Commit Graph

1440 Commits

Author SHA1 Message Date
Paul Fitzpatrick
65966e4cfd (core) use visibility information when sharing referenced columns with forms
Summary:
This tightens down the set of referenced columns made available to
forms for dropdowns. Previous access to columns was computed at the
level of shared tables. Now it is calculated at the level of shared
sections. That means that we can now refrain from following hidden
references, and make the referred data unavailable to forms, since
they should not need it.

Test Plan: extended test

Reviewers: jarek, dsagal

Reviewed By: jarek, dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4234
2024-04-22 13:54:44 -04:00
Paul Fitzpatrick
4567fad947 (core) updates from grist-core 2024-04-15 09:24:09 -04:00
CamilleLegeron
fe9cc80ccc
Create team site for self-hosted instances (#903) 2024-04-15 00:55:57 -07:00
George Gevoian
6f3cd1ec2f (core) Remove forms popup
Summary: The forms announcement popup should no longer be shown.

Test Plan: N/A

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4229
2024-04-12 16:10:44 -07:00
George Gevoian
0130409447 (core) Fix null references in form fields bug
Summary:
Shares and documents would both produce a rule set for the same column
if the document rule set was for multiple columns. In this case, it was causing
one of the rules to be overwritten by the other (specifically, the rule granting
access to form references was not being applied in shares). The symptom was
`null` values in place of the referenced table's values.

We address this by splitting any rule sets for multiple columns that are also
affected by shares, so that they can be overridden by shares without causing a
conflicting rule set to be created (i.e. 2 column rule sets containing the same column).

Test Plan: Server tests.

Reviewers: dsagal, paulfitz

Reviewed By: dsagal, paulfitz

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4208
2024-04-12 15:46:21 -07:00
George Gevoian
8c53585bd7 (core) Break overflowing text
Summary: Text could overflow its container in a few instances.

Test Plan: Manual.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4231
2024-04-12 15:24:07 -07:00
CamilleLegeron
76ef4d54f8
Webhook trigger update by column (#832)
Add functionality to filter webhooks based on a column or columns.
2024-04-12 16:04:37 -04:00
George Gevoian
86062a8c28 (core) New Grist Forms styling and field options
Summary:
 - New styling for forms.
 - New field options for various field types (spinner, checkbox, radio buttons, alignment, sort).
 - Improved alignment of form fields in columns.
 - Support for additional select input keyboard shortcuts (Enter and Backspace).
 - Prevent submitting form on Enter if an input has focus.
 - Fix for changing form field type causing the field to disappear.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4223
2024-04-11 08:17:42 -07:00
Jordi Gutiérrez Hermoso
400937fea3 uploads: do not use Origin header in fetchDoc
The `Origin` header is produced by `getTransitiveHeaders` but we don't
need it here, as this is only for an internal request where no
cross-origin attacks are possible.
2024-04-10 16:16:39 -04:00
Jordi Gutiérrez Hermoso
17ea97db78 requestUtils: add some logging to allowHost
I found it useful during my work to figure out what was going on in
this function and why some requests were being denied.
2024-04-10 16:16:39 -04:00
Jarosław Sadziński
661f1c1804 (core) DuplicatePage function didn't duplicated collapsed widgets
Summary:
When one of 2 widget was collapsed, the resulting widget can become a root section. Then,
when a page was duplicated, the layout was duplicated incorrectly (with wrong collapsed
section). This resulted in a bug, when the root section was deleted, as it was the last
section in the saved layout, but not the last section on the visible layout.

Test Plan: Added 2 tests

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4227
2024-04-10 18:19:37 +02:00
Jarosław Sadziński
bddbcddbef (core) Endpoint to report on the latest version of stable grist-core image
Summary:
New endpoint `/api/version` that returns latest version of stable docker image in format:
```
{"latestVersion":"1.1.12","
  updatedAt":"2024-03-06T06:28:25.752337Z","
  isCritical":false,
 "updateURL":"https://hub.docker.com/r/gristlabs/grist"
}
```

It connects to docker hub API and reads the version from the tag lists endpoint.
Stores telemetry passed from the client such us: current version, deployment type, installationId and others.

