Commit Graph

978 Commits

Author SHA1 Message Date
Cyprien P
e3a957a715 (core) Fixes persistence of the aclAsUser_ parameters across navigation
Summary:
  - The parameter was inadvertently removed by userOverrideParams().
  - when passed a function to `urlState().setHref(...)` or `urlState().makeUrl(...)` it is important that the function does not mutate the state that it receives as argument.

Link to the related task: https://gristlabs.getgrist.com/doc/check-ins/p/5#a1.s9.r791.c19

Test Plan: Adds test of the persistence by slightly modifying existing nbrowser/AccessRules2 tests.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D2820
2021-05-19 09:51:38 +02:00
Dmitry S
8c2f0307e5 (core) Preserve configured choices when converting between Choice and ChoiceList types.
Summary:
For conversions between Choice and ChoiceList, it makes more sense to preserve
the list of choices than to re-parse it from data.

Reported by Anais. Creating Choices from parsing ChoiceList cell values was
particularly poor, resulting in choices like "L,Foo,Bar".

Test Plan: Added a test case

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2819
2021-05-18 09:59:20 -04:00
Jarosław Sadziński
5f182841b9 (core) Document keeps track of latest cursor position and latest editor value and is able to restore them when it is reloaded.
Summary: Grist document, when reloaded, is able to restore the latest cursor position and the editor state.

Test Plan: Browser test were created.

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D2808
2021-05-18 10:36:59 +02:00
Paul Fitzpatrick
f5e3a0a94d (core) updates from grist-core 2021-05-15 16:44:56 -04:00
Paul Fitzpatrick
8c733dd5f1
Merge pull request #22 from combinatorist/patch-1
typo in intro
2021-05-15 16:44:08 -04:00
Timothy John Perisho Eccleston
af2d8c56b0
typo in intro 2021-05-15 11:12:36 -05:00
Jarosław Sadziński
2c93eafa44 (core) Null or undefined value on the Integer / Numeric cell
Summary: Text editor for Integer and Numeric column was showing null or undefined when the underlying value was null.

Test Plan: Browser test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2817
2021-05-14 21:41:37 +02:00
Paul Fitzpatrick
15723d1300 (core) check for +S bit early for changes that include formulas
Summary:
Currently, to compute intermediate steps in a bundle, the bundle
is sent to the data engine to process.  Then, if the intermediate
steps break a rule, it is reverted.  One problem introduced by
checking permissions this late is that the data engine can be
exposed for formulas with python code by users who don't have the
right to change formulas.  This diff pre-checks cases that change
formulas.

Test Plan: added a test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2816
2021-05-14 09:18:05 -04:00
Dmitry S
dee487684e (core) Show invalid columns as an error when entering rules
Summary:
Auto-complete helps enter correct column names, and when incorrect ones are
entered, we now show an error and prevent saving the rules.

In an unrelated tweak, fix focusing of ACLFormula when clicking into scroll area.

Test Plan: Added a test case for showing invalid columns

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2815
2021-05-13 11:52:10 -04:00
Paul Fitzpatrick
3a0ec7b103 (core) be less fussy about rec/newRec distinction for creates/deletions
Summary: For row creations and deletions, treat `rec` and `newRec` variables as identical. This simplifies writing a single rule that controls multiple permissions.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2812
2021-05-13 08:54:49 -04:00
Paul Fitzpatrick
6d2e8378cd (core) fix some tests for node v14
Test Plan: existing tests pass

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2814
2021-05-12 22:49:53 -04:00
Dmitry S
28cb64f1f7 (core) Fix JS error when scrolling with a column of hyperlinks, and use stricter types.
Summary:
When scrolling quicly through a column with hyperlinks, null could be passed to
a function that didn't expect it. Added better types would help catch it.

Test Plan: Tested manually

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2813
2021-05-12 17:31:56 -04:00
Paul Fitzpatrick
d0d3d3d0c9 (core) discount indirect changes for access control purposes
Summary:
This diff discounts indirect changes for access control purposes.  A UserAction that updates a cell A, which in turn causes changes in other dependent cells, will be considered a change to cell A for access control purposes.

