mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
225a76c9cb
Summary: This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems: 1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level. 2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun. Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK. Test Plan: Updated nbrowser test Reviewers: georgegevoian, paulfitz Reviewed By: georgegevoian, paulfitz Differential Revision: https://phab.getgrist.com/D4145 |
||
|---|---|---|
| .. | ||
| aclui | ||
| components | ||
| lib | ||
| models | ||
| ui | ||
| ui2018 | ||
| widgets | ||
| app.css | ||
| app.js | ||
| billingMain.ts | ||
| browserCheck.ts | ||
| declarations.d.ts | ||
| DefaultHooks.ts | ||
| errorMain.ts | ||
| exposeModulesForTests.js | ||
| Hooks.ts | ||
| logo.css | ||
| tsconfig.json | ||