gristlabs_grist-core/app/server/lib
Alex Hall 887717bb15 (core) Decode cell values to prevent working around rule using 'in' on lists
Summary:
Fixes bug described in https://grist.slack.com/archives/C069RUP71/p1699643458649019

Decodes cell values obtained from `InfoView.get` when evaluating user-defined ACL formulas, i.e. the result of `rec.foo` in such a formula. In particular this is so that `rec.some_list` loses the leading `L` type code and behaves sensibly in an expression like `thing in rec.some_list`.

`InfoView.get` is called in many places, but for every usage I found other than here, leaving the cell values encoded was best.

Test Plan: Added two unit server tests. The first is for the main bug involving lists. The second checks the only other plausible way I could think of that this change affects behaviour, and it seems to be for the better since both tests failed before. Most operations involving non-primitive cell values don't do anything sensible with or without decoding, so behaviour shouldn't change meaningfully in those cases.

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4123
2023-12-04 23:34:08 +02:00
..
AccessTokens.ts (core) add an access token mechanism to help with attachments in custom widgets 2022-07-19 11:55:18 -04:00
ACLFormula.ts (core) Decode cell values to prevent working around rule using 'in' on lists 2023-12-04 23:34:08 +02:00
ActionHistory.ts (core) Fix issue with lodash's map interpreting objects with length as array-like 2023-07-01 21:07:39 -04:00
ActionHistoryImpl.ts support other SQLite wrappers, and various hooks needed by grist-static (#516) 2023-05-23 15:17:28 -04:00
ActiveDoc.ts (core) Remove transform columns on shutdown 2023-11-14 22:31:34 +02:00
ActiveDocImport.ts Split out new importFileAsNewTable method for grist-static (#564) 2023-07-12 15:57:02 +02:00
AppEndpoint.ts (core) update tests and endpoints after bare /urlId redirect added 2023-12-04 11:14:10 -05:00
AppSettings.ts add an endpoint for doing SQL selects (#641) 2023-09-04 09:21:18 -04:00
Assistance.ts (core) updates from grist-core 2023-08-21 09:15:53 -04:00
Authorizer.ts (core) Revamp ForwardAuthLogin and unify with GRIST_PROXY_AUTH_HEADER 2023-11-07 16:30:49 -05:00
BrowserSession.ts Issue 740 OIDC login redirect (#742) 2023-11-15 09:23:32 -05:00
checksumFile.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
Client.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
Comm.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
configureMinIOExternalStorage.ts Abort when MinIO bucket does not have versioning enabled #545 (#546) 2023-07-10 06:24:55 -04:00
dbUtils.ts Introduce TYPEORM_EXTRA env variable (#770) 2023-11-27 10:47:56 -05:00
DiscourseConnect.ts (core) Adding GristConnect login system 2022-05-18 20:28:25 +02:00
DocApi.ts (core) Add more telemetry events 2023-11-16 12:38:08 -05:00
DocClients.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
DocManager.ts (core) Add more telemetry events 2023-11-16 12:38:08 -05:00
DocPluginData.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
DocPluginManager.ts (core) add an access token mechanism to help with attachments in custom widgets 2022-07-19 11:55:18 -04:00
DocSession.ts (core) User language switcher 2023-01-26 09:47:14 +01:00
DocSnapshots.ts Track saved version per hour, day, week, month, year, and number of times a version with parameter (#509) 2023-05-12 11:38:29 -04:00
DocStorage.ts add an endpoint for doing SQL selects (#641) 2023-09-04 09:21:18 -04:00
DocStorageManager.ts (core) dust off electron build a little bit 2022-07-29 11:19:26 -04:00
docUtils.d.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
docUtils.js Correct spelling mistakes 2022-02-19 09:46:49 +00:00
DocWorker.ts Remove attachments and system files from document download as template (#729) 2023-11-08 15:09:01 -05:00
DocWorkerMap.ts (core) Add unquarantine command to admin CLI 2022-08-15 13:04:55 -07:00
DocWorkerUtils.ts (core) Add support for auto-copying docs on signup 2023-09-06 15:12:08 -04:00
