1
0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00
gristlabs_grist-core/test/fixtures/sites
Alex Hall 225a76c9cb (core) Don't throw error in onRecord(s) for insufficient access for includeColumns
Summary:
This removes checking for full access in `onRecord/onRecords` when `includeColumns` is a non-default value. The check had two problems:

1. It relied on the access level being present in the URL query parameters, which doesn't work if the page has redirected. See the discussion in https://grist.slack.com/archives/C0234CPPXPA/p1702576602615509. There seems to be no way to reliably and synchronously check the access level.
2. Calling `onRecords` before `ready` and forgetting to handle an error from the access check meant that `ready` wouldn't be called, so Grist couldn't request the correct access level from the user. I made this mistake and it seems like a nasty footgun.

Ultimately this has no effect on security, as an error will still be raised, but in a place where the widget developer can't catch it. They'll still see an error message in the console, and they can still check the access level reliably using `onOptions`, so I think this is OK.

Test Plan: Updated nbrowser test

Reviewers: georgegevoian, paulfitz

Reviewed By: georgegevoian, paulfitz

Differential Revision: https://phab.getgrist.com/D4145
2023-12-30 10:16:40 +02:00
..
config (core) Extending widget 2023-10-09 14:53:20 +02:00
deferred-ready (core) Support dark mode in custom widgets 2023-09-19 16:08:21 -04:00
embed (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00
fetchSelectedOptions (core) Don't throw error in onRecord(s) for insufficient access for includeColumns 2023-12-30 10:16:40 +02:00
filter (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00
hello (core) Cursor in custom widgets 2023-08-29 09:19:52 +02:00
paste (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00
probe (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00
readout (core) Add Command API to Grist Plugin API 2023-09-27 13:25:18 -04:00
types (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00
zap (core) Moving widget tests to core 2022-09-06 17:17:14 +02:00