The `engine.apply_user_actions` method now returns a `direct` array, with a boolean for each `stored` action, set to `true` if the action is attributed to the user or `false` if it is attributed to the engine.  `GranularAccess` ignores actions attributed to the engine when checking for edit rights.

Subtleties:
 * Removal of references to a removed row are considered direct changes.
 * Doesn't play well with undos as yet.  An action that indirectly modifies a cell the user doesn't have rights to may succeed, but it will not be reversible.

Test Plan: added tests, updated tests

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2806
2021-05-12 11:26:21 -04:00
Dmitry S
8d62a857e1 (core) Add ChoiceList type, cell widget, and editor widget.
Summary:
- Adds a new ChoiceList type, and widgets to view and edit it.
- Store in SQLite as a JSON string
- Support conversions between ChoiceList and other types

Test Plan: Added browser tests, and a test for how these values are stored

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2803
2021-05-12 10:38:32 -04:00
Paul Fitzpatrick
e55fba24e7 (core) fix up newRec when column names change; autocomplete after newRec
Summary: This treats newRec in the same way as rec in access formulas.

Test Plan: updated test for column renames; autocomplete checked manually.

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2810
2021-05-12 08:29:39 -04:00
Paul Fitzpatrick
37521a3612 (core) switch grist-core docker image to use node v14
Summary: As practice for upgrading node in regular grist images, this upgrades the grist-core image to v14.

Test Plan: manual

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2807
2021-05-10 15:23:45 -04:00
Cyprien P
9a6369a4ff (core) remove the sort&filter save button on readonly mode
Summary: Saving sort or filter is not permitted in readonly mode. Hence we remove the button. The diff adds a new unit to

Test Plan: Adds test for behaviour to `nbrowser/ReadOnlyMode`. Also adds tests for other Save buttons related to sort & filter that should be disabled.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2804
2021-05-07 18:08:05 +02:00
Cyprien P
8056bb0069 (core) close sort&filter menu when clicking Save/Revert buttons
Summary:
- close sort&filter menu when clicking Save/Revert buttons
- also closes when clicking Apply/Cancel from a nested filter menu

Test Plan:
 - updated existing test to match new spec
 - added new test to cover new behaviour

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2799
2021-05-06 18:19:16 +02:00
Cyprien P
570baa95a5 (core) change filtering section of the sort&Filter side panel to match newui style
Summary: - Combination of styling of what's in the dropdown and what's in the sort config

Test Plan: adds new nbrowser test

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2798
2021-05-05 15:05:13 +02:00
Cyprien P
a9d021af18 (core) fixes hanging Save/Revert tooltips
Summary:
 - Clicking quickly on the small save/revert button was caussing the
 tooltip to stay around.
    - But if user waited a little bit before clicking the save button,
 the tooltip was shown, and then properly removed when the button was removed.

 - Code was missing propertly handling of disposal before the tooltip
   were shown.

Test Plan: Added test case to the projects/tooltip.ts tests

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2797
2021-05-04 15:18:01 +02:00
Dmitry S
18268d7838 (core) Add a Plus button below a rule set when there is no default rule
Summary:
- If you type into the "Everyone" / "Everyone Else" rule, and it stops being
  the default rule, there will now be an extra row with a "+" button to add a
  new default rule
- Switch to ACE-supported auto-resizing (for better scrollbars handling)
- Tweak ACE padding styles for better-looking scrolling.

Test Plan: Added a test case for the extra "+" button.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2796
2021-05-03 17:34:25 -04:00
Dmitry S
2f26f140c8 (core) Add our very own implementation of tokenfield (aka pillbox, tag list)
Summary:
- Supports auto-completion
- Supports various keyboard interactions to delete/select/copy-paste tokens
- Supports various mouse interactions to select and move tokens.
- Supports undo/redo while editing tokens.

