Merge branch 'master' into view-calculation-validation
This commit is contained in:
Sam Rose
GitHub
commit
3e865d5609
|
|
@ -23,7 +23,6 @@ jobs:
|
|||
PAYLOAD_BRANCH: ${{ github.head_ref }}
|
||||
PAYLOAD_PR_NUMBER: ${{ github.event.pull_request.number }}
|
||||
PAYLOAD_LICENSE_TYPE: "free"
|
||||
PAYLOAD_DEPLOY: true
|
||||
with:
|
||||
repository: budibase/budibase-deploys
|
||||
event: featurebranch-qa-deploy
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 3e24f6293ff5ee5f9b42822e001504e3bbf19cc0
|
||||
Subproject commit 8cd052ce8288f343812a514d06c5a9459b3ba1a8
|
||||
|
|
@ -6,9 +6,6 @@ import {
|
|||
AccountSSOProviderType,
|
||||
AuthType,
|
||||
CloudAccount,
|
||||
CreateAccount,
|
||||
CreatePassswordAccount,
|
||||
CreateVerifiableSSOAccount,
|
||||
Hosting,
|
||||
SSOAccount,
|
||||
} from "@budibase/types"
|
||||
|
|
@ -19,6 +16,7 @@ export const account = (partial: Partial<Account> = {}): Account => {
|
|||
accountId: uuid(),
|
||||
tenantId: generator.word(),
|
||||
email: generator.email({ domain: "example.com" }),
|
||||
accountName: generator.word(),
|
||||
tenantName: generator.word(),
|
||||
hosting: Hosting.SELF,
|
||||
createdAt: Date.now(),
|
||||
|
|
@ -84,62 +82,3 @@ export function verifiableSsoAccount(
|
|||
thirdPartyProfile: { id: "abc123" },
|
||||
}
|
||||
}
|
||||
|
||||
export const cloudCreateAccount: CreatePassswordAccount = {
|
||||
email: "cloud@budibase.com",
|
||||
tenantId: "cloud",
|
||||
hosting: Hosting.CLOUD,
|
||||
authType: AuthType.PASSWORD,
|
||||
password: "Password123!",
|
||||
tenantName: "cloud",
|
||||
name: "Budi Armstrong",
|
||||
size: "10+",
|
||||
profession: "Software Engineer",
|
||||
}
|
||||
|
||||
export const cloudSSOCreateAccount: CreateAccount = {
|
||||
email: "cloud-sso@budibase.com",
|
||||
tenantId: "cloud-sso",
|
||||
hosting: Hosting.CLOUD,
|
||||
authType: AuthType.SSO,
|
||||
tenantName: "cloudsso",
|
||||
name: "Budi Armstrong",
|
||||
size: "10+",
|
||||
profession: "Software Engineer",
|
||||
}
|
||||
|
||||
export const cloudVerifiableSSOCreateAccount: CreateVerifiableSSOAccount = {
|
||||
email: "cloud-sso@budibase.com",
|
||||
tenantId: "cloud-sso",
|
||||
hosting: Hosting.CLOUD,
|
||||
authType: AuthType.SSO,
|
||||
tenantName: "cloudsso",
|
||||
name: "Budi Armstrong",
|
||||
size: "10+",
|
||||
profession: "Software Engineer",
|
||||
provider: AccountSSOProvider.MICROSOFT,
|
||||
thirdPartyProfile: { id: "abc123" },
|
||||
}
|
||||
|
||||
export const selfCreateAccount: CreatePassswordAccount = {
|
||||
email: "self@budibase.com",
|
||||
tenantId: "self",
|
||||
hosting: Hosting.SELF,
|
||||
authType: AuthType.PASSWORD,
|
||||
password: "Password123!",
|
||||
tenantName: "self",
|
||||
name: "Budi Armstrong",
|
||||
size: "10+",
|
||||
profession: "Software Engineer",
|
||||
}
|
||||
|
||||
export const selfSSOCreateAccount: CreateAccount = {
|
||||
email: "self-sso@budibase.com",
|
||||
tenantId: "self-sso",
|
||||
hosting: Hosting.SELF,
|
||||
authType: AuthType.SSO,
|
||||
tenantName: "selfsso",
|
||||
name: "Budi Armstrong",
|
||||
size: "10+",
|
||||
profession: "Software Engineer",
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,10 +145,16 @@
|
|||
const debouncedEval = Utils.debounce((expression, context, snippets) => {
|
||||
try {
|
||||
expressionError = null
|
||||
expressionResult = processStringSync(expression || "", {
|
||||
...context,
|
||||
snippets,
|
||||
})
|
||||
expressionResult = processStringSync(
|
||||
expression || "",
|
||||
{
|
||||
...context,
|
||||
snippets,
|
||||
},
|
||||
{
|
||||
noThrow: false,
|
||||
}
|
||||
)
|
||||
} catch (err) {
|
||||
expressionResult = null
|
||||
expressionError = err
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@
|
|||
licensing,
|
||||
environment,
|
||||
enrichedApps,
|
||||
sortBy,
|
||||
} from "stores/portal"
|
||||
import { goto } from "@roxi/routify"
|
||||
import AppRow from "components/start/AppRow.svelte"
|
||||
|
|
@ -247,7 +248,7 @@
|
|||
<div class="app-actions">
|
||||
<Select
|
||||
autoWidth
|
||||
value={$appsStore.sortBy}
|
||||
value={$sortBy}
|
||||
on:change={e => {
|
||||
appsStore.updateSort(e.detail)
|
||||
}}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ const DEV_PROPS = ["updatedBy", "updatedAt"]
|
|||
|
||||
export const INITIAL_APPS_STATE = {
|
||||
apps: [],
|
||||
sortBy: "name",
|
||||
}
|
||||
|
||||
export class AppsStore extends BudiStore {
|
||||
|
|
@ -53,6 +52,15 @@ export class AppsStore extends BudiStore {
|
|||
...state,
|
||||
sortBy,
