Summary:
update user.Link to user.LinkKey in autocomplete.
This was a late change on the backend.
Test Plan: checked manually
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2787
Summary:
attribute ActiveDoc log messages to users regardless of whether
they were triggered via a client or directly via api
Test Plan: log messages checked manually
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2786
Summary: add user and docId to heartbeat logging
Test Plan: checked manually
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2784
Summary:
This removes some unintentional repetition of work when there are
no row-level rules (there was a missing `return`).
Test Plan: existing tests pass
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2782
Summary:
- Cache the count by column, factoring out ColumnCache from
ColumnACIndexes, which uses a similar pattern.
- Update error counts in response to column selection and to data changes.
Test Plan: Adds a test case for the new message
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2780
Summary:
- Adds a + button to the filter. Button triggers a menu that allow to
add one of the column that does not already have a filter set.
Caveats:
- for now menu only allows to choose from visible column.
- This diff introduces a slight change of behavior of how filter works:
- Filter used to be automatically removed when user set them to all
inclusive (ie: by clicking the `All` button).
- With this diff, it is no longer the case.
- indeed, when filter are added to the filter bar with the `+` btn they are initially in the `all inclusive` state, hence would have been removed with the above mention behaviour.
Test Plan: Added new test to nbrowser/FilterBar
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2776
Summary:
Fix an error that used to happen on Chrome: `RangeError: Maximum call stack size
exceeded`. Happened when clicking the `Other Values` checkbox when
filtering a large table. Turns out culprit was a function call that
was using a spread operator to pass a large number of argument to a
function.
Spread operator for passing multiple argument must not be used with
too many arguments. Otherwise it could hit the engine's argument
length limit. That limit varies across browser (webkit's
javascriptcore engine has argument limit of 65536).
Some interesting description of the limit can be found here:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/apply#using_apply_and_built-in_functions
In order to get the fix fast, implementing a proper test for it is left for a follow-up commit.
Test Plan:
- Manually tested on Chrome/FF
Reviewers: paulfitz
Reviewed By: paulfitz
Subscribers: paulfitz
Differential Revision: https://phab.getgrist.com/D2779
Summary: This addresses a weakness in the following case: rules controlling view access for a column, with a dependency on the values of other columns. We had disabled support for such rules, since the existing implementation worked only on table loads and not on broadcast changes. This diff adds in logic to enrich broadcasts as needed, and allows such rules.
Test Plan: added test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2774
Summary:
When adding robustness to schema changes to granular access control,
a calculation of intermediate row states that was previously done
semi-intelligently on need started happening less intelligently.
This diff separates out the row state calculations from metadata
state calculations so that one can happen without the other.
Test Plan: extended a test. Also did some manual checks.
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2773
Summary:
For a long array with removals proportional to that length,
lodash/pullAt becomes slow due to doing one splice per removal.
This diff swaps in an alternate implementation that doesn't become
quadratic. On a 250k-row doc with a row-level access rule, this improves
initial page load for a viewer with access to half the rows from minutes
to seconds.
Test Plan: added test; did manual benchmarking
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2777
Summary:
A client hit a situation where a granular access control "bundle"
was not closed, leaving the document locked until reset. I don't
yet have a replication. This diff is a possible mitigation,
trusting various methods less.
Test Plan: existing tests pass
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2775
Summary:
- add new filterBar option to views section
- add toggle to the section menu
- add filter bar
- shows Save/Revert btn when unsaved change
- shows all filered fields witch edit and delete buttons
Test Plan: Add new FilterBar nbrowser test
Reviewers: paulfitz, dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2769
Summary:
This fixes DocStorage.fetchQuery when the number of parameters
exceeds the maximum that can be passed directly to sqlite.
In this case, parameters are now stored and used from a temporary
table.
Problem first noticed via a use of DocStorage.fetchQuery by
granular access controls. Access control should be optimized
to make fewer such queries, but that is a separate issue.
Test Plan: added tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2772
Summary:
Activate CI for grist-core using github actions. Can be improved
with caching but starting simple.