Test Plan: stand-alone fixture and browser test verify the supported behaviors

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2789
2021-05-03 17:16:24 -04:00
Cyprien P
5baae7437a (core) split sort and filter menu into its own button
Summary:
  - New sort and filter button has several states
     - Empty / unsaved / saved
     - offers small save/revert button when unsaved

  - Fix little issue with hanging tooltip when the refElem is disposed.
    - The problem was that if you hover the save (or revert) button
      and then click the button, it causes the button to disappear,
      but the tooltip was staying.

Test Plan: Updated all tests to match the new UI.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: dsagal, paulfitz

Differential Revision: https://phab.getgrist.com/D2795
2021-05-03 09:13:28 +02:00
Jarosław Sadziński
8f008d8de2 (core) Select all functionality by clicking the upper left margin corner
Summary: Select all functionality by clicking the upper left margin corner

Test Plan: Browser test created

Reviewers: dsagal, paulfitz

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2793
2021-04-29 20:56:25 +02:00
Paul Fitzpatrick
0e22716761 (core) uncheck FullCopy special when copying/forking a document
Summary:
When a document has an exception to allow copies,
unset that option on any copies of the document.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2794
2021-04-29 08:56:54 -04:00
Paul Fitzpatrick
729774552f (core) make sure Calculate action has full access
Summary:
Exceptional document operations (particularly `system` and `nascent`
operations) should never be denied by a granular access rule.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2792
2021-04-29 08:48:07 -04:00
Cyprien P
2823727da1 (core) add + button to the filter section of the section menu
Test Plan: adds new browser tests

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D2781
2021-04-28 21:51:03 +02:00
Paul Fitzpatrick
9696e24aac (core) always allow owners to edit access rules, so they don't get stuck
Summary: Access to structural tables currently depends on SchemaEdit permission.  We now make an exception for owner access to _grist_ACLResources and _grist_ACLRules, giving them unconditional access.  It was too easy for owners to lock themselves out of editing access rules.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2790
2021-04-28 10:17:36 -04:00
Dmitry S
fd73831b39 (core) Move report-why-tests-hang helper to core
Summary:
This helps forcibly end mocha tests when they hang, and print out
something that may help debug the situation.

Also add the generated static/bundle.css file to core/.gitignore.

Also, avoid using npm-packages-offline-cache when building core, by avoiding use of .yarnrc which turns it on.

Test Plan: Tested manually

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2788
2021-04-26 23:52:16 -04:00
Dmitry S
526b0ad33e (core) Configure more comprehensive eslint rules for Typescript
Summary:
- Update rules to be more like we've had with tslint
- Switch tsserver plugin to eslint (tsserver makes for a much faster way to lint in editors)
- Apply suggested auto-fixes
- Fix all lint errors and warnings in core/, app/, test/

Test Plan: Some behavior may change subtly (e.g. added missing awaits), relying on existing tests to catch problems.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2785
2021-04-26 18:54:55 -04:00
Paul Fitzpatrick
91fdef58ac (core) fix autocomplete of LinkKey
Summary:
update user.Link to user.LinkKey in autocomplete.
This was a late change on the backend.

Test Plan: checked manually

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2787
2021-04-26 12:53:44 -04:00
Paul Fitzpatrick
dcc4354da6 (core) log user attribution in absence of client
Summary:
attribute ActiveDoc log messages to users regardless of whether
they were triggered via a client or directly via api

Test Plan: log messages checked manually

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2786
2021-04-26 09:11:21 -04:00
Paul Fitzpatrick
47ea00dea3 (core) add user and docId to heartbeat logging
Summary: add user and docId to heartbeat logging

Test Plan: checked manually

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2784
2021-04-23 17:33:06 -04:00
Paul Fitzpatrick
ee3a8a2b85 (core) streamline mixedColumns case of granular access control
Summary:
This removes some unintentional repetition of work when there are
no row-level rules (there was a missing `return`).