ExcelFormatter.ts (core) Currency from grist column is persistent when exporting to excel 2023-05-08 10:39:01 +02:00
ExpandedQuery.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
Export.ts Option to export colId as header in CSV / XSLX instead of label (#688) (#692) 2023-10-15 20:17:43 -04:00
ExportCSV.ts Option to export colId as header in CSV / XSLX instead of label (#688) (#692) 2023-10-15 20:17:43 -04:00
ExportTableSchema.ts Add header=colId option for the table-schema API #719 (#749) 2023-11-17 17:45:15 +02:00
ExportXLSX.ts add hooks for tweaking how downloads happen (for grist-static) (#665) 2023-09-09 14:50:32 -04:00
expressWrap.ts (core) Update dependencies 2023-10-11 17:36:58 -04:00
ExternalStorage.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
extractOrg.ts (core) support for bundling custom widgets with the Grist app 2023-10-27 17:00:10 -04:00
FileParserElement.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
filterUtils.ts (core) uncheck FullCopy special when copying/forking a document 2021-04-29 08:56:54 -04:00
FlexServer.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
ForwardAuthLogin.ts (core) Revamp ForwardAuthLogin and unify with GRIST_PROXY_AUTH_HEADER 2023-11-07 16:30:49 -05:00
GoogleAuth.ts Add ws id and doc name params to POST /docs (#655) 2023-09-05 14:27:35 -04:00
GoogleExport.ts Add ws id and doc name params to POST /docs (#655) 2023-09-05 14:27:35 -04:00
GoogleImport.ts (core) Adding DELETE /api/docs/webhooks/queue endpoint to clear the queue 2022-12-01 12:23:19 +01:00
GranularAccess.ts Dump the rule for ACL formula warnings (#639) 2023-08-23 09:23:29 -04:00
GristServer.ts (core) For slowly reported telemetry, add breaks to give other processes a chance to run 2023-11-28 14:34:36 -05:00
gristSessions.ts (core) Add options to /status health-check endpoints to check DB and Redis liveness. 2023-10-02 14:41:04 -04:00
gristSettings.ts move getTemplateOrg method; enable template org in docker tests (#602) 2023-07-31 16:10:59 -04:00
guessExt.ts (core) Switch excel import parsing from messytables+xlrd to openpyxl, and ignore empty rows 2022-05-12 14:43:21 +02:00
hashingUtils.ts (core) Add Support Grist page and nudge 2023-07-04 17:36:59 -04:00
HashUtil.ts (core) add more detail to /compare endpoint 2020-09-18 16:31:29 -04:00
HostedMetadataManager.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
HostedStorageManager.ts (core) Persist forks in home db 2023-02-20 22:46:36 -05:00
httpEncoding.ts (core) External requests 2022-06-17 21:53:20 +02:00
IBilling.ts (core) Add basic activation page to grist-ee 2022-08-23 10:30:52 -07:00
IChecksumStore.ts (core) revamp snapshot inventory 2020-10-30 13:52:46 -04:00
ICreate.ts (core) Delete my account button 2023-09-27 14:49:23 +02:00
IDocStorageManager.ts (core) add a yarn run cli tool, and add a sqlite gristify option 2022-07-14 12:00:30 -04:00
idUtils.ts (core) Persist forks in home db 2023-02-20 22:46:36 -05:00
IElectionStore.ts (core) move some material to core that slipped through in a rebase 2020-07-23 11:29:05 -04:00
initialDocSql.ts (core) Record Cards 2023-11-19 20:12:37 -05:00
INotifier.ts (core) Speed up and upgrade build. 2022-06-27 16:10:10 -04:00
ISandbox.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
IShell.ts (core) dust off electron build a little bit 2022-07-29 11:19:26 -04:00
ITestingHooks-ti.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
ITestingHooks.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
log.ts fix log.add under electron (#478) 2023-04-03 13:29:35 -04:00
LogMethods.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
manifest.ts (core) support for bundling custom widgets with the Grist app 2023-10-27 17:00:10 -04:00
MemoryPool.ts (core) Manage memory used for websocket responses to reduce the risk of server crashes. 2023-08-07 11:28:31 -04:00
MinimalLogin.ts A set of tweaks to simplify electron packaging (#421) 2023-02-13 15:52:17 -05:00
MinIOExternalStorage.ts Issue 359 support scaleway (#577) 2023-07-20 06:16:58 -04:00
