gristlabs_grist-core/app/client
Alex Hall 225a76c9cb (core) Don't throw error in onRecord(s) for insufficient access for includeColumns
Summary:
This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems:

1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level.
2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun.

Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK.

Test Plan: Updated nbrowser test

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Differential Revision: https://phab.getgrist.com/D4145
2023-12-30 10:16:40 +02:00
..
aclui (core) Avoid reporting unhelpful ResizeObserver error 2023-10-27 15:26:20 -04:00
components (core) Don't throw error in onRecord(s) for insufficient access for includeColumns 2023-12-30 10:16:40 +02:00
lib (core) Forms feature 2023-12-20 13:23:12 +01:00
models (core) Forms feature 2023-12-20 13:23:12 +01:00
ui (core) API console 2023-12-27 22:02:30 +02:00
ui2018 (core) Forms feature 2023-12-20 13:23:12 +01:00
widgets (core) Allow adding rows to widgets filtered by a link using a formula column 2023-12-18 20:28:41 +02:00
app.css (core) Polish tutorial popups 2023-04-20 12:20:03 -04:00
app.js (core) i18 2022-09-29 18:02:09 +02:00
billingMain.ts (core) Add basic activation page to grist-ee 2022-08-23 10:30:52 -07:00
browserCheck.ts (core) On mobile, only show a warning for older and unknown browsers rather than for all 2023-06-01 11:15:21 -04:00
declarations.d.ts (core) Polish new Add Column menu 2023-10-17 15:39:53 -04:00
DefaultHooks.ts add hooks for tweaking how downloads happen (for grist-static) (#665) 2023-09-09 14:50:32 -04:00
errorMain.ts
exposeModulesForTests.js support other SQLite wrappers, and various hooks needed by grist-static (#516) 2023-05-23 15:17:28 -04:00
Hooks.ts support other SQLite wrappers, and various hooks needed by grist-static (#516) 2023-05-23 15:17:28 -04:00
logo.css
tsconfig.json (core) Migrate to SRP and add change password dialog 2022-03-16 21:35:06 -07:00