|
||||
}))
|
||||
this.updateUserSort(sortBy)
|
||||
}
|
||||
|
||||
async updateUserSort(sortBy) {
|
||||
try {
|
||||
await auth.updateSelf({ appSort: sortBy })
|
||||
} catch (err) {
|
||||
console.error("couldn't save user sort: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
async load() {
|
||||
|
|
@ -140,43 +148,50 @@ export class AppsStore extends BudiStore {
|
|||
|
||||
export const appsStore = new AppsStore()
|
||||
|
||||
// Centralise any logic that enriches the apps list
|
||||
export const enrichedApps = derived([appsStore, auth], ([$store, $auth]) => {
|
||||
const enrichedApps = $store.apps
|
||||
? $store.apps.map(app => ({
|
||||
...app,
|
||||
deployed: app.status === AppStatus.DEPLOYED,
|
||||
lockedYou: app.lockedBy && app.lockedBy.email === $auth.user?.email,
|
||||
lockedOther: app.lockedBy && app.lockedBy.email !== $auth.user?.email,
|
||||
favourite: $auth.user?.appFavourites?.includes(app.appId),
|
||||
}))
|
||||
: []
|
||||
export const sortBy = derived([appsStore, auth], ([$store, $auth]) => {
|
||||
return $store.sortBy || $auth.user?.appSort || "name"
|
||||
})
|
||||
|
||||
if ($store.sortBy === "status") {
|
||||
return enrichedApps.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
if (a.status === b.status) {
|
||||
// Centralise any logic that enriches the apps list
|
||||
export const enrichedApps = derived(
|
||||
[appsStore, auth, sortBy],
|
||||
([$store, $auth, $sortBy]) => {
|
||||
const enrichedApps = $store.apps
|
||||
? $store.apps.map(app => ({
|
||||
...app,
|
||||
deployed: app.status === AppStatus.DEPLOYED,
|
||||
lockedYou: app.lockedBy && app.lockedBy.email === $auth.user?.email,
|
||||
lockedOther: app.lockedBy && app.lockedBy.email !== $auth.user?.email,
|
||||
favourite: $auth.user?.appFavourites?.includes(app.appId),
|
||||
}))
|
||||
: []
|
||||
|
||||
if ($sortBy === "status") {
|
||||
return enrichedApps.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
if (a.status === b.status) {
|
||||
return a.name?.toLowerCase() < b.name?.toLowerCase() ? -1 : 1
|
||||
}
|
||||
return a.status === AppStatus.DEPLOYED ? -1 : 1
|
||||
}
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
} else if ($sortBy === "updated") {
|
||||
return enrichedApps?.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
const aUpdated = a.updatedAt || "9999"
|
||||
const bUpdated = b.updatedAt || "9999"
|
||||
return aUpdated < bUpdated ? 1 : -1
|
||||
}
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
} else {
|
||||
return enrichedApps?.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
return a.name?.toLowerCase() < b.name?.toLowerCase() ? -1 : 1
|
||||
}
|
||||
return a.status === AppStatus.DEPLOYED ? -1 : 1
|
||||
}
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
} else if ($store.sortBy === "updated") {
|
||||
return enrichedApps?.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
const aUpdated = a.updatedAt || "9999"
|
||||
const bUpdated = b.updatedAt || "9999"
|
||||
return aUpdated < bUpdated ? 1 : -1
|
||||
}
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
} else {
|
||||
return enrichedApps?.sort((a, b) => {
|
||||
if (a.favourite === b.favourite) {
|
||||
return a.name?.toLowerCase() < b.name?.toLowerCase() ? -1 : 1
|
||||
}
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
return a.favourite ? -1 : 1
|
||||
})
|
||||
}
|
||||
}
|
||||
})
|
||||
)
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ import { writable } from "svelte/store"
|
|||
export { organisation } from "./organisation"
|
||||
export { users } from "./users"
|
||||
export { admin } from "./admin"
|
||||
export { appsStore, enrichedApps } from "./apps"
|
||||
export { appsStore, enrichedApps, sortBy } from "./apps"
|
||||
export { email } from "./email"
|
||||
export { auth } from "./auth"
|
||||
export { oidc } from "./oidc"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
import {
|
||||
CreateRowActionRequest,
|
||||
Ctx,
|
||||
RowActionPermissions,
|
||||
RowActionResponse,
|
||||
RowActionsResponse,
|
||||
UpdateRowActionRequest,
|
||||
|
|
@ -18,25 +19,26 @@ async function getTable(ctx: Ctx) {
|
|||
|
||||
export async function find(ctx: Ctx<void, RowActionsResponse>) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
|
||||
if (!(await sdk.rowActions.docExists(table._id!))) {
|
||||
if (!(await sdk.rowActions.docExists(tableId))) {
|
||||
ctx.body = {
|
||||
actions: {},
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
const { actions } = await sdk.rowActions.getAll(table._id!)
