spoffy/fix-import-error-s3-no-redis
dependabot/npm_and_yarn/express-4.20.0
latest_candidate
main
spoffy/webdriver-logs
dependabot/npm_and_yarn/webpack-5.94.0
dependabot/npm_and_yarn/dompurify-3.1.3
latest
dependabot/npm_and_yarn/elliptic-6.5.7
dependabot/npm_and_yarn/axios-1.7.4
dependabot/npm_and_yarn/micromatch-4.0.8
berhalak/build-test
ignore-alert
link-to-issue-templates
spoffy/rename-candidate-action-job
dependabot/npm_and_yarn/fast-xml-parser-4.4.1
spoffy/playwright
spoffy/grist-ee-defaults
dependabot/npm_and_yarn/ws-8.17.1
dependabot/npm_and_yarn/tar-6.2.1
dependabot/npm_and_yarn/braces-3.0.3
jordigh/native-arm64
paulfitz/preview
paulfitz/smoosh
test-server-reset
dsagal-readme-gvisor
readme-update-dec2023
paulfitz/bundle-widget-prep
jv-linkstate-bubbles-tooltips
jv-linkstate-bubbles-base
jv-bidirectional-tests
preview
bidirectional
chainlink-fix
alex/skip-fstrings-3.9
alex/upgrade-pyodide
alex/3.11-tests
alex/_importParsedFileAsNewTable
poc-engine-data-layer
poc-engine
sponsors-section
removing-missing-key-error
friendly-locale
messytables-requirements
add-page-name
markdown-cells
v1.1.12
v1.1.11
v1.1.10
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v0.7.9
v0.7.8
v0.7.7
v0.7.6
v0.7.5
v0.7.4
v0.7.1
v0.7.2
v0.7.3
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
${ noResults }
2 Commits (1d2cf3de49d636755da2c6c453c2232479cb05f1)
Author | SHA1 | Message | Date |
---|---|---|---|
Alex Hall | 225a76c9cb |
(core) Don't throw error in `onRecord(s)` for insufficient access for `includeColumns`
Summary: This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems: 1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level. 2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun. Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK. Test Plan: Updated nbrowser test Reviewers: georgegevoian, paulfitz Reviewed By: georgegevoian, paulfitz Differential Revision: https://phab.getgrist.com/D4145 |
9 months ago |
Alex Hall | 4e67c679b2 |
(core) Options for plugin API functions which fetch data from the selected table or record
Summary: Adds a new interface `FetchSelectedOptions` with three keys (including the preexisting `keepEncoded`) and adds/updates an optional `options: FetchSelectedOptions` to six related functions which fetch data from the selected table or record. The `keepEncoded` and `format` options have different default values for different methods for backwards compatibility, but otherwise the different methods now have much more similar behaviour. The new `includeColumns` option allows fetching all columns which was previously only possible using `docApi.fetchTable` (which wasn't always a great alternative) but this requires full access to avoid exposing more data than before and violating user expectations. Eventually, similar options should be added to `docApi.fetchTable` to make the API even more consistent. Discussion: https://grist.slack.com/archives/C0234CPPXPA/p1696510548994899 Test Plan: Added a new nbrowser test with a corresponding fixture site and document, showing how the functions have different default option values but are all configurable now. Reviewers: georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4077 |
11 months ago |