+    }
+
     try {
-      const taken = await Snapshot.take_if_changed();
+      const taken = await Snapshot.take_if_changed(snapshotname);
       if (taken) req.flash("success", req.__("Snapshot successful"));
       else
         req.flash("success", req.__("No changes detected, snapshot skipped"));
@@ -1574,7 +1578,7 @@ const doInstall = async (req, res, version, deepClean, runPull) => {
     }
     const child = spawn(
       "npm",
-      ["install", "-g", `@saltcorn/cli@${version}`, "--unsafe"],
+      ["install", "-g", `@saltcorn/cli@${version}`, "--omit=dev"],
       {
         stdio: ["ignore", "pipe", "pipe"],
       }

package/routes/api.js

@@ -279,14 +279,58 @@ router.get(
  * @function
  * @memberof module:routes/api~apiRouter
  */
-// todo add paging
+
+function validateNumberMin(value, min) {
+  if (typeof value !== "number") {
+    // return false; //throw new TypeError('Value is not a number');
+    value = strictParseInt(value);
+  }
+
+  if (!Number.isSafeInteger(value)) {
+    return false; //throw new RangeError('Value is outside the valid range for an integer');
+  }
+  if (value < min) return false;
+  return true;
+}
+
 router.get(
   "/:tableName/",
   //passport.authenticate("api-bearer", { session: false }),
   error_catcher(async (req, res, next) => {
     let { tableName } = req.params;
-    const { fields, versioncount, approximate, dereference, ...req_query } =
-      req.query;
+    const {
+      fields,
+      versioncount,
+      limit,
+      offset,
+      sortBy,
+      sortDesc,
+      approximate,
+      dereference,
+      tabulator_pagination_format,
+      ...req_query0
+    } = req.query;
+
+    let req_query = req_query0;
+    let tabulator_size, tabulator_page, tabulator_sort, tabulator_dir;
+    if (tabulator_pagination_format) {
+      const { page, size, sort, ...rq } = req_query0;
+      req_query = rq;
+      tabulator_page = page;
+      tabulator_size = size;
+      tabulator_sort = sort?.[0]?.field;
+      tabulator_dir = sort?.[0]?.dir;
+    }
+    if (typeof limit !== "undefined")
+      if (isNaN(limit) || !validateNumberMin(limit, 1)) {
+        getState().log(3, `API get ${tableName} Invalid limit parameter`);
+        return res.status(400).send({ error: "Invalid limit parameter" });
+      }
+    if (typeof offset !== "undefined")
+      if (isNaN(offset) || !validateNumberMin(offset, 1)) {
+        getState().log(3, `API get ${tableName} Invalid offset parameter`);
+        return res.status(400).send({ error: "Invalid offset parameter" });
+      }
     const table = Table.findOne(
       strictParseInt(tableName)
         ? { id: strictParseInt(tableName) }
@@ -303,6 +347,8 @@ router.get(
       res.status(404).json({ error: req.__("Not found") });
       return;
     }
+    const orderByField =
+      (sortBy || tabulator_sort) && table.getField(sortBy || tabulator_sort);
 
     await passport.authenticate(
       ["api-bearer", "jwt"],
@@ -312,9 +358,17 @@ router.get(
           let rows;
           if (versioncount === "on") {
             const joinOpts = {
-              orderBy: "id",
               forUser: req.user || user || { role_id: 100 },
               forPublic: !(req.user || user),
+              limit: tabulator_pagination_format
+                ? +tabulator_size
+                : limit && +limit,
+              offset: tabulator_pagination_format
+                ? +tabulator_size * (+tabulator_page - 1)
+                : offset && +offset,
+              orderDesc:
+                (sortDesc && sortDesc !== "false") || tabulator_dir == "desc",
+              orderBy: orderByField?.name || "id",
               aggregations: {
                 _versions: {
                   table: table.name + "__history",
@@ -352,11 +406,20 @@ router.get(
             rows = await table.getJoinedRows({
               where: qstate,
               joinFields,
+              limit: limit && +limit,
+              offset: offset && +offset,
+              orderDesc: sortDesc && sortDesc !== "false",
+              orderBy: orderByField?.name || undefined,
               forPublic: !(req.user || user),
               forUser: req.user || user,
             });
           }
-          res.json({ success: rows.map(limitFields(fields)) });
+          if (tabulator_pagination_format) {
+            res.json({
+              last_page: Math.ceil((await table.countRows()) / +tabulator_size),
+              data: rows.map(limitFields(fields)),
+            });
+          } else res.json({ success: rows.map(limitFields(fields)) });
         } else {
           getState().log(3, `API get ${table.name} not authorized`);
           res.status(401).json({ error: req.__("Not authorized") });