Test Plan: tested in a fork of grist-core
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2771
Summary:
* adds a smoke test to grist-core
* fixes a problem with highlight.js failing to load correctly
* skips survey for default user
* freshens docker build
Utility files in test/nbrowser are moved to core/test/nbrowser, so that gristUtils are available there. This increased the apparent size of the diff as "./" import paths needed replacing with "test/nbrowser/" paths. The utility files are untouched, except for the code to start a server - it now has a small grist-core specific conditional in it.
Test Plan: adds test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2768
Summary:
- Allows ColumnFilter to add/delete keys by batch
- Add options limitShown to ColumnFilterMenu
- Add summary checkboxes Other Matching/Other Non-Matching/Other Values
- Adds missing type to chai declaration
Test Plan:
- Adds project test to new file projects/ColumnFilterMenu2
- Adds nbrowser test to new file nbrowser/ColumnFilterMenu
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2763
Summary:
- When Public Edit access is enabled, Access Rules page shows a warning and
prevents saving rules.
- When any ACL rules are present, attempts to set Public access to Editor role
get downgraded to Viewer role, with a warning notification.
- No checks are made on the server side, so the combination may be achieved via
the API (but we may block it in the future).
Test Plan: Added a test case.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2767
Summary:
- Remove support for aclUI=1 URL parameter, making it the default.
- Add 'BETA' tag to the Access Rules link in side panel.
- Remove all mentions of aclUI=1 in tests.
Test Plan: Updated tests should pass
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2766
Summary:
This allows `*SPECIAL:AccessRules` to give read access to the access rules to more users, and `*SPECIAL:FullCopies` to grant download/copy rights to more users.
This diff also changes forks to be owned by the user who forked them (previously they were an editor), since that feels more natural.
Test Plan: Added and updated tests.
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2760
Summary:
- Use special ACLResources of the form "*SPECIAL:<RuleType>" to represent
special document-wide rules.
- Include default rules that give Read access to these resources to Owners only.
- Add UI with a checkbox to give access to everyone instead.
- Allow expanding the UI for advanced configuration.
- These rules don't actually have any behavior yet.
Test Plan: WIP
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2764
Summary:
Previously in {{D1053}} we switched to using BLOB as the "type" for all columns, to prevent SQLite from casting data unexpectedly. This diff now returns to more meaningful types. We apply marshalling to values when being placed in a column where a cast might occur, to inhibit such casting.
The benefit is that Grist documents become easier to interact with via regular database clients/libraries, which often rely on the column type more than a purely SQLite tool would.
On column type conversion, we run all blobs in the column through a decode/encode cycle so if they no longer need to be marshalled they revert to native type. This could be optimized further, it is somewhat brute force.
Test Plan: Updated tests and reference document
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2755
Summary:
- Simply apply search against word label instead of the key
- Fix a tricky bug of observable dependencies that appeared while working on this diff.
Test Plan: Added a browser test for searching date in the filter menu.
Reviewers: paulfitz
Reviewed By: paulfitz
Subscribers: paulfitz
Differential Revision: https://phab.getgrist.com/D2762
Summary: this adds constants for user access roles, to facilitate autocomplete.
Test Plan: updated tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2761
Summary:
* Adds a `SELF_HYPERLINK()` python function, with optional keyword arguments to set a label, the page, and link parameters.
* Adds a `UUID()` python function, since using python's uuid.uuidv4 hits a problem accessing /dev/urandom in the sandbox. UUID makes no particular quality claims since it doesn't use an audited implementation. A difficult to guess code is convenient for some use cases that `SELF_HYPERLINK()` enables.
The canonical URL for a document is mutable, but older versions generally forward. So for implementation simplicity the document url is passed it on sandbox creation and remains fixed throughout the lifetime of the sandbox. This could and should be improved in future.
The URL is passed into the sandbox as a `DOC_URL` environment variable.
The code for creating the URL is factored out of `Notifier.ts`. Since the url is a function of the organization as well as the document, some rejiggering is needed to make that information available to DocManager.
On document imports, the new document is registered in the database slightly earlier now, in order to keep the procedure for constructing the URL in different starting conditions more homogeneous.
Test Plan: updated test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2759
Summary:
- Update styling of label, id, and "derived ID from label" checkbox.
