gristlabs_grist-core/app
Alex Hall 887717bb15 (core) Decode cell values to prevent working around rule using 'in' on lists
Summary:
Fixes bug described in https://grist.slack.com/archives/C069RUP71/p1699643458649019

Decodes cell values obtained from `InfoView.get` when evaluating user-defined ACL formulas, i.e. the result of `rec.foo` in such a formula. In particular this is so that `rec.some_list` loses the leading `L` type code and behaves sensibly in an expression like `thing in rec.some_list`.

`InfoView.get` is called in many places, but for every usage I found other than here, leaving the cell values encoded was best.

Test Plan: Added two unit server tests. The first is for the main bug involving lists. The second checks the only other plausible way I could think of that this change affects behaviour, and it seems to be for the better since both tests failed before. Most operations involving non-primitive cell values don't do anything sensible with or without decoding, so behaviour shouldn't change meaningfully in those cases.

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4123
2023-12-04 23:34:08 +02:00
..
client Allow URLs with only a docID #768 (#771) 2023-11-29 15:13:29 -05:00
common Allow URLs with only a docID #768 (#771) 2023-11-29 15:13:29 -05:00
gen-server (core) For slowly reported telemetry, add breaks to give other processes a chance to run 2023-11-28 14:34:36 -05:00
plugin (core) support for bundling custom widgets with the Grist app 2023-10-27 17:00:10 -04:00
server (core) Decode cell values to prevent working around rule using 'in' on lists 2023-12-04 23:34:08 +02:00
tsconfig.json (core) move home server into core 2020-07-21 20:39:10 -04:00