|
||||
const { actions } = await sdk.rowActions.getAll(tableId)
|
||||
const result: RowActionsResponse = {
|
||||
actions: Object.entries(actions).reduce<Record<string, RowActionResponse>>(
|
||||
(acc, [key, action]) => ({
|
||||
...acc,
|
||||
[key]: {
|
||||
id: key,
|
||||
tableId: table._id!,
|
||||
tableId,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedViews: flattenAllowedViews(action.permissions.views),
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
},
|
||||
}),
|
||||
{}
|
||||
|
|
@ -49,17 +51,18 @@ export async function create(
|
|||
ctx: Ctx<CreateRowActionRequest, RowActionResponse>
|
||||
) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
|
||||
const createdAction = await sdk.rowActions.create(table._id!, {
|
||||
const createdAction = await sdk.rowActions.create(tableId, {
|
||||
name: ctx.request.body.name,
|
||||
})
|
||||
|
||||
ctx.body = {
|
||||
tableId: table._id!,
|
||||
tableId,
|
||||
id: createdAction.id,
|
||||
name: createdAction.name,
|
||||
automationId: createdAction.automationId,
|
||||
allowedViews: undefined,
|
||||
allowedSources: flattenAllowedSources(tableId, createdAction.permissions),
|
||||
}
|
||||
ctx.status = 201
|
||||
}
|
||||
|
|
@ -68,18 +71,19 @@ export async function update(
|
|||
ctx: Ctx<UpdateRowActionRequest, RowActionResponse>
|
||||
) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
const { actionId } = ctx.params
|
||||
|
||||
const action = await sdk.rowActions.update(table._id!, actionId, {
|
||||
const action = await sdk.rowActions.update(tableId, actionId, {
|
||||
name: ctx.request.body.name,
|
||||
})
|
||||
|
||||
ctx.body = {
|
||||
tableId: table._id!,
|
||||
tableId,
|
||||
id: action.id,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedViews: undefined,
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -91,52 +95,89 @@ export async function remove(ctx: Ctx<void, void>) {
|
|||
ctx.status = 204
|
||||
}
|
||||
|
||||
export async function setTablePermission(ctx: Ctx<void, RowActionResponse>) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
const { actionId } = ctx.params
|
||||
|
||||
const action = await sdk.rowActions.setTablePermission(tableId, actionId)
|
||||
ctx.body = {
|
||||
tableId,
|
||||
id: action.id,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
}
|
||||
}
|
||||
|
||||
export async function unsetTablePermission(ctx: Ctx<void, RowActionResponse>) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
const { actionId } = ctx.params
|
||||
|
||||
const action = await sdk.rowActions.unsetTablePermission(tableId, actionId)
|
||||
|
||||
ctx.body = {
|
||||
tableId,
|
||||
id: action.id,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
}
|
||||
}
|
||||
|
||||
export async function setViewPermission(ctx: Ctx<void, RowActionResponse>) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
const { actionId, viewId } = ctx.params
|
||||
|
||||
const action = await sdk.rowActions.setViewPermission(
|
||||
table._id!,
|
||||
tableId,
|
||||
actionId,
|
||||
viewId
|
||||
)
|
||||
ctx.body = {
|
||||
tableId: table._id!,
|
||||
tableId,
|
||||
id: action.id,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedViews: flattenAllowedViews(action.permissions.views),
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
}
|
||||
}
|
||||
|
||||
export async function unsetViewPermission(ctx: Ctx<void, RowActionResponse>) {
|
||||
const table = await getTable(ctx)
|
||||
const tableId = table._id!
|
||||
const { actionId, viewId } = ctx.params
|
||||
|
||||
const action = await sdk.rowActions.unsetViewPermission(
|
||||
table._id!,
|
||||
tableId,
|
||||
actionId,
|
||||
viewId
|
||||
)
|
||||
|
||||
ctx.body = {
|
||||
tableId: table._id!,
|
||||
tableId,
|
||||
id: action.id,
|
||||
name: action.name,
|
||||
automationId: action.automationId,
|
||||
allowedViews: flattenAllowedViews(action.permissions.views),
|
||||
allowedSources: flattenAllowedSources(tableId, action.permissions),
|
||||
}
|
||||
}
|
||||
|
||||
function flattenAllowedViews(
|
||||
permissions: Record<string, { runAllowed: boolean }>
|
||||
function flattenAllowedSources(
|
||||
tableId: string,
|
||||
permissions: RowActionPermissions
|
||||
) {
|
||||
const allowedPermissions = Object.entries(permissions || {})
|
||||
.filter(([_, p]) => p.runAllowed)
|
||||
.map(([viewId]) => viewId)
|
||||
if (!allowedPermissions.length) {
|
||||
return undefined
|
||||
const allowedPermissions = []
|
||||
if (permissions.table.runAllowed) {
|
||||
allowedPermissions.push(tableId)
|
||||
}
|
||||
allowedPermissions.push(
|
||||
...Object.keys(permissions.views || {}).filter(
|
||||
viewId => permissions.views[viewId].runAllowed
|
||||
)
|
||||
)
|
||||
|
||||
return allowedPermissions
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,6 +133,7 @@ export async function create(ctx: Ctx<CreateViewRequest, ViewResponse>) {
|
|||
sort: view.sort,
|
||||
schema,
|
||||
primaryDisplay: view.primaryDisplay,
|
||||
uiMetadata: view.uiMetadata,
|
||||
}
|
||||
const result = await sdk.views.create(tableId, parsedView)
|
||||
ctx.status = 201
|
||||
|
