Commit Graph

2593 Commits

Author SHA1 Message Date
Florent
5533b9b7ee
Fix server crash when client passes malformed JSON (#826)
* Fix server crash when client passes malformed JSON

* Take remarks into account

---------

Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-01-23 12:07:39 -05:00
Paul Fitzpatrick
007c4492dc (core) notify home db of shares when copying/forking/uploading docs
Summary:
The first time a worker opens a document, it will now check if it has any shares the home db needs to be aware of. If so, they will be added. This is important for documents uploaded/copied/forked/replaced, so that their shares work out of the box.

In future, may want some UI to give user control of whether shares are activated after upload/copy/fork/replace.

It seems tricky currently to know if a document is being opened for the first time. As a proxy, I check whether usage information has been calculated and saved to the db, since I can determine that without adding another db query. It is safe to synchronize shares more than necessary.

This leaves two gaps:
 * If a document is created/uploaded/copied/forked/replaced and no attempt is made to access it prior to using a share, then that share won't actually be available. Not a problem currently I think, since how would a user have determined the share key. But in future it would be good to also do a sync after creation/upload/copy/fork/replacement/...
 * On document replacement, usage info is reset but not absolutely immediately. So in principle shares could fail to be created on first load of the replacement. Usage info reset could be tweaked to give a guarantee here, but also fixing the first point would resolve this second point too.

Test Plan: copy test added

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4165
2024-01-23 08:09:20 -05:00
github-actions[bot]
1f5cd0a9d5
automated update to translation keys (#829)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-01-22 08:12:59 -05:00
Paul Fitzpatrick
e91dc768b8 (core) updates from grist-core 2024-01-22 07:44:36 -05:00
Dmitry S
6575da7d99 (core) Add event for thumbsUp/thumbsDown ratings for HelpCenter articles
Summary:
This corresponding change in HelpCenter will report this event:
https://github.com/gristlabs/grist-help/pull/303

Test Plan: Tested locally that the telemetry event is received by the server and logged.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4168
2024-01-20 20:17:12 -05:00
Jarosław Sadziński
8a6ab0f64e (core) Hiding "Create form" button
Summary:
The "Create a form" button in section menu wasn't hidden
behind a feature flag.

Test Plan: Manual

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4167
2024-01-19 13:44:56 +01:00
Jarosław Sadziński
0aad09a4ed (core) Forms improvements
Summary:
Forms improvements and following new design
- New headers
- New UI
- New right panel options

Test Plan: Tests updated

Reviewers: georgegevoian, dsagal

Reviewed By: georgegevoian

Subscribers: dsagal, paulfitz

Differential Revision: https://phab.getgrist.com/D4158
2024-01-19 10:34:03 +01:00
George Gevoian
b82209b458 (core) Fix filtering regression
Summary:
Fixes a recent regression that would cause a record to be erroneously filtered
out whenever it was updated from a linked view.

Test Plan: Browser test.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4163
2024-01-18 13:32:36 -08:00
github-actions[bot]
e751117bd1
automated update to translation keys (#825)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-01-18 08:54:21 -05:00
Paul Fitzpatrick
7c7dc5a0ef (core) updates from grist-core 2024-01-16 08:49:37 -05:00
George Gevoian
e12471347b (core) Form Publishing
Summary:
Adds initial implementation of form publishing, built upon WYSIWYS shares.

A simple UI for publishing and unpublishing forms is included.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Subscribers: paulfitz, jarek

Differential Revision: https://phab.getgrist.com/D4154
2024-01-12 11:58:12 -08:00
Dmitry S
8ddcff4310 (core) Update app/plugin/ documentation comments to improve generated docs
Summary:
- Move CellValue documentation to CellValue and add an example for each type.
- Link to CellValue from places that mention it.
- Update deprecated [[LINK]] syntax to a supported {@link} one, in a way that
  does not change generated documentation.

- Also fix auto-pick-ports script used in tests (which had a bug causing occasional test failures), and add a test for it.

Test Plan: No code changes for documentation changes. New test for auto-pick-ports.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4162
2024-01-11 23:49:50 -05:00
Alexandru-Ionut Chiuta
93a8ea3f30
Translated using Weblate (Romanian)
Currently translated at 100.0% (1024 of 1024 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2024-01-11 20:06:18 +01:00
Paul Fitzpatrick
eee29ee0a0 (core) add Shares migration to rollback test
Summary:
adds a newly-added migration to a list in a test for explicit
rollback testing

Test Plan: updates a test

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: georgegevoian

Differential Revision: https://phab.getgrist.com/D4161
2024-01-11 11:48:38 -05:00
Владимир В
66b0673a3a
Translated using Weblate (Russian)
Currently translated at 99.6% (1020 of 1024 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ru/
2024-01-09 21:06:18 +01:00
Dmitry S
527e9670ef (core) Include linking rowIds into remembered cursor position and anchor links.
Summary:
When linking using a Reference List column, there may be multiple source
records that show the same target record. With this change, we remember those
(rather than just pick one that shows the target record).