Test Plan: Added new test

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4220
2024-04-09 17:03:49 +02:00
Florent
a8a421c833
/status does not return a 500 HTTP code if docWorkerRegistered fails (#928) 2024-04-04 15:03:15 -04:00
Florent
4a9b6fea9d
Shutdown Doc worker when it is not considered as available in Redis #831 (#856)
* Shutdown Doc worker when it is not considered as available in Redis
* Use isAffirmative for GRIST_MANAGED_WORKERS
* Upgrade Sinon for the tests
* Run Smoke test with pages in English
* Add logic in /status endpoint
2024-04-04 10:25:42 -04:00
Jarosław Sadziński
03ead0d1ca (core) Adding a flag for the UI to check if emails are enabled
Summary:
Front-end code can now test if emails are enabled
and hide some parts of UI based on it.

Test Plan:
Only secondery text was hidden on add users dialog.
Tested manually.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: georgegevoian

Differential Revision: https://phab.getgrist.com/D4221
2024-04-03 09:50:17 +02:00
George Gevoian
c87d835533 (core) Update WS deps after grist-core sync
Summary:
Some WS-related code was touched in a recent PR to grist-core. This extends
those changes to the rest of the codebase so that builds work again.

Test Plan: N/A

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4224
2024-04-02 23:08:39 -07:00
George Gevoian
b505d21e79 (core) Disable headers shortcut in summary tables
Summary: Summary tables have restrictions on which columns can be renamed.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Subscribers: jarek

Differential Revision: https://phab.getgrist.com/D4222
2024-04-02 12:44:27 -07:00
Paul Fitzpatrick
4736ca490c (core) updates from grist-core 2024-04-01 09:22:25 -04:00
Jonathan Perret
96b652fb52
Support HTTP long polling as an alternative to WebSockets (#859)
The motivation for supporting an alternative to WebSockets is that while all browsers supported by Grist offer native WebSocket support, some networking environments do not allow WebSocket traffic.

Engine.IO is used as the underlying implementation of HTTP long polling. The Grist client will first attempt a regular WebSocket connection, using the same protocol and endpoints as before, but fall back to long polling using Engine.IO if the WebSocket connection fails.

Include these changes:
- CORS websocket requests are now rejected as a stronger security measure. This shouldn’t affect anything in practice; but previously it could be possible to make unauthenticated websocket requests from another origin.
- GRIST_HOST variable no longer affects CORS responses (also should not affect anything in practice, as it wasn't serving a useful purpose)
2024-03-28 13:22:20 -04:00
Paul Fitzpatrick
67afd74817 (core) clean up snapshot list when access rules are in effect
Summary:
When access rules are in effect on a document, non-owners currently
don't have access to snapshots. Previously when the document history
tab is opened in this situation, an error toast would appear, along
with a small message that was hard to see in dark mode. This change
removes the toast and improves the message somewhat.

Test Plan: updated test

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4218
2024-03-27 12:11:47 -04:00
Dmitry S
e380fcfa90 (core) Admin Panel and InstallAdmin class to identify installation admins.
Summary:
- Add InstallAdmin class to identify users who can manage Grist installation.

  This is overridable by different Grist flavors (e.g. different in SaaS).
  It generalizes previous logic used to decide who can control Activation
  settings (e.g. enable telemetry).

- Implement a basic Admin Panel at /admin, and move items previously in the
  "Support Grist" page into the "Support Grist" section of the Admin Panel.

- Replace "Support Grist" menu items with "Admin Panel" and show only to admins.

- Add "Support Grist" links to Github sponsorship to user-account menu.

- Add "Support Grist" button to top-bar, which
  - for admins, replaces the previous "Contribute" button and reopens the "Support Grist / opt-in to telemetry" nudge (unchanged)
  - for everyone else, links to Github sponsorship
  - in either case, user can dismiss it.

Test Plan: Shuffled some test cases between Support Grist and the new Admin Panel, and added some new cases.