|
@ -169,6 +170,7 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
|
|||
sort: view.sort,
|
||||
schema,
|
||||
primaryDisplay: view.primaryDisplay,
|
||||
uiMetadata: view.uiMetadata,
|
||||
}
|
||||
|
||||
const result = await sdk.views.update(tableId, parsedView)
|
||||
|
|
|
|||
|
|
@ -51,6 +51,16 @@ router
|
|||
authorized(BUILDER),
|
||||
rowActionController.remove
|
||||
)
|
||||
.post(
|
||||
"/api/tables/:tableId/actions/:actionId/permissions",
|
||||
authorized(BUILDER),
|
||||
rowActionController.setTablePermission
|
||||
)
|
||||
.delete(
|
||||
"/api/tables/:tableId/actions/:actionId/permissions",
|
||||
authorized(BUILDER),
|
||||
rowActionController.unsetTablePermission
|
||||
)
|
||||
.post(
|
||||
"/api/tables/:tableId/actions/:actionId/permissions/:viewId",
|
||||
authorized(BUILDER),
|
||||
|
|
|
|||
|
|
@ -133,6 +133,7 @@ describe("/rowsActions", () => {
|
|||
id: expect.stringMatching(/^row_action_\w+/),
|
||||
tableId: tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
})
|
||||
|
||||
expect(await config.api.rowAction.find(tableId)).toEqual({
|
||||
|
|
@ -142,6 +143,7 @@ describe("/rowsActions", () => {
|
|||
id: res.id,
|
||||
tableId: tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
},
|
||||
})
|
||||
|
|
@ -180,18 +182,21 @@ describe("/rowsActions", () => {
|
|||
id: responses[0].id,
|
||||
tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
[responses[1].id]: {
|
||||
name: rowActions[1].name,
|
||||
id: responses[1].id,
|
||||
tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
[responses[2].id]: {
|
||||
name: rowActions[2].name,
|
||||
id: responses[2].id,
|
||||
tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
},
|
||||
})
|
||||
|
|
@ -224,6 +229,7 @@ describe("/rowsActions", () => {
|
|||
id: expect.any(String),
|
||||
tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
})
|
||||
|
||||
expect(await config.api.rowAction.find(tableId)).toEqual({
|
||||
|
|
@ -233,6 +239,7 @@ describe("/rowsActions", () => {
|
|||
id: res.id,
|
||||
tableId: tableId,
|
||||
automationId: expectAutomationId(),
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
},
|
||||
})
|
||||
|
|
@ -354,6 +361,7 @@ describe("/rowsActions", () => {
|
|||
tableId,
|
||||
name: updatedName,
|
||||
automationId: actionData.automationId,
|
||||
allowedSources: [tableId],
|
||||
})
|
||||
|
||||
expect(await config.api.rowAction.find(tableId)).toEqual(
|
||||
|
|
@ -364,6 +372,7 @@ describe("/rowsActions", () => {
|
|||
id: actionData.id,
|
||||
tableId: actionData.tableId,
|
||||
automationId: actionData.automationId,
|
||||
allowedSources: [tableId],
|
||||
},
|
||||
}),
|
||||
})
|
||||
|
|
@ -515,6 +524,81 @@ describe("/rowsActions", () => {
|
|||
})
|
||||
})
|
||||
|
||||
describe("set/unsetTablePermission", () => {
|
||||
describe.each([
|
||||
["setTablePermission", config.api.rowAction.setTablePermission],
|
||||
["unsetTablePermission", config.api.rowAction.unsetTablePermission],
|
||||
])("unauthorisedTests for %s", (__, delegateTest) => {
|
||||
unauthorisedTests((expectations, testConfig) =>
|
||||
delegateTest(tableId, generator.guid(), expectations, testConfig)
|
||||
)
|
||||
})
|
||||
|
||||
let actionId1: string, actionId2: string
|
||||
|
||||
beforeEach(async () => {
|
||||
for (const rowAction of createRowActionRequests(3)) {
|
||||
await createRowAction(tableId, rowAction)
|
||||
}
|
||||
const persisted = await config.api.rowAction.find(tableId)
|
||||
|
||||
const actions = _.sampleSize(Object.keys(persisted.actions), 2)
|
||||
actionId1 = actions[0]
|
||||
actionId2 = actions[1]
|
||||
})
|
||||
|
||||
it("can set table permission", async () => {
|
||||
await config.api.rowAction.unsetTablePermission(tableId, actionId1)
|
||||
await config.api.rowAction.unsetTablePermission(tableId, actionId2)
|
||||
const actionResult = await config.api.rowAction.setTablePermission(
|
||||
tableId,
|
||||
actionId1
|
||||
)
|
||||
const expectedAction1 = expect.objectContaining({
|
||||
allowedSources: [tableId],
|
||||
})
|
||||
|
||||
const expectedActions = expect.objectContaining({
|
||||
[actionId1]: expectedAction1,
|
||||
[actionId2]: expect.objectContaining({
|
||||
allowedSources: [],
|
||||
}),
|
||||
})
|
||||
expect(actionResult).toEqual(expectedAction1)
|
||||
expect((await config.api.rowAction.find(tableId)).actions).toEqual(
|
||||
expectedActions
|
||||
)
|
||||
})
|
||||
|
||||
it("can unset table permission", async () => {
|
||||
const actionResult = await config.api.rowAction.unsetTablePermission(
|
||||
tableId,
|
||||
actionId1
|
||||
)
|
||||
|
||||
const expectedAction = expect.objectContaining({
|
||||
allowedSources: [],
|
||||
})
|
||||
expect(actionResult).toEqual(expectedAction)
|
||||
expect(
|
||||
(await config.api.rowAction.find(tableId)).actions[actionId1]
|
||||
).toEqual(expectedAction)
|
||||
})
|
||||
|
||||
it.each([
|
||||
["setTablePermission", config.api.rowAction.setTablePermission],
|
||||
["unsetTablePermission", config.api.rowAction.unsetTablePermission],
|
||||
])(
|
||||
"cannot update permission for unexisting tables (%s)",
|