Test Plan: Added a browser test.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4140
2024-01-09 09:50:31 -05:00
Florent
a59132108f
Add createSite feature so user can disable site creation #813 (#814)
Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-01-08 11:26:30 -05:00
Paul Fitzpatrick
a311b8b3e5 (core) updates from grist-core 2024-01-08 09:19:50 -05:00
Alex Hall
fa6b57855e (core) Cache converting timestamp to date
Summary: Adds `@functools.lru_cache` to `ts_to_dt` and `ts_to_date` which are used in `_make_rich_value` in Date/DateTime columns, i.e. every time such a column is accessed in a formula. I noticed that these operations are surprisingly expensive while working on https://phab.getgrist.com/D4075. This is just an easy way to potentially significantly speed up certain docs and formulas.

Test Plan:
Put this code in an engine test case:

```
def test_(self):
  self.apply_user_action(["AddTable", "Table1", [
    {"id": "A", "type": "DateTime:America/Chicago"},
  ]])
  self.add_records("Table1", ["A"], [
    [i] for i in range(1000)
  ])
  formula = "for _ in range(1000): $A\nreturn 1"
  import time
  start = time.time()
  self.add_column(
    "Table1", formula, type="Any", isFormula=True, formula=formula
  )
  elapsed = time.time() - start
  print(f"Took {elapsed:.2f} for formula {formula}")
```

The time goes from ~10s to ~1s. Similar tests showed no noticeable slowdown when caching had no effect.

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D4099
2024-01-08 10:50:50 +02:00
Franček Prijatelj
6d0de4500d
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1024 of 1024 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2024-01-05 18:06:36 +01:00
gallegonovato
37630bcb28
Translated using Weblate (Spanish)
Currently translated at 100.0% (1024 of 1024 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-01-05 18:06:36 +01:00
Alex Hall
eea9f47e50 (core) Small fixes in plugin API docs
Summary:
While adding `FetchSelectedOptions` in 4e67c679b2, I accidentally made `viewApi` become an undocumented variable, which is fixed here.

While I was at it, I also fixed other errors emitted by `./build-plugin-api.sh`.

Test Plan: Built changes in https://github.com/gristlabs/grist-help/pull/297

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4155
2024-01-04 20:44:17 +02:00
Paul Fitzpatrick
15a73fdaf0 (core) repair a migration test when running against postgres
Summary:
This is fixing some fall-out from some environmental changes after
another batch of tests were moved to grist-core.

Test Plan: this is fixing a test, no app changes

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4156
2024-01-04 13:35:55 -05:00
Paul Fitzpatrick
2a206dfcf8 (core) add initial support for special shares
Summary:
This gives a mechanism for controlling access control within a document that is distinct from (though implemented with the same machinery as) granular access rules.

It was hard to find a good way to insert this that didn't dissolve in a soup of complications, so here's what I went with:
 * When reading rules, if there are shares, extra rules are added.
 * If there are shares, all rules are made conditional on a "ShareRef" user property.
 * "ShareRef" is null when a doc is accessed in normal way, and the row id of a share when accessed via a share.

There's no UI for controlling shares (George is working on it for forms), but you can do it by editing a `_grist_Shares` table in a document. Suppose you make a fresh document with a single page/table/widget, then to create an empty share you can do:

```
gristDocPageModel.gristDoc.get().docData.sendAction(['AddRecord', '_grist_Shares', null, {linkId: 'xyz', options: '{"publish": true}'}])
```

If you look at the home db now there should be something in the `shares` table:

```
$ sqlite3 -table landing.db "select * from shares"
+----+------------------------+------------------------+--------------+---------+
| id |          key           |         doc_id         |   link_id    | options |
+----+------------------------+------------------------+--------------+---------+
| 1  | gSL4g38PsyautLHnjmXh2K | 4qYuace1xP2CTcPunFdtan | xyz | ...      |
+----+------------------------+------------------------+--------------+---------+
```

If you take the key from that (gSL4g38PsyautLHnjmXh2K in this case) and replace the document's urlId in its URL with `s.<key>` (in this case `s.gSL4g38PsyautLHnjmXh2K` then you can use the regular document landing page (it will be quite blank initially) or API endpoint via the share.

E.g. for me `http://localhost:8080/o/docs/s0gSL4g38PsyautLHnjmXh2K/share-inter-3` accesses the doc.

To actually share some material - useful commands:

```
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Views_section').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Views_section', 1, {shareOptions: '{"publish": true, "form": true}'}])
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Pages').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Pages', 1, {shareRef: 1}])
```

For a share to be effective, at least one page needs to have its shareRef set to the rowId of the share, and at least one widget on one of those pages needs to have its shareOptions set to {"publish": "true", "form": "true"} (meaning turn on sharing, and include form sharing), and the share itself needs {"publish": true} on its options.

I think special shares are kind of incompatible with public sharing, since by their nature (allowing access to all endpoints) they easily expose the docId, and changing that would be hard.

