Commit Graph

2520 Commits

Author SHA1 Message Date
Paul Fitzpatrick
2a206dfcf8 (core) add initial support for special shares
Summary:
This gives a mechanism for controlling access control within a document that is distinct from (though implemented with the same machinery as) granular access rules.

It was hard to find a good way to insert this that didn't dissolve in a soup of complications, so here's what I went with:
 * When reading rules, if there are shares, extra rules are added.
 * If there are shares, all rules are made conditional on a "ShareRef" user property.
 * "ShareRef" is null when a doc is accessed in normal way, and the row id of a share when accessed via a share.

There's no UI for controlling shares (George is working on it for forms), but you can do it by editing a `_grist_Shares` table in a document. Suppose you make a fresh document with a single page/table/widget, then to create an empty share you can do:

```
gristDocPageModel.gristDoc.get().docData.sendAction(['AddRecord', '_grist_Shares', null, {linkId: 'xyz', options: '{"publish": true}'}])
```

If you look at the home db now there should be something in the `shares` table:

```
$ sqlite3 -table landing.db "select * from shares"
+----+------------------------+------------------------+--------------+---------+
| id |          key           |         doc_id         |   link_id    | options |
+----+------------------------+------------------------+--------------+---------+
| 1  | gSL4g38PsyautLHnjmXh2K | 4qYuace1xP2CTcPunFdtan | xyz | ...      |
+----+------------------------+------------------------+--------------+---------+
```

If you take the key from that (gSL4g38PsyautLHnjmXh2K in this case) and replace the document's urlId in its URL with `s.<key>` (in this case `s.gSL4g38PsyautLHnjmXh2K` then you can use the regular document landing page (it will be quite blank initially) or API endpoint via the share.

E.g. for me `http://localhost:8080/o/docs/s0gSL4g38PsyautLHnjmXh2K/share-inter-3` accesses the doc.

To actually share some material - useful commands:

```
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Views_section').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Views_section', 1, {shareOptions: '{"publish": true, "form": true}'}])
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Pages').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Pages', 1, {shareRef: 1}])
```

For a share to be effective, at least one page needs to have its shareRef set to the rowId of the share, and at least one widget on one of those pages needs to have its shareOptions set to {"publish": "true", "form": "true"} (meaning turn on sharing, and include form sharing), and the share itself needs {"publish": true} on its options.

I think special shares are kind of incompatible with public sharing, since by their nature (allowing access to all endpoints) they easily expose the docId, and changing that would be hard.

Test Plan: tests added

Reviewers: dsagal, georgegevoian

Reviewed By: dsagal, georgegevoian

Subscribers: jarek, dsagal

Differential Revision: https://phab.getgrist.com/D4144
2024-01-04 05:57:38 -05:00
Alexandru-Ionut Chiuta
8fe3c27dd2
Translated using Weblate (Romanian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2024-01-03 23:10:07 +01:00
Franček Prijatelj
3bfc40159b
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2024-01-03 23:10:07 +01:00
Riccardo Polignieri
eec684760c
Translated using Weblate (Italian)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/it/
2024-01-03 23:10:07 +01:00
gallegonovato
b6d65dcfd0
Translated using Weblate (Spanish)
Currently translated at 100.0% (1023 of 1023 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-01-03 23:10:07 +01:00
Florent
97df12c34d
Change error message on documents for non-owner users (#790)
The error can often be fixed by just reloading the document with no need
to worry the document owners

For example, when the error message is: "interrupted by reconnect"

Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-01-03 16:38:51 -05:00
jyio
ba14a1bea7
OIDC: Support overriding end_session_endpoint using environment variable GRIST_OIDC_IDP_END_SESSION_ENDPOINT (#802)
Support overriding `end_session_endpoint` using environment variable `GRIST_OIDC_IDP_END_SESSION_ENDPOINT`
2024-01-03 15:49:32 -05:00
Florent
837597cd55
Fix deadlock with webhooks on document load #799 (#812) 2024-01-03 21:47:53 +02:00
Florent
6722512d96
Completely ignored disabled webhooks (#800) 2024-01-03 20:06:38 +02:00
Paul Fitzpatrick
4378ec24d8
v1.1.10 2024-01-03 07:57:53 -05:00
github-actions[bot]
4bfc1b1eac
automated update to translation keys (#811)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-01-02 11:39:33 -05:00
Paul Fitzpatrick
f079d4b340 (core) updates from grist-core 2024-01-02 08:00:39 -05:00
Matěj Bláha
93b061bbc4
Translated using Weblate (Czech)
Currently translated at 10.4% (107 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/cs/
2024-01-01 12:06:48 +00:00
Alex Hall
225a76c9cb (core) Don't throw error in onRecord(s) for insufficient access for includeColumns
Summary:
This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems:

1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level.
2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun.

Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK.

Test Plan: Updated nbrowser test

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Differential Revision: https://phab.getgrist.com/D4145
2023-12-30 10:16:40 +02:00
Alex Hall
a2bd753649 (core) API console
Summary: Adds a custom interactive Swagger API console at `/apiconsole`. For now, this isn't visibly linked anywhere.

Test Plan: Manual, this is still an experimental and private feature. The idea is to merge this soon so that we have a chance to try it out in production.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4151
2023-12-27 22:02:30 +02:00
github-actions[bot]
16b6b01134
automated update to translation keys (#805)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2023-12-27 10:18:13 -05:00
Paul Fitzpatrick
e0d44eff1f
set TEST_CLEAN_DATABASE when running server tests (#806)
After adding a batch of new server tests, some interactions between
tests have shown up via a shared database. This sets an existing flag
for dealing with this problem, that is used during browser tests but
hadn't been needed before for server tests.
2023-12-27 09:56:59 -05:00
Paul Fitzpatrick
a5544b9b01 (core) updates from grist-core 2023-12-26 08:47:55 -05:00
Paul Fitzpatrick
145138b7e9 (core) move apiserver tests to core, disentangling notifier+billing parts
Summary:
This moves some more tests to core that would be useful for ANCT,
which had been stuck in grist-saas due to some entanglements with
sendgrid and billing. For sendgrid, I've moved around just enough
material to permit the tests to run mostly unchanged. Ideally
the interface to a notification system would be generalized, but
that's a bigger project.

Test Plan:
checked that tests are likely to run as expected
in core using preview laid out by ./buildtools/build_core.sh

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4149
2023-12-26 08:43:12 -05:00
Alexandru-Ionut Chiuta
ba69d2f415
Translated using Weblate (Romanian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-25 18:07:29 +01:00
Alexandru-Ionut Chiuta
1b05855a39
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2023-12-25 18:07:26 +01:00
Alexandru-Ionut Chiuta
4b40aa9c80
Translated using Weblate (Italian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/it/
2023-12-25 18:07:26 +01:00
Alexandru-Ionut Chiuta
5a4187cf2a
Translated using Weblate (Romanian)
Currently translated at 22.8% (233 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-24 08:07:08 +00:00
Paul Janzen
7b44e3d619
Translated using Weblate (German)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2023-12-23 04:07:00 +01:00
Paul Janzen
a6cec55a06
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt_BR/
2023-12-23 04:06:59 +01:00
Alexandru-Ionut Chiuta
65757854ea
Translated using Weblate (Romanian)
Currently translated at 22.7% (232 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-20 18:07:06 +01:00
gallegonovato
38372a7e34
Translated using Weblate (Spanish)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2023-12-20 18:07:05 +01:00
Camille L
91b79ac89a
Translated using Weblate (French)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/fr/
2023-12-20 18:07:05 +01:00
Dmitry S
7e57b8c7a7 (core) Remove empty keyboard shortcut for command that shouldn't have one
Test Plan: Tested manually that strange-looking shortcut line for "Detach active editor" is gone.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4148
2023-12-20 10:51:14 -05:00
Jarosław Sadziński
a424450cbe (core) Forms feature
Summary:
A new widget type Forms. For now hidden behind GRIST_EXPERIMENTAL_PLUGINS().
This diff contains all the core moving parts as a serves as a base to extend this functionality
further.

Test Plan: New test added

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4130
2023-12-20 13:23:12 +01:00
Jarosław Sadziński
337757d0ba (core) Fix for linking issue.
Summary:
If linking state changes multiple times frequently the code that simulates async operation is
wrongly debounced, which causes inverted order of execution. This fix makes sure that only the last
call to filter function is used.

Test Plan: Adding new test

Reviewers: alexmojaki

Reviewed By: alexmojaki

Subscribers: alexmojaki

Differential Revision: https://phab.getgrist.com/D4139
2023-12-20 12:57:41 +01:00
George Gevoian
af69a4c8f4 (core) Make Raw Data page more responsive
Summary:
With both panels expanded and a narrow viewport, the tables on the
Raw Data page would visibly overflow. This improves things so that
overflow is handled more gracefully.