||||
async (__, delegateTest) => {
|
||||
const tableId = generator.guid()
|
||||
await delegateTest(tableId, actionId1, {
|
||||
status: 404,
|
||||
})
|
||||
}
|
||||
)
|
||||
})
|
||||
|
||||
describe("set/unsetViewPermission", () => {
|
||||
describe.each([
|
||||
["setViewPermission", config.api.rowAction.setViewPermission],
|
||||
|
|
@ -531,11 +615,9 @@ describe("/rowsActions", () => {
|
|||
)
|
||||
})
|
||||
|
||||
let tableIdForDescribe: string
|
||||
let actionId1: string, actionId2: string
|
||||
let viewId1: string, viewId2: string
|
||||
beforeAll(async () => {
|
||||
tableIdForDescribe = tableId
|
||||
beforeEach(async () => {
|
||||
for (const rowAction of createRowActionRequests(3)) {
|
||||
await createRowAction(tableId, rowAction)
|
||||
}
|
||||
|
|
@ -557,11 +639,6 @@ describe("/rowsActions", () => {
|
|||
).id
|
||||
})
|
||||
|
||||
beforeEach(() => {
|
||||
// Hack to reuse tables for these given tests
|
||||
tableId = tableIdForDescribe
|
||||
})
|
||||
|
||||
it("can set permission views", async () => {
|
||||
await config.api.rowAction.setViewPermission(tableId, viewId1, actionId1)
|
||||
const action1Result = await config.api.rowAction.setViewPermission(
|
||||
|
|
@ -576,10 +653,10 @@ describe("/rowsActions", () => {
|
|||
)
|
||||
|
||||
const expectedAction1 = expect.objectContaining({
|
||||
allowedViews: [viewId1, viewId2],
|
||||
allowedSources: [tableId, viewId1, viewId2],
|
||||
})
|
||||
const expectedAction2 = expect.objectContaining({
|
||||
allowedViews: [viewId1],
|
||||
allowedSources: [tableId, viewId1],
|
||||
})
|
||||
|
||||
const expectedActions = expect.objectContaining({
|
||||
|
|
@ -594,6 +671,8 @@ describe("/rowsActions", () => {
|
|||
})
|
||||
|
||||
it("can unset permission views", async () => {
|
||||
await config.api.rowAction.setViewPermission(tableId, viewId2, actionId1)
|
||||
await config.api.rowAction.setViewPermission(tableId, viewId1, actionId2)
|
||||
const actionResult = await config.api.rowAction.unsetViewPermission(
|
||||
tableId,
|
||||
viewId1,
|
||||
|
|
@ -601,7 +680,7 @@ describe("/rowsActions", () => {
|
|||
)
|
||||
|
||||
const expectedAction = expect.objectContaining({
|
||||
allowedViews: [viewId2],
|
||||
allowedSources: [tableId, viewId2],
|
||||
})
|
||||
expect(actionResult).toEqual(expectedAction)
|
||||
expect(
|
||||
|
|
@ -672,6 +751,7 @@ describe("/rowsActions", () => {
|
|||
)
|
||||
|
||||
await config.publish()
|
||||
// Travel time in order to "trim" the selected `getAutomationLogs`
|
||||
tk.travel(Date.now() + 100)
|
||||
})
|
||||
|
||||
|
|
@ -712,6 +792,38 @@ describe("/rowsActions", () => {
|
|||
])
|
||||
})
|
||||
|
||||
it("triggers from an allowed table", async () => {
|
||||
expect(await getAutomationLogs()).toBeEmpty()
|
||||
await config.api.rowAction.trigger(tableId, rowAction.id, { rowId })
|
||||
|
||||
const automationLogs = await getAutomationLogs()
|
||||
expect(automationLogs).toEqual([
|
||||
expect.objectContaining({
|
||||
automationId: rowAction.automationId,
|
||||
}),
|
||||
])
|
||||
})
|
||||
|
||||
it("rejects triggering from a non-allowed table", async () => {
|
||||
await config.api.rowAction.unsetTablePermission(tableId, rowAction.id)
|
||||
await config.publish()
|
||||
|
||||
await config.api.rowAction.trigger(
|
||||
tableId,
|
||||
rowAction.id,
|
||||
{ rowId },
|
||||
{
|
||||
status: 403,
|
||||
body: {
|
||||
message: `Row action '${rowAction.id}' is not enabled for table '${tableId}'`,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
const automationLogs = await getAutomationLogs()
|
||||
expect(automationLogs).toEqual([])
|
||||
})
|
||||
|
||||
it("rejects triggering from a non-allowed view", async () => {
|
||||
const viewId = (
|
||||
await config.api.viewV2.create(
|
||||
|
|
@ -901,7 +1013,7 @@ describe("/rowsActions", () => {
|
|||
})
|
||||
|
||||
it.each(allowedRoleConfig)(
|
||||
"does not allow running row actions for tables by default even",
|
||||
"allow running row actions for tables by default",
|
||||
async (userRole, resourcePermission) => {
|
||||
await config.api.permission.add({
|
||||
level: PermissionLevel.READ,
|
||||
|
|
@ -918,15 +1030,12 @@ describe("/rowsActions", () => {
|
|||
rowAction.id,
|
||||
{ rowId },
|
||||
{
|
||||
status: 403,
|
||||
body: {
|
||||
message: `Row action '${rowAction.id}' is not enabled for table '${tableId}'`,
|
||||
},
|
||||
status: 200,
|
||||
}
|
||||
)
|
||||
|
||||
const automationLogs = await getAutomationLogs()
|
||||
expect(automationLogs).toBeEmpty()
|
||||
expect(automationLogs).toHaveLength(1)
|
||||
})
|
||||
}
|
||||
)
|
||||
|
|
|
|||
|
|
@ -177,6 +177,9 @@ describe.each([
|
|||
visible: true,
|
||||
},
|
||||
},
|
||||
uiMetadata: {
|
||||
foo: "bar",
|
||||
},
|
||||
}
|
||||
const res = await config.api.viewV2.create(newView)
|
||||
|
||||
|
|
@ -687,6 +690,9 @@ describe.each([
|
|||
readonly: true,
|
||||
},
|
||||
},
|
||||
uiMetadata: {
|
||||
foo: "bar",
|
||||
},
|
||||
}
|
||||
await config.api.viewV2.update(updatedData)
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import { init } from ".."