Reviewers: jarek, paulfitz

Reviewed By: jarek, paulfitz

Differential Revision: https://phab.getgrist.com/D4194
2024-03-25 12:18:38 -04:00
Paul Fitzpatrick
0c05f4cdc4 (core) updates from grist-core 2024-03-25 09:45:23 -04:00
George Gevoian
418681915e (core) Forms Improvements
Summary:
 - Forms now have a reset button.
 - Choice and Reference fields in forms now have an improved select menu.
 - Formula and attachments column types are no longer mappable or visible in forms.
 - Fields in a form widget are now removed if their column is deleted.
 - The preview button in a published form widget has been replaced with a view button. It now opens the published form in a new tab.
 - A new share menu for published form widgets, with options to copy a link or embed code.
 - Forms can now have multiple sections.
 - Form widgets now indicate when publishing is unavailable (e.g. in forks or unsaved documents).
 - General improvements to form styling.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4203
2024-03-21 13:01:25 -04:00
George Gevoian
07fcce548b (core) Add TSV and DSV import/export
Summary: Adds support for importing .dsv files (an April Fools 2024 easter egg), and options for exporting .dsv and .tsv files from the Share menu.

Test Plan: Browser and server tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4210
2024-03-20 10:57:21 -04:00
CamilleLegeron
f3f320a193
Feat: rename all column label from a given row with right click (#848) 2024-03-20 09:34:09 -04:00
Florent
e84c420a37
Don't require running docker with --init to stop with ^C (#892) 2024-03-18 09:49:42 -04:00
Paul Fitzpatrick
48a8af83fc (core) updates from grist-core 2024-03-18 09:14:25 -04:00
Jonathan Perret
b054810fd1
Remove the GRIST_ALLOWED_HOSTS environment variable (#899)
This mostly reverts commit 49b1749e98.
2024-03-15 09:40:56 -04:00
George Gevoian
2ebf350bdf (core) Disable drag-and-drop in active form input
Summary:
Drag-and-drop was interfering with text selection in inputs for form
labels and paragraphs.

Test Plan: Manual.

Reviewers: jarek

Reviewed By: jarek

Subscribers: jarek

Differential Revision: https://phab.getgrist.com/D4209
2024-03-14 10:19:28 -04:00
Paul Fitzpatrick
17857ec1f0 (core) updates from grist-core 2024-03-11 09:03:58 -04:00
Jarosław Sadziński
0703c8527b (core) Better Max and Min shortcut funtions in the new column menu.
Summary: Using the lookup shortcut in the add column menu to find a max or min value is a buggy experience. MAX and MIN returns 0 for empty collections which can be interpreted as 1970.1.1 in date or date time columns. It is better to just return None (empty cell) when there are no records.

Test Plan: Updated

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4206
2024-03-08 21:59:33 +01:00
George Gevoian
14125b9b97 (core) Use document access for showing form buttons
Summary:
Site access was being used to show or hide form widget buttons. This meant
that users granted owner access to a document couldn't see buttons to
publish/unpublish or share a form. Now, document access is used instead.

Test Plan: Manual.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4207
2024-03-08 09:15:31 -05:00
Thomas Weaver
8d39d761a5
fixes #852 (#877) 2024-03-08 01:30:30 -05:00
Florent
1e3e076820
Add option to skip Checksum verification between doc storage and Redis #751 (#767)
This check should be unnecessary for stores with strong consistency guarantees (virtually everywhere now).

---------

Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-03-07 14:11:17 -05:00
George Gevoian
a5099fc598 (core) Skip showing empty doc tours
Summary: Empty doc tours are now skipped. Before, an error was shown instead.

Test Plan: Browser test.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4204
2024-03-07 10:10:55 -05:00
CamilleLegeron
9ce8ed3f25
Feat: add title query params for exported csv and xlsx + download translations (#872)
Co-authored-by: Florent <florent.git@zeteo.me>
2024-03-06 12:12:42 -05:00
Dmitry S
ca8ac806db (core) Trim unapplicable permissions bits for column rules, both at parse time, and in UI
Summary:
- UI now trims column rules before saving.
- When rules are loaded, bits that aren't applicable to a resource get ignored.
  This should fix the incorrect behavior in existing docs without a migration.