- Implement a label which shows 'Data Column' vs 'Formula Column' vs 'Empty Column',
and a dropdown with column actions (such as Clear/Convert)
- Implement new formula display in the side-panel, and open the standard
FormulaEditor when clicked.
- Remove old FieldConfigTab, of which now very little would be used.
- Fix up remaining code that relied on it (RefSelect)
Test Plan: Fixed old tests, added new browser cases, and a case for a new helper function.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2757
Summary:
- Makes search input alway visible
- Gives search input focus on open
- Adds `Future Values` Checkbox
- Show `All Shown` `All Excpet` when values are filtered
- Show `Others` instead of `Future Values` when values are filtered
- Escape close search input
- Enter does the same as `All Shown` when filtering values
Test Plan:
- Updated existing projects and nbrowser test
- Adds new projects test
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2753
Summary:
- Switch code that compares user strings to use localeCompare() based on Intl.Collator.
- Use en-US locale for now. (Ideally should be a document property.)
- Note that with this change, sorting is also becoming case-insensitive (which
seems an improvement)
- Updated a sorted test fixture
- Updated a browser test with lots of unicode to expect different order.
- Added a bit of unicode to test ordering in Reference autocomplete dropdown.
Test Plan: Fixed / updated tests
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2758
Summary:
a script I used when preparing access rule documentation.
Committing it since the feature in still in beta, so keeping the
script around may save some time, even if it rusts quickly.
I didn't invest time in cleaning it up.
Test Plan: manual
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2756
Summary:
This particular combination of features is not built out - data will be
censored but changes to data will not. So the user will now get an error
if they try to do it. Existing rules of this kind will continue to
operate as before, and can be set via the api.
Test Plan: added test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2751
Summary: This was the only occurrence of the unicode() function that I could find.
Test Plan: Added a doctest case.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2750
Summary:
- When in View-As mode, clicking the Access Rules page now shows a tooltip
with a link to return to normal mode and open the Access Rules page.
- A "revert" button is shown next to the item with the same behavior.
- Implemented hoverTooltip() with various options. (It will have other uses.)
- Simplify creation of links based on UrlState:
- Allow merging with previous urlState using a function
- Add a helper function to merge in aclAsUser parameter.
- Add setHref() method to UrlState
Test Plan:
Added test cases:
- for tooltips generally in test/projects
- for updating UrlState using a callback
- for Access Rules tooltip and button behavior
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2749
Summary:
- reuses the textInput form the editableLabel module
- adds a isValidHex utility function to gutil
Test Plan: - Adds test to the project test
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2744
Summary: This fixes a bug where one client's access control limits could remove data from others via a cache.
Test Plan: added test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2748
Summary:
- No longer convert data columns to formula by typing a leading "=". Instead,
show a tooltip with a link to click if the conversion was intended.
- No longer convert a formula column to data by deleting its formula. Leave the
column empty instead.
- Offer the option "Convert formula to data" in column menu for formulas.
- Offer the option to "Clear column"
- If a subset of rows is shown, offer "Clear values" and "Clear entire column".
- Add logic to detect when a view shows a subset of all rows.
- Factor out showTooltip() from showTransientTooltip().
- Add a bunch of test cases to cover various combinations (there are small
variations in options depending on whether all rows are shown, on whether
multiple columns are selected, and whether columns include data columns).
Test Plan: Added a bunch of test cases.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2746
Test Plan: Added a test case that fails without the fix.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2747
Summary:
Previously, it was forbidden to have two rule sets with overlapping columns,
since that could introduce an dependency on order of evaluation without
the user having a way to control that order. This diff permits such rule sets
if the are compatible in a very simple way -- all allows or all denies.
Anything more complicated (even if actually order independent) remains forbidden.
Test Plan: added tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2745
Summary:
Now as the user an owner might choose to view their document as
is likely to not have access to rules, it is better to start
viewing on the default document page rather than /p/acl.
The "Access Rules" link is grayed out when in "view as" mode for
now (improvements are planned).
Test Plan: updated test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2743
Summary:
Previously, if some columns are allowed and the rest are denied,
the client could see unnecessary blank columns. This diff cleans
up column metadata censorship. It also adds a small tweak to
retain the `manualSort` column when filtering columns for a mixed
access table.