|
|||
import TestConfiguration from "../../tests/utilities/TestConfiguration"
|
||||
|
||||
const DATE = "2021-01-21T12:00:00"
|
||||
|
||||
tk.freeze(DATE)
|
||||
|
||||
describe("jsRunner (using isolated-vm)", () => {
|
||||
|
|
@ -41,11 +40,38 @@ describe("jsRunner (using isolated-vm)", () => {
|
|||
})
|
||||
|
||||
it("should prevent sandbox escape", async () => {
|
||||
await expect(
|
||||
processJS(`return this.constructor.constructor("return process.env")()`)
|
||||
).rejects.toThrow(
|
||||
"error while running user-supplied JavaScript: ReferenceError: process is not defined"
|
||||
expect(
|
||||
await processJS(
|
||||
`return this.constructor.constructor("return process.env")()`
|
||||
)
|
||||
).toEqual("ReferenceError: process is not defined")
|
||||
})
|
||||
|
||||
it("should not allow the context to be mutated", async () => {
|
||||
const context = { array: [1] }
|
||||
const result = await processJS(
|
||||
`
|
||||
const array = $("array");
|
||||
array.push(2);
|
||||
return array[1]
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toEqual(2)
|
||||
expect(context.array).toEqual([1])
|
||||
})
|
||||
|
||||
it("should copy values whenever returning them from $", async () => {
|
||||
const context = { array: [1] }
|
||||
const result = await processJS(
|
||||
`
|
||||
$("array").push(2);
|
||||
return $("array")[1];
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toEqual(undefined)
|
||||
expect(context.array).toEqual([1])
|
||||
})
|
||||
|
||||
describe("helpers", () => {
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ export async function create(tableId: string, rowAction: { name: string }) {
|
|||
name: action.name,
|
||||
automationId: automation._id!,
|
||||
permissions: {
|
||||
table: { runAllowed: false },
|
||||
table: { runAllowed: true },
|
||||
views: {},
|
||||
},
|
||||
}
|
||||
|
|
@ -163,6 +163,23 @@ async function guardView(tableId: string, viewId: string) {
|
|||
}
|
||||
}
|
||||
|
||||
export async function setTablePermission(tableId: string, rowActionId: string) {
|
||||
return await updateDoc(tableId, rowActionId, async actionsDoc => {
|
||||
actionsDoc.actions[rowActionId].permissions.table.runAllowed = true
|
||||
return actionsDoc
|
||||
})
|
||||
}
|
||||
|
||||
export async function unsetTablePermission(
|
||||
tableId: string,
|
||||
rowActionId: string
|
||||
) {
|
||||
return await updateDoc(tableId, rowActionId, async actionsDoc => {
|
||||
actionsDoc.actions[rowActionId].permissions.table.runAllowed = false
|
||||
return actionsDoc
|
||||
})
|
||||
}
|
||||
|
||||
export async function setViewPermission(
|
||||
tableId: string,
|
||||
rowActionId: string,
|
||||
|
|
|
|||
|
|
@ -72,6 +72,42 @@ export class RowActionAPI extends TestAPI {
|
|||
)
|
||||
}
|
||||
|
||||
setTablePermission = async (
|
||||
tableId: string,
|
||||
rowActionId: string,
|
||||
expectations?: Expectations,
|
||||
config?: { publicUser?: boolean }
|
||||
) => {
|
||||
return await this._post<RowActionResponse>(
|
||||
`/api/tables/${tableId}/actions/${rowActionId}/permissions`,
|
||||
{
|
||||
expectations: {
|
||||
status: 200,
|
||||
...expectations,
|
||||
},
|
||||
...config,
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
unsetTablePermission = async (
|
||||
tableId: string,
|
||||
rowActionId: string,
|
||||
expectations?: Expectations,
|
||||
config?: { publicUser?: boolean }
|
||||
) => {
|
||||
return await this._delete<RowActionResponse>(
|
||||
`/api/tables/${tableId}/actions/${rowActionId}/permissions`,
|
||||
{
|
||||
expectations: {
|
||||
status: 200,
|
||||
...expectations,
|
||||
},
|
||||
...config,
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
setViewPermission = async (
|
||||
tableId: string,
|
||||
viewId: string,
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
import { AutoFieldDefaultNames } from "../../constants"
|
||||
import { processStringSync, UserScriptError } from "@budibase/string-templates"
|
||||
import { processStringSync } from "@budibase/string-templates"
|
||||
import {
|
||||
AutoColumnFieldMetadata,
|
||||
FieldSchema,
|
||||
|
|
@ -81,14 +81,7 @@ export async function processFormulas<T extends Row | Row[]>(
|
|||
...row,
|
||||
[column]: tracer.trace("processStringSync", {}, span => {
|
||||
span?.addTags({ table_id: table._id, column, static: isStatic })
|
||||
try {
|
||||
return processStringSync(formula, context)
|
||||
} catch (err: any) {
|
||||
if (err.code === UserScriptError.code) {
|
||||
return err.userScriptError.toString()
|
||||
}
|
||||
throw err
|
||||
}
|
||||
return processStringSync(formula, context)
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,14 @@
|
|||
import { atob, isJSAllowed } from "../utilities"
|
||||
import cloneDeep from "lodash/fp/cloneDeep"
|
||||
import { atob, isBackendService, isJSAllowed } from "../utilities"
|
||||
import { LITERAL_MARKER } from "../helpers/constants"
|
||||
import { getJsHelperList } from "./list"
|
||||
import { iifeWrapper } from "../iife"
|
||||
import { JsTimeoutError, UserScriptError } from "../errors"
|
||||
import { cloneDeep } from "lodash/fp"
|
||||
|
||||
// The method of executing JS scripts depends on the bundle being built.