Test Plan: tests added

Reviewers: dsagal, georgegevoian

Reviewed By: dsagal, georgegevoian

Subscribers: jarek, dsagal

Differential Revision: https://phab.getgrist.com/D4144
2024-01-04 05:57:38 -05:00
Alexandru-Ionut Chiuta
8fe3c27dd2
Translated using Weblate (Romanian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2024-01-03 23:10:07 +01:00
Franček Prijatelj
3bfc40159b
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2024-01-03 23:10:07 +01:00
Riccardo Polignieri
eec684760c
Translated using Weblate (Italian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/it/
2024-01-03 23:10:07 +01:00
gallegonovato
b6d65dcfd0
Translated using Weblate (Spanish)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-01-03 23:10:07 +01:00
Florent
97df12c34d
Change error message on documents for non-owner users (#790)
The error can often be fixed by just reloading the document with no need
to worry the document owners

For example, when the error message is: "interrupted by reconnect"

Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-01-03 16:38:51 -05:00
jyio
ba14a1bea7
OIDC: Support overriding end_session_endpoint using environment variable GRIST_OIDC_IDP_END_SESSION_ENDPOINT (#802)
Support overriding `end_session_endpoint` using environment variable `GRIST_OIDC_IDP_END_SESSION_ENDPOINT`
2024-01-03 15:49:32 -05:00
Florent
837597cd55
Fix deadlock with webhooks on document load #799 (#812) 2024-01-03 21:47:53 +02:00
Florent
6722512d96
Completely ignored disabled webhooks (#800) 2024-01-03 20:06:38 +02:00
Paul Fitzpatrick
4378ec24d8
v1.1.10 2024-01-03 07:57:53 -05:00
github-actions[bot]
4bfc1b1eac
automated update to translation keys (#811)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-01-02 11:39:33 -05:00
Paul Fitzpatrick
f079d4b340 (core) updates from grist-core 2024-01-02 08:00:39 -05:00
Matěj Bláha
93b061bbc4
Translated using Weblate (Czech)
Currently translated at 10.4% (107 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/cs/
2024-01-01 12:06:48 +00:00
Alex Hall
225a76c9cb (core) Don't throw error in onRecord(s) for insufficient access for includeColumns
Summary:
This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems:

1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level.
2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun.

Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK.

Test Plan: Updated nbrowser test

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Differential Revision: https://phab.getgrist.com/D4145
2023-12-30 10:16:40 +02:00
Alex Hall
a2bd753649 (core) API console
Summary: Adds a custom interactive Swagger API console at `/apiconsole`. For now, this isn't visibly linked anywhere.

Test Plan: Manual, this is still an experimental and private feature. The idea is to merge this soon so that we have a chance to try it out in production.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4151
2023-12-27 22:02:30 +02:00
github-actions[bot]
16b6b01134
automated update to translation keys (#805)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2023-12-27 10:18:13 -05:00
Paul Fitzpatrick
e0d44eff1f
set TEST_CLEAN_DATABASE when running server tests (#806)
After adding a batch of new server tests, some interactions between
tests have shown up via a shared database. This sets an existing flag
for dealing with this problem, that is used during browser tests but
hadn't been needed before for server tests.
2023-12-27 09:56:59 -05:00
Paul Fitzpatrick
a5544b9b01 (core) updates from grist-core 2023-12-26 08:47:55 -05:00
Paul Fitzpatrick
145138b7e9 (core) move apiserver tests to core, disentangling notifier+billing parts
Summary:
This moves some more tests to core that would be useful for ANCT,
which had been stuck in grist-saas due to some entanglements with
sendgrid and billing. For sendgrid, I've moved around just enough
material to permit the tests to run mostly unchanged. Ideally
the interface to a notification system would be generalized, but
that's a bigger project.

Test Plan:
checked that tests are likely to run as expected
in core using preview laid out by ./buildtools/build_core.sh

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4149
2023-12-26 08:43:12 -05:00
Alexandru-Ionut Chiuta
ba69d2f415
Translated using Weblate (Romanian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-25 18:07:29 +01:00
Alexandru-Ionut Chiuta
1b05855a39
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2023-12-25 18:07:26 +01:00
Alexandru-Ionut Chiuta
4b40aa9c80
Translated using Weblate (Italian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/it/
2023-12-25 18:07:26 +01:00
Alexandru-Ionut Chiuta
5a4187cf2a
Translated using Weblate (Romanian)
Currently translated at 22.8% (233 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-24 08:07:08 +00:00
Paul Janzen
7b44e3d619
Translated using Weblate (German)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2023-12-23 04:07:00 +01:00
Paul Janzen
a6cec55a06
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt_BR/
2023-12-23 04:06:59 +01:00
Alexandru-Ionut Chiuta
65757854ea
Translated using Weblate (Romanian)
Currently translated at 22.7% (232 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-20 18:07:06 +01:00
gallegonovato
38372a7e34
Translated using Weblate (Spanish)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2023-12-20 18:07:05 +01:00