Test Plan: existing tests pass

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2782
2021-04-23 16:14:34 -04:00
Dmitry S
65a722501d (core) Show count of formula errors in the column config in the right-side panel.
Summary:
- Cache the count by column, factoring out ColumnCache from
  ColumnACIndexes, which uses a similar pattern.
- Update error counts in response to column selection and to data changes.

Test Plan: Adds a test case for the new message

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2780
2021-04-20 21:26:17 -04:00
Cyprien P
5479159960 (core) add + button to the filter bar
Summary:
 - Adds a + button to the filter. Button triggers a menu that allow to
add one of the column that does not already have a filter set.

Caveats:
 - for now menu only allows to choose from visible column.
 - This diff introduces a slight change of behavior of how filter works:
     - Filter used to be automatically removed when user set them to all
inclusive (ie: by clicking the `All` button).
     - With this diff, it is no longer the case.
     - indeed, when filter are added to the filter bar with the `+` btn they are initially in the `all inclusive` state, hence would have been removed with the above mention behaviour.

Test Plan: Added new test to nbrowser/FilterBar

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2776
2021-04-20 19:46:44 +02:00
Cyprien P
8a26550312 (core) Fix issue when using Other Values with many rows
Summary:
Fix an error that used to happen on Chrome: `RangeError: Maximum call stack size
exceeded`. Happened when clicking the `Other Values` checkbox when
filtering a large table. Turns out culprit was a function call that
was using a spread operator to pass a large number of argument to a
function.

Spread operator for passing multiple argument must not be used with
too many arguments. Otherwise it could hit the engine's argument
length limit. That limit varies across browser (webkit's
javascriptcore engine has argument limit of 65536).

Some interesting description of the limit can be found here:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/apply#using_apply_and_built-in_functions

In order to get the fix fast, implementing a proper test for it is left for a follow-up commit.

Test Plan:
 - Manually tested on Chrome/FF

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D2779
2021-04-20 15:15:18 +02:00
Paul Fitzpatrick
2dfa427d63 (core) support subscriptions to a doc with row-dependent column read permissions
Summary: This addresses a weakness in the following case: rules controlling view access for a column, with a dependency on the values of other columns. We had disabled support for such rules, since the existing implementation worked only on table loads and not on broadcast changes. This diff adds in logic to enrich broadcasts as needed, and allows such rules.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2774
2021-04-16 14:42:34 -04:00
Paul Fitzpatrick
35303fad21 (core) disentangle row and metadata steps in granular access calculations
Summary:
When adding robustness to schema changes to granular access control,
a calculation of intermediate row states that was previously done
semi-intelligently on need started happening less intelligently.
This diff separates out the row state calculations from metadata
state calculations so that one can happen without the other.

Test Plan: extended a test.  Also did some manual checks.

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2773
2021-04-16 08:28:51 -04:00
Paul Fitzpatrick
d64461cd81 (core) optimization: remove lodash/pullAt
Summary:
For a long array with removals proportional to that length,
lodash/pullAt becomes slow due to doing one splice per removal.
This diff swaps in an alternate implementation that doesn't become
quadratic.  On a 250k-row doc with a row-level access rule, this improves
initial page load for a viewer with access to half the rows from minutes
to seconds.

Test Plan: added test; did manual benchmarking

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2777
2021-04-15 21:18:47 -04:00
Paul Fitzpatrick
bc0d6605a1 (core) close a hole in bundle cleanup for granular access control
Summary:
A client hit a situation where a granular access control "bundle"
was not closed, leaving the document locked until reset.  I don't
yet have a replication.  This diff is a possible mitigation,
trusting various methods less.