|
||||
// This setter is used in the entrypoint (either index.js or index.mjs).
|
||||
let runJS: ((js: string, context: any) => any) | undefined = undefined
|
||||
let runJS: ((js: string, context: Record<string, any>) => any) | undefined =
|
||||
undefined
|
||||
export const setJSRunner = (runner: typeof runJS) => (runJS = runner)
|
||||
|
||||
export const removeJSRunner = () => {
|
||||
|
|
@ -31,9 +32,19 @@ const removeSquareBrackets = (value: string) => {
|
|||
return value
|
||||
}
|
||||
|
||||
const isReservedKey = (key: string) =>
|
||||
key === "snippets" ||
|
||||
key === "helpers" ||
|
||||
key.startsWith("snippets.") ||
|
||||
key.startsWith("helpers.")
|
||||
|
||||
// Our context getter function provided to JS code as $.
|
||||
// Extracts a value from context.
|
||||
const getContextValue = (path: string, context: any) => {
|
||||
// We populate `snippets` ourselves, don't allow access to it.
|
||||
if (isReservedKey(path)) {
|
||||
return undefined
|
||||
}
|
||||
const literalStringRegex = /^(["'`]).*\1$/
|
||||
let data = context
|
||||
// check if it's a literal string - just return path if its quoted
|
||||
|
|
@ -46,6 +57,7 @@ const getContextValue = (path: string, context: any) => {
|
|||
}
|
||||
data = data[removeSquareBrackets(key)]
|
||||
})
|
||||
|
||||
return data
|
||||
}
|
||||
|
||||
|
|
@ -67,10 +79,23 @@ export function processJS(handlebars: string, context: any) {
|
|||
snippetMap[snippet.name] = snippet.code
|
||||
}
|
||||
|
||||
// Our $ context function gets a value from context.
|
||||
// We clone the context to avoid mutation in the binding affecting real
|
||||
// app context.
|
||||
const clonedContext = cloneDeep({ ...context, snippets: null })
|
||||
let clonedContext: Record<string, any>
|
||||
if (isBackendService()) {
|
||||
// On the backned, values are copied across the isolated-vm boundary and
|
||||
// so we don't need to do any cloning here. This does create a fundamental
|
||||
// difference in how JS executes on the frontend vs the backend, e.g.
|
||||
// consider this snippet:
|
||||
//
|
||||
// $("array").push(2)
|
||||
// return $("array")[1]
|
||||
//
|
||||
// With the context of `{ array: [1] }`, the backend will return
|
||||
// `undefined` whereas the frontend will return `2`. We should fix this.
|
||||
clonedContext = context
|
||||
} else {
|
||||
clonedContext = cloneDeep(context)
|
||||
}
|
||||
|
||||
const sandboxContext = {
|
||||
$: (path: string) => getContextValue(path, clonedContext),
|
||||
helpers: getJsHelperList(),
|
||||
|
|
@ -95,6 +120,8 @@ export function processJS(handlebars: string, context: any) {
|
|||
} catch (error: any) {
|
||||
onErrorLog && onErrorLog(error)
|
||||
|
||||
const { noThrow = true } = context.__opts || {}
|
||||
|
||||
// The error handling below is quite messy, because it has fallen to
|
||||
// string-templates to handle a variety of types of error specific to usages
|
||||
// above it in the stack. It would be nice some day to refactor this to
|
||||
|
|
@ -123,11 +150,17 @@ export function processJS(handlebars: string, context: any) {
|
|||
// This is to catch the error that happens if a user-supplied JS script
|
||||
// throws for reasons introduced by the user.