Test Plan: added tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2742
Summary:
- Fix transparency support on color select
- Fix z-index conflicts with color select and right panel
- Makes widget's default text color visible to color select
Test Plan: - Updates nbrowser/CellColor and browser/Widget.test to support new interface. Should not cause regression.
Reviewers: paulfitz, dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2735
Summary:
- Support schema changes in the presence of non-trivial ACL rules.
- Fix update of `aclFormulaParsed` when updating formulas automatically after schema change.
- Filter private metadata in broadcasts, not just fetches. Censorship method is unchanged, just refactored.
- Allow only owners to change ACL rules.
- Force reloads if rules are changed.
- Track rule changes within bundle, for clarity during schema changes - tableId and colId changes create a muddle otherwise.
- Show or forbid pages dynamically depending on user's access to its sections. Logic unchanged, just no longer requires reload.
- Fix calculation of pre-existing rows touched by a bundle, in the presence of schema changes.
- Gray out acl page for non-owners.
Test Plan: added tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2734
Summary:
- Adjust ExampleCard css to fit on x-small screens, including its close button,
so that it may be closed.
- In TopBar on small screens, hide Notifications button and default action for
Share; adjust spacing.
- Add overflow: hidden to PagePanels, to make sure it doesn't slide off of
visible area.
Test Plan: Tested on iOS.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2741
Summary:
- Make unsupported browser warning into an unobtrusive one-liner, similar in
style to notifications.
- Move browser warning details into a support page, linked from "Learn more" link.
- Show different mobile and desktop warnings.
- Once dismissed, remember dismissal for a year rather than just for the session.
- Turn the Sign-In button (for anon users) into a menu (for the sake of exposing
the Toggle Mobile Mode option)
- Improve styling of HomeIntro screens when on small screen.
- Flip the default for setting mobile viewport to true
Test Plan: Added minor unittest for localStorageBoolObs; fixed other affected tests.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2738
Summary:
- The error appeared recently, due to more frequent resize calls (added for mobile)
- In fact, charts' own resize logic can now be simplified.
Test Plan: Added a test case (which fails without the fix)
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2739
Summary:
Previous diff (https://phab.getgrist.com/D2736) broke a test, which I assumed
was unrelated, but should have checked.
In fact, a few tests were changed to pass with the changed default color
(although no such change was planned). This diff reverts those changes, and
reverts also the change to error cells, so that their text is also black again.
Test Plan: Checked affected tests.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2737
Summary:
Diff https://phab.getgrist.com/D2720 inadvertently changed the default color of
text in cells from black to #333 (inherited from bootstrap's default for
<body>). This change reverts the default back to black.
Test Plan: Checked manually.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2736
Summary:
Component is implemented as a grainjs ui component and can be tested using `yarn serve-projects`.
This diff does not bring color select to Grist just yet.
Follow up:
- Make it possible to set a custom color by typing hex value directly in.
- Disable the button while save call is pending.
Test Plan:
- Adds a project test
Reviewers: paulfitz
Reviewed By: paulfitz
Subscribers: dsagal
Differential Revision: https://phab.getgrist.com/D2733
Summary:
With this change, if a comment is added to an ACL formula, then that comment will be offered to the user if access is denied and that rule could potentially have granted access.
The code is factored so that when access is permitted, or when partially visible tables are being filtered, there is little overhead. Comments are gathered only when an explicit denial of access.
Test Plan: added tests, updated tests
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2730
Summary:
This updates the logic for skipping unchanged rows to take removed
rows into account.
Test Plan: added test
Reviewers: dsagal
Reviewed By: dsagal
Differential Revision: https://phab.getgrist.com/D2732
Summary:
CSS differences for small-screen may get applied when printing. Most such
differences are for elements that get hidden for printing anyway. For
collapsing view sections, it's important not to apply small-screen CSS for
printing.
Test Plan: Tested manually on Chrome and Firefox.
Reviewers: paulfitz
Reviewed By: paulfitz
Differential Revision: https://phab.getgrist.com/D2731