Test Plan: Manual.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4147
2023-12-19 19:15:28 -05:00
ssantos
6260fe3e35
Translated using Weblate (Portuguese)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt/
2023-12-18 22:08:10 +01:00
Alex Hall
bd52665f96 (core) Allow adding rows to widgets filtered by a link using a formula column
Summary:
When a widget `A` is selected by a widget `B` so that `A` is filtered, adding a new row to `A` uses the values in the selected row of `B` and the columns relevant to the linking as default values for the new row. This ensures that the new row matches the current linking filter and remains visible. However this would previously cause a sandbox error when one of the linking columns was a formula column, which doesn't allow setting values. This diff ignores formula columns when picking default values.

Since the value of the formula column in the new row typically won't match the linking filter, extra measures are needed to avoid the new row immediately disappearing. Regular filters already have a mechanism for this, but I didn't manage to extend it to also work for linking. Thanks @dsagal for creating `UnionRowSource` (originally in D4017) which is now used as the solution for temporarily exempting rows from both kinds of filtering.

While testing, I also came across another bug in linking summary tables that caused incorrect filtering, which I fixed with some changes to `DynamicQuerySet`.

Test Plan: Extended an nbrowser test, which both tests for the main change as well as the secondary bugfix.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4135
2023-12-18 20:28:41 +02:00
Paul Fitzpatrick
b2a22619a0
update node version used for generating translation keys (#794)
We now use a package that relies on node >= 18.
2023-12-18 10:15:02 -05:00
Paul Fitzpatrick
2f0dbb7d25 (core) updates from grist-core 2023-12-18 09:28:35 -05:00
jyio
0fc3f80ff0
Rename endSessionEndpoint flag to skipEndSessionEndpoint (#793) 2023-12-17 15:10:10 -05:00
Franček Prijatelj
42966170a8
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1021 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2023-12-17 09:35:09 +01:00
Alexandru-Ionut Chiuta
13946f1b6c
Translated using Weblate (Romanian)
Currently translated at 20.0% (205 of 1021 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2023-12-16 12:10:48 +01:00
Florent
c7f060be7a
Force test:docker to run with English language (#788)
Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2023-12-15 07:43:54 -05:00
Alexandru-Ionut Chiuta
423ecea4e3
Added translation using Weblate (Romanian) 2023-12-15 10:35:13 +01:00
nbush
2668132b01
Update README.md (#792)
* Update README.md
- adding links to Discord and our forum
- adding link to Grist for Spreadsheet Users post
- other minor edits to make things cleaner
2023-12-14 16:00:50 -05:00
George Gevoian
cd4f5e5adb (core) Trigger email verification flow when needed
Summary:
When an unconfirmed user tries to sign in or reset their password, the email
verification flow is now automatically restarted. Prior to this change, an
unconfirmed user error was shown in the client.

Test Plan: Deployment tests.

Reviewers: paulfitz, dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4133
2023-12-13 09:18:41 -05:00
Jarosław Sadziński
1116f2d227 (core) Updating dependencies
Summary: Updating npm packages in preparation for forms feature

Test Plan: Existing

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4142
2023-12-12 20:05:24 +01:00
George Gevoian
6b1e98128a (core) Add visitorId to telemetry
Summary: The visitorId is added to telemetry events from Matomo's cookie, if present.

Test Plan: Manual.

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D4132
2023-12-11 11:16:23 -05:00
github-actions[bot]
a3161f6499
automated update to translation keys (#787)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2023-12-11 09:32:09 -05:00
Paul Fitzpatrick
1ccad9171e (core) updates from grist-core 2023-12-11 09:07:35 -05:00
George Gevoian
7e05284cf2 (core) Add shortcut for opening Record Card
Summary: Also adds tests for previously untested Record Card behavior.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4136
2023-12-08 11:32:45 -05:00
Jarosław Sadziński
d0318af39b (core) Fixing bug with hiding multiple columns
Summary:
Selection in GridView wasn't updated when fields were removed, and the selected
column index was out of bounds.

Test Plan: New test added

Reviewers: JakubSerafin

Reviewed By: JakubSerafin

Differential Revision: https://phab.getgrist.com/D4137
2023-12-08 10:20:43 +01:00
Franček Prijatelj
d28c993b86
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1015 of 1015 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2023-12-06 03:40:37 +01:00