NSandbox.ts (core) Support adjusting OOM score for child sandbox processes. 2023-11-16 17:43:06 -05:00
NullSandbox.ts (core) Fix snapshot migrations 2023-05-23 15:50:15 -04:00
OIDCConfig.ts OIDC: ensure that email_veridied is set by default (#765) 2023-11-22 14:58:29 -05:00
OnDemandActions.ts (core) Adds a UI panel for managing webhooks 2023-05-08 18:25:27 -04:00
PermissionInfo.ts (core) Fixing memos in record dependent rules. 2023-09-08 10:16:09 +02:00
Permit.ts (core) Add new Grist login page 2022-04-01 15:24:19 -07:00
places.ts A set of tweaks to simplify electron packaging (#421) 2023-02-13 15:52:17 -05:00
PluginEndpoint.ts include the @gristlabs/grist-widget package, so Calendar is always available (#745) 2023-11-28 09:28:15 -05:00
PluginManager.ts include the @gristlabs/grist-widget package, so Calendar is always available (#745) 2023-11-28 09:28:15 -05:00
ProcessMonitor.ts (core) Add new telemetry events 2023-11-01 10:49:33 -04:00
ProxyAgent.ts (core) Add logging of errors whenever ProxyAgent is used, and a test for it. 2023-05-17 10:21:53 -04:00
reportTimeTaken.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
Requests.ts REQUEST now supports POST (#588) 2023-07-30 15:13:43 -04:00
requestUtils.ts (core) Add welcomeQuestionsSubmitted telemetry event 2023-09-13 00:31:04 -04:00
RowAccess.ts (core) control the distribution of attachment metadata 2022-12-22 09:10:30 -05:00
SafePythonComponent.ts (core) Run and test imports only in Python 3, upgrade openpyxl, fix weird date handling 2022-09-02 16:27:34 +02:00
SamlConfig.ts (core) Fix delete user button for Google-only accounts 2023-10-18 10:52:58 -04:00
SandboxControl.ts (core) Update dependencies 2023-10-11 17:36:58 -04:00
sandboxUtil.ts (core) Update logging in sandbox code, and log tracebacks as single log messages. 2023-07-18 11:21:25 -04:00
sendAppPage.ts (core) Record Cards 2023-11-19 20:12:37 -05:00
ServerColumnGetters.ts (core) Filter rows based on linked widgets when exporting view 2023-07-26 21:49:52 +02:00
ServerLocale.ts (core) Converting server-side Comm.js to typescript 2022-06-07 15:47:17 -04:00
serverUtils.ts (core) Add timeouts to prevent ActiveDoc bad state during shutdown. 2023-09-26 15:32:49 -04:00
Sessions.ts (core) Converting server-side Comm.js to typescript 2022-06-07 15:47:17 -04:00
Sharing.ts (core) Remove transform columns on shutdown 2023-11-14 22:31:34 +02:00
shortDesc.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
shutdown.js support other SQLite wrappers, and various hooks needed by grist-static (#516) 2023-05-23 15:17:28 -04:00
SqliteCommon.ts add an endpoint for doing SQL selects (#641) 2023-09-04 09:21:18 -04:00
SQLiteDB.ts add an endpoint for doing SQL selects (#641) 2023-09-04 09:21:18 -04:00
SqliteNode.ts add an endpoint for doing SQL selects (#641) 2023-09-04 09:21:18 -04:00
TableMetadataLoader.ts (core) Support adjusting OOM score for child sandbox processes. 2023-11-16 17:43:06 -05:00
TagChecker.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
Telemetry.ts (core) updates from grist-core 2023-12-01 08:14:12 -05:00
TestingHooks.ts (core) Exit more cleanly on unhandled errors, and handle errors writing to Clients. 2023-12-01 09:42:00 -05:00
TestLogin.ts (core) make the support account configurable, and allow listing public sites 2022-10-14 14:23:59 -04:00
Throttle.ts (core) Fix bugs with intervals 2022-08-25 12:38:36 -07:00
TimeQuery.ts (core) Adds a UI panel for managing webhooks 2023-05-08 18:25:27 -04:00
Triggers.ts (core) When a webhook is disabled, clear its queue 2023-11-07 15:48:35 +02:00
UnsafeNodeComponent.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
uploads.ts (core) Add support for auto-copying docs on signup 2023-09-06 15:12:08 -04:00
WidgetRepository.ts allow bundled widgets to be hidden from dropdown, and nested (#714) 2023-10-30 21:13:21 -04:00
WorkCoordinator.ts support other SQLite wrappers, and various hooks needed by grist-static (#516) 2023-05-23 15:17:28 -04:00
workerExporter.ts Option to export colId as header in CSV / XSLX instead of label (#688) (#692) 2023-10-15 20:17:43 -04:00