Test Plan: existing tests pass

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2775
2021-04-15 18:00:19 -04:00
Cyprien P
2b1b586ecd (core) add new filter bar
Summary:
 - add new filterBar option to views section
 - add toggle to the section menu
 - add filter bar
   - shows Save/Revert btn when unsaved change
   - shows all filered fields witch edit and delete buttons

Test Plan: Add new FilterBar nbrowser test

Reviewers: paulfitz, dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2769
2021-04-15 20:29:00 +02:00
Paul Fitzpatrick
9e8e895abd (core) fix filters with many values when querying directly from db
Summary:
This fixes DocStorage.fetchQuery when the number of parameters
exceeds the maximum that can be passed directly to sqlite.
In this case, parameters are now stored and used from a temporary
table.

Problem first noticed via a use of DocStorage.fetchQuery by
granular access controls.  Access control should be optimized
to make fewer such queries, but that is a separate issue.

Test Plan: added tests

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2772
2021-04-14 12:44:02 -04:00
Paul Fitzpatrick
45141ed438 (core) add CI github action for grist-core
Summary:
Activate CI for grist-core using github actions.  Can be improved
with caching but starting simple.

Test Plan: tested in a fork of grist-core

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2771
2021-04-12 17:17:17 -04:00
Paul Fitzpatrick
9f234b758d (core) freshen grist-core build
Summary:
 * adds a smoke test to grist-core
 * fixes a problem with highlight.js failing to load correctly
 * skips survey for default user
 * freshens docker build

Utility files in test/nbrowser are moved to core/test/nbrowser, so that gristUtils are available there. This increased the apparent size of the diff as "./" import paths needed replacing with "test/nbrowser/" paths. The utility files are untouched, except for the code to start a server - it now has a small grist-core specific conditional in it.

Test Plan: adds test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2768
2021-04-03 09:41:06 -04:00
Cyprien P
351a717e6d (core) Adds limitShown option to ColumnFilterMenu, defaults to 500
Summary:
  -   Allows ColumnFilter to add/delete keys by batch
  -   Add options limitShown to ColumnFilterMenu
  -   Add summary checkboxes Other Matching/Other Non-Matching/Other Values
  -   Adds missing type to chai declaration

Test Plan:
 -  Adds project test to new file projects/ColumnFilterMenu2
 -  Adds nbrowser test to new file nbrowser/ColumnFilterMenu

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2763
2021-03-29 09:30:13 +02:00
Dmitry S
1a5bacc807 (core) Disallow the combination of Public Edit access and granular ACLs.
Summary:
- When Public Edit access is enabled, Access Rules page shows a warning and
  prevents saving rules.
- When any ACL rules are present, attempts to set Public access to Editor role
  get downgraded to Viewer role, with a warning notification.
- No checks are made on the server side, so the combination may be achieved via
  the API (but we may block it in the future).

Test Plan: Added a test case.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2767
2021-03-26 09:59:41 -04:00
Dmitry S
8c2bea0f73 (core) Remove the aclUI=1 flag and add 'BETA' tag to the Access Rules page name.
Summary:
- Remove support for aclUI=1 URL parameter, making it the default.
- Add 'BETA' tag to the Access Rules link in side panel.
- Remove all mentions of aclUI=1 in tests.

Test Plan: Updated tests should pass

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2766
2021-03-25 18:10:00 -04:00
Paul Fitzpatrick
9d1bc5a518 (core) make AccessRules and FullCopies effective
Summary:
This allows `*SPECIAL:AccessRules` to give read access to the access rules to more users, and `*SPECIAL:FullCopies` to grant download/copy rights to more users.

This diff also changes forks to be owned by the user who forked them (previously they were an editor), since that feels more natural.

Test Plan: Added and updated tests.

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2760
2021-03-25 15:05:26 -04:00
Dmitry S
e14488bcc8 (core) Add support for special ACL rules, for viewing rules and downloading documents.
Summary:
- Use special ACLResources of the form "*SPECIAL:<RuleType>" to represent
  special document-wide rules.
- Include default rules that give Read access to these resources to Owners only.
- Add UI with a checkbox to give access to everyone instead.
- Allow expanding the UI for advanced configuration.

- These rules don't actually have any behavior yet.

Test Plan: WIP

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2764
2021-03-25 10:28:05 -04:00