mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
225a76c9cb
Summary: This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems: 1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level. 2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun. Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK. Test Plan: Updated nbrowser test Reviewers: georgegevoian, paulfitz Reviewed By: georgegevoian, paulfitz Differential Revision: https://phab.getgrist.com/D4145 |
||
---|---|---|
.. | ||
CustomSectionAPI-ti.ts | ||
CustomSectionAPI.ts | ||
DocApiTypes-ti.ts | ||
DocApiTypes.ts | ||
FileParserAPI-ti.ts | ||
FileParserAPI.ts | ||
grist-plugin-api.ts | ||
GristAPI-ti.ts | ||
GristAPI.ts | ||
GristData-ti.ts | ||
GristData.ts | ||
GristTable-ti.ts | ||
GristTable.ts | ||
gutil.ts | ||
ImportSourceAPI-ti.ts | ||
ImportSourceAPI.ts | ||
InternalImportSourceAPI-ti.ts | ||
InternalImportSourceAPI.ts | ||
objtypes.ts | ||
PluginManifest-ti.ts | ||
PluginManifest.ts | ||
README.md | ||
RenderOptions-ti.ts | ||
RenderOptions.ts | ||
StorageAPI-ti.ts | ||
StorageAPI.ts | ||
TableOperations.ts | ||
TableOperationsImpl.ts | ||
tsconfig.json | ||
TypeCheckers.ts | ||
WidgetAPI-ti.ts | ||
WidgetAPI.ts |
Methods here are available for use in Grist custom widgets.