Go to file
Paul Fitzpatrick 35e18cc0ad (core) fix bug where sharing doc with everyone@ as viewer made it unlisted for site viewers
Summary:
Shares of the same role (e.g. viewer) at different levels could interact for a resource (e.g. a doc) shared with everyone@, potentially blocking the listing of that resource. This diff removes the interaction.

The permission of a user on a resource is calculated by finding all acl rules that link that resource to a group to which the user belongs, or to a group that has a subgroup to which the user belongs, etc, and then bitwise-or-ing the permissions on the acl rules. A later wrinkle was to allow public sharing via special users. A still later wrinkle was to avoid listing resources if they were only shared with the special everyone@ user, while allowing access to them if user has their full link. That wrinkle had a bug, where if e.g. a doc were shared with everyone@ as a viewer, and the org the doc was in was shared with someone@ as a viewer, and the doc inherited the org permissions via a workspace, then that doc would end up not being listed.

The fix is straightforward enough, but needs different code for postgres and sqlite, and is a bit verbose because we unwrap subgroups to a few levels rather than doing recursion (which looks cleaner but was slower in benchmarks).

Test Plan: added test that fails without this fix

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D3095
2021-10-28 12:48:31 -04:00
.github/workflows (core) add CI github action for grist-core 2021-04-12 17:17:17 -04:00
app (core) fix bug where sharing doc with everyone@ as viewer made it unlisted for site viewers 2021-10-28 12:48:31 -04:00
bower_components (core) add Dockerfile for grist-core 2020-10-12 15:45:22 -04:00
buildtools (core) Extending default locale list 2021-09-24 15:10:13 +02:00
plugins/core (core) Move file import plugins into core/sandbox/grist 2021-08-09 18:37:14 +02:00
sandbox (core) Fix bug causing "unmarshallable object" error during conversion to ReferenceList. 2021-10-25 00:18:32 -04:00
static (core) Adding colors to toast notification 2021-10-05 10:19:25 +02:00
stubs/app (core) add a tool for deleting a user 2021-09-29 12:08:23 -04:00
test (core) ValueParser for Date columns 2021-10-26 13:03:19 +02:00
.dockerignore (core) freshen grist-core build 2021-04-03 09:41:06 -04:00
.gitignore (core) Move report-why-tests-hang helper to core 2021-04-26 23:52:16 -04:00
bin Initial config with a few files that build on client and server side. 2020-05-20 00:50:46 -04:00
Dockerfile (core) switch grist-core docker image to use node v14 2021-05-10 15:23:45 -04:00
LICENSE.txt (core) Add Apache-2.0 license to grist-core. 2020-08-06 10:59:48 -04:00
NOTICE.txt (core) lightly freshen the core readme, mentioning roadmap and forums etc. 2021-08-17 23:51:58 -04:00
ormconfig.js (core) move home server into core 2020-07-21 20:39:10 -04:00
package.json (core) Adding schema validation for records endpoint 2021-10-18 21:40:50 +02:00
README.md (core) lightly freshen the core readme, mentioning roadmap and forums etc. 2021-08-17 23:51:58 -04:00
tsconfig.json (core) freshen grist-core build 2021-04-03 09:41:06 -04:00
yarn.lock (core) open documents without blocking on data engine 2021-10-01 10:18:56 -04:00

Grist

Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database to organize your data and make you more productive.

⚠️ This repository is in a pre-release state. Its release will be announced when it has all the planned components, and a solid independent build and test set-up. Currently, stand-alone server functionality is present, along with a single-user web client.

This repository, grist-core, is maintained by Grist Labs. Our flagship product, available at getgrist.com, is built from the code you see here, combined with business-specific software designed to scale it to many users, handle billing, etc.

If you are looking to use Grist in the cloud, head on over to getgrist.com. If you are curious about where Grist is going heading, see our roadmap, drop a question in our forum, or browse our extensive documentation.

Opening and editing a Grist document locally

The easiest way to use Grist locally on your computer is with Docker. From a terminal, do:

docker pull gristlabs/grist
docker run -p 8484:8484 -it gristlabs/grist

Then visit http://localhost:8484 in your browser. You'll be able to create and edit documents, and to import documents downloaded from the https://docs.getgrist.com host. You'll also be able to use the Grist API.

To preserve your work across docker runs, provide a directory to save it in:

docker pull gristlabs/grist
docker run -p 8484:8484 -v $PWD/persist:/persist -it gristlabs/grist

Building from source

Here are the steps needed:

yarn install
yarn run build:prod
yarn run install:python
yarn start
# grist client available at http://localhost:8484
# grist api available at http://localhost:8484/api/

Then you can use the Grist client, or the API. You can view and edit Grist documents throught the client and the API. All imported/created documents will appear in the docs subdirectory. You cannot (yet) edit Grist documents in place on your file system.

Grist does not have a login system built in. To activate one, you can configure Grist to talk to an identity provider such as Auth0 using SAML. For running on your own computer, this isn't necessary, but it is important if you are self-hosting Grist for use by a team.

Why Open Source?

By opening its source code and offering an OSI-approved free license, Grist benefits its users:

  • Open Source Community. An active community is the main draw of open-source projects. Anyone can examine source code, and contribute bug fixes or even new features. This is a big deal for a general-purpose spreadsheet-like product, where there is a long tail of features vital to someone somewhere.
  • Increased Trust. Because anyone can examine the source code, “security by obscurity” is not an option. Vulnerabilities in the code can be found by others and reported before they can cause damage.
  • Independence. The published source code—and the product built from it—are available to you regardless of the fortunes of the Grist Labs business. Whatever happens to us, this repo or its forks can live on, so that you can continue to work on your data in Grist.
  • Price Flexibility. You can build Grist from source and use it for yourself all you want without paying us a cent. While you cant go wrong with our fully set-up and supported online service, some organizations may choose the do-it-yourself route and pay for their own server and maintenance, rather than a per-user price. DIY users are often the ones to develop new features, and can contribute them back to benefit all users of Grist.
  • Extensibility. For developers, having the source open makes it easier to build extensions (such as the experimental Custom Widget). You can more easily include Grist in your pipeline. And if a feature is missing, you can just take the source code and build on top of it!

License

This repository, grist-core, is released under the Apache License, Version 2.0, which is an OSI-approved free software license. See LICENSE.txt and NOTICE.txt for more information.