c879393a8e
Summary: This is a prototype for expanding the conditions that can be used in granular ACLs. When processing ACLs, the following variables (called "characteristics") are now available in conditions: * UserID * Email * Name * Access (owners, editors, viewers) The set of variables can be expanded by adding a "characteristic" clause. This is a clause which specifies: * A tableId * The name of an existing characteristic * A colId The effect of the clause is to expand the available characteristics with all the columns in the table, with values taken from the record where there is a match between the specified characteristic and the specified column. Existing clauses are generalized somewhat to demonstrate and test the use these variables. That isn't the main point of this diff though, and I propose to leave generalizing+systematizing those clauses for a future diff. Issues I'm not dealing with here: * How clauses combine. (The scope on GranularAccessRowClause is a hack to save me worrying about that yet). * The full set of matching methods we'll allow. * Refreshing row access in clients when the tables mentioned in characteristic tables change. * Full CRUD permission control. * Default rules (part of combination). * Reporting errors in access rules. That said, with this diff it is possible to e.g. assign a City to editors by their email address or name, and have only rows for those Cities be visible in their client. Ability to modify those rows, and remain updates about them, remains under incomplete control. Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2642 |
||
---|---|---|
app | ||
bower_components | ||
buildtools | ||
sandbox | ||
static | ||
stubs/app | ||
.dockerignore | ||
.gitignore | ||
bin | ||
Dockerfile | ||
LICENSE.txt | ||
NOTICE.txt | ||
ormconfig.js | ||
package.json | ||
README.md | ||
tsconfig.json | ||
yarn.lock |
Grist
Grist is a modern relational spreadsheet. It combine the flexibility of a spreadsheet with the robustness of a database to organize your data and make you more productive.
⚠️ This repository is in a pre-release state. Its release will be announced when it has all the planned components, and a solid independent build and test set-up. Currently, stand-alone server functionality is present. Release of our web client is planned, along with an extensive test suite.
This repository, grist-core, is maintained by Grist Labs. Our flagship product, available at https://www.getgrist.com, is built from the code you see here, combined with business-specific software designed to scale it to many users, handle billing, etc.
Why Open Source?
By opening its source code and offering an OSI-approved free license, Grist benefits its users:
- Open Source Community. An active community is the main draw of open-source projects. Anyone can examine source code, and contribute bug fixes or even new features. This is a big deal for a general-purpose spreadsheet-like product, where there is a long tail of features vital to someone somewhere.
- Increased Trust. Because anyone can examine the source code, “security by obscurity” is not an option. Vulnerabilities in the code can be found by others and reported before they can cause damage.
- Independence. The published source code—and the product built from it—are available to you regardless of the fortunes of the Grist Labs business. Whatever happens to us, this repo or its forks can live on, so that you can continue to work on your data in Grist.
- Price Flexibility. You can build Grist from source and use it for yourself all you want without paying us a cent. While you can’t go wrong with our fully set-up and supported online service, some organizations may choose the do-it-yourself route and pay for their own server and maintenance, rather than a per-user price. DIY users are often the ones to develop new features, and can contribute them back to benefit all users of Grist.
- Extensibility. For developers, having the source open makes it easier to build extensions (such as the experimental Custom Widget). You can more easily include Grist in your pipeline. And if a feature is missing, you can just take the source code and build on top of it!
How do I start?
For building from source, you can start with this:
npm install
npm run build:prod
npm run install:python
npm start
# unauthenticated grist api available at http://localhost:8484/api/
Then you can use the Grist API locally to work on a document. Currently you need
to "upload" a document to work with it. This makes a copy of it that the server
controls - you can find it in the data
directory:
curl -F 'upload=@YourDocument.grist' http://localhost:8484/api/docs
# Note the document ID that is returned.
The Data-Tables endpoints are particularly useful.
For using hosted Grist, just head on over to https://www.getgrist.com.
License
This repository, grist-core
, is released under the Apache License, Version
2.0, which is an
OSI-approved free software license. See LICENSE.txt and NOTICE.txt for
more information.