Test Plan:
- Added test of UI, that it now sends trimmed rules
- Added a unitteset of new trimPermissions() function
- Add test of fixed interpretation of existing rules: now only permission bits
  applicable to a resource get respected. I.e. create/delete/schemaEdit are
  ignored in column rules, and schemaEdit is also ignored in table rules.
- Note that DuplicateTest was affected: updated on the assumption that
  schemaEdit still can't actually apply at a table level.

Reviewers: georgegevoian, paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4205
2024-03-06 09:46:33 -05:00
Vincent Viers
011cf9da0d
make 'contact support' link customisable (#854)
Co-authored-by: CamilleLegeron <camille@telescoop.fr>
2024-03-06 00:59:46 -05:00
George Gevoian
0532ed6547 (core) Add dark mode CSS for Swagger UI
Summary: Adds CSS to support dark mode in Swagger UI.

Test Plan: Manual.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4199
2024-03-05 08:45:21 -05:00
George Gevoian
0c60446f9c
Move phab docs to /documentation (#882) 2024-03-05 08:35:48 -05:00
Paul Fitzpatrick
95b734149e
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850)
This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate.

Visit `/boot` on a Grist server for tips on how to use this feature.
2024-03-04 16:22:47 -05:00
Paul Fitzpatrick
85c51ab73f (core) updates from grist-core 2024-02-26 07:48:17 -05:00
Jarosław Sadziński
42d7e31d27 (core) In custom widgets show placeholder content until all columns are mapped
Summary: Showing configuration screen when widget is not mapped

Test Plan: New test added

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4192
2024-02-23 13:33:23 +01:00
Dmitry S
ca990bbfe6 (core) Small changes to Access Rules page to clearify behavior of table default rules
Summary:
- Rename "Add Default Rule" to "Add Table-wide Rule", and enable always.
- Rename "All Other" to "All".

Test Plan: Updated test; new behavior (for when menu option is newly enabled) only tested manually.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4195
2024-02-23 01:24:13 -05:00
George Gevoian
219b1f3f87 (core) Add org to FormAPI URL paths
Summary:
In some environments, URLs produced by FormAPI were missing an org, making them
ambiguous. This ensures that an org is always included in the path.

Test Plan: Manual.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4200
2024-02-22 12:38:42 -05:00
George Gevoian
c6fd79ac1f (core) Refactor forms implementation
Summary: WIP

Test Plan: Existing tests.

Reviewers: jarek

Reviewed By: jarek

Subscribers: jarek

Differential Revision: https://phab.getgrist.com/D4196
2024-02-22 08:44:25 -05:00
Florent
af676642d4
Escape hyphens in version ids #810 (#860)
Hyphens are typically used by MinIO in version ids (these are uuids).
We need to escape them as they are not included in the path to load a document
after bcb9740
2024-02-20 10:46:38 -05:00
Paul Fitzpatrick
6800ebfbad (core) updates from grist-core 2024-02-19 08:42:05 -05:00
Dmitry S
fc44a60edf (core) When reporting email in log metadata, use normalized email.
Summary:
There has been inconsistency in using display email vs normalized email, which
ends up creating some duplication in downstream analyses (e.g. the same user
showing up twice with different capitalization).

1. Add UserProfile.loginEmail field with normalized email to prefer, when set, over the inconsistently used UserProfile.email.
2. In one place where it's not available, normalize the display email manually.
3. Clean up some code in Client.ts.

Unrelated tweak to API Console to be clear when a URL parameter wasn't found (rather than show whatever happens to be the first value).

Several test robustness improvements:
- Misplaced parenthesis in gristWebDriverUtils has been causing optTimeout argument to be ignored in tests, and treated always as indefinite.
- Attempt to fix SortMenu test by ignoring (retrying with logging) errors in waitForServer, which include "script timeout" errors that come from a non-configurable selenium or chromedriver timeout.
- Attempt to improve onNewTab() helper, which plays a role in failing Billing tests.

Test Plan: Tested manually the capitalization of logged emails. Counting on existing tests to catch issues.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4188
2024-02-15 10:49:01 -05:00
CamilleLegeron
af38519ce3
style: ACL rules has no max-width (#820) 2024-02-15 09:12:19 -05:00