|
||||
if (error.code === UserScriptError.code) {
|
||||
if (noThrow) {
|
||||
return error.userScriptError.toString()
|
||||
}
|
||||
throw error
|
||||
}
|
||||
|
||||
if (error.name === "SyntaxError") {
|
||||
return error.toString()
|
||||
if (noThrow) {
|
||||
return error.toString()
|
||||
}
|
||||
throw error
|
||||
}
|
||||
|
||||
return "Error while executing JS"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
import { Context, createContext, runInNewContext } from "vm"
|
||||
import { createContext, runInNewContext } from "vm"
|
||||
import { create, TemplateDelegate } from "handlebars"
|
||||
import { registerAll, registerMinimum } from "./helpers/index"
|
||||
import { postprocess, preprocess } from "./processors"
|
||||
|
|
@ -123,7 +123,7 @@ function createTemplate(
|
|||
export async function processObject<T extends Record<string, any>>(
|
||||
object: T,
|
||||
context: object,
|
||||
opts?: { noHelpers?: boolean; escapeNewlines?: boolean; onlyFound?: boolean }
|
||||
opts?: ProcessOptions
|
||||
): Promise<T> {
|
||||
testObject(object)
|
||||
|
||||
|
|
@ -173,7 +173,7 @@ export async function processString(
|
|||
export function processObjectSync(
|
||||
object: { [x: string]: any },
|
||||
context: any,
|
||||
opts: any
|
||||
opts?: ProcessOptions
|
||||
): object | Array<any> {
|
||||
testObject(object)
|
||||
for (let key of Object.keys(object || {})) {
|
||||
|
|
@ -231,10 +231,11 @@ export function processStringSync(
|
|||
return process(string)
|
||||
}
|
||||
} catch (err: any) {
|
||||
if (err.code === UserScriptError.code) {
|
||||
throw err
|
||||
const { noThrow = true } = opts || {}
|
||||
if (noThrow) {
|
||||
return input
|
||||
}
|
||||
return input
|
||||
throw err
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -454,21 +455,14 @@ export function convertToJS(hbs: string) {
|
|||
|
||||
export { JsTimeoutError, UserScriptError } from "./errors"
|
||||
|
||||
export function defaultJSSetup() {
|
||||
if (!isBackendService()) {
|
||||
/**
|
||||
* Use polyfilled vm to run JS scripts in a browser Env
|
||||
*/
|
||||
setJSRunner((js: string, context: Context) => {
|
||||
context = {
|
||||
...context,
|
||||
alert: undefined,
|
||||
setInterval: undefined,
|
||||
setTimeout: undefined,
|
||||
}
|
||||
createContext(context)
|
||||
export function browserJSSetup() {
|
||||
/**
|
||||
* Use polyfilled vm to run JS scripts in a browser Env
|
||||
*/
|
||||
setJSRunner((js: string, context: Record<string, any>) => {
|
||||
createContext(context)
|
||||
|
||||
const wrappedJs = `
|
||||
const wrappedJs = `
|
||||
result = {
|
||||
result: null,
|
||||
error: null,
|
||||
|
|
@ -483,12 +477,17 @@ export function defaultJSSetup() {
|
|||
result;
|
||||
`
|
||||
|
||||
const result = runInNewContext(wrappedJs, context, { timeout: 1000 })
|
||||
if (result.error) {
|
||||
throw new UserScriptError(result.error)
|
||||
}
|
||||
return result.result
|
||||
})
|
||||
const result = runInNewContext(wrappedJs, context, { timeout: 1000 })
|
||||
if (result.error) {
|
||||
throw new UserScriptError(result.error)
|
||||
}
|
||||
return result.result
|
||||
})
|
||||
}
|
||||
|
||||
export function defaultJSSetup() {
|
||||
if (!isBackendService()) {
|
||||
browserJSSetup()
|
||||
} else {
|
||||
removeJSRunner()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ export interface ProcessOptions {
|
|||
noEscaping?: boolean
|
||||
noHelpers?: boolean
|
||||
noFinalise?: boolean
|
||||
noThrow?: boolean
|
||||
escapeNewlines?: boolean
|
||||
onlyFound?: boolean
|
||||
disabledHelpers?: string[]
|
||||
|
|
|
|||
|
|
@ -4,7 +4,14 @@ export const FIND_HBS_REGEX = /{{([^{].*?)}}/g
|
|||
export const FIND_ANY_HBS_REGEX = /{?{{([^{].*?)}}}?/g
|
||||
export const FIND_TRIPLE_HBS_REGEX = /{{{([^{].*?)}}}/g
|
||||
|
||||
const isJest = () => typeof jest !== "undefined"
|
||||
|
||||
export const isBackendService = () => {
|
||||
// We consider the tests for string-templates to be frontend, so that they
|
||||
// test the frontend JS functionality.
|
||||
if (isJest()) {
|
||||
return false
|
||||
}
|
||||
return typeof window === "undefined"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,13 @@
|
|||
import vm from "vm"
|
||||
|
||||
import { processStringSync, encodeJSBinding, setJSRunner } from "../src/index"
|
||||
import {
|
||||
processStringSync,
|
||||
encodeJSBinding,
|
||||
defaultJSSetup,
|
||||
} from "../src/index"
|
||||
import { UUID_REGEX } from "./constants"
|
||||
import tk from "timekeeper"
|
||||
|
||||
const DATE = "2021-01-21T12:00:00"
|
||||
tk.freeze(DATE)
|
||||
|
||||
const processJS = (js: string, context?: object): any => {
|
||||
return processStringSync(encodeJSBinding(js), context)
|
||||
|
|
@ -9,9 +15,7 @@ const processJS = (js: string, context?: object): any => {
|
|||
|
||||
describe("Javascript", () => {
|
||||
beforeAll(() => {
|
||||
setJSRunner((js, context) => {
|
||||
return vm.runInNewContext(js, context, { timeout: 1000 })
|
||||
})
|
||||
defaultJSSetup()
|
||||
})
|
||||
|
||||
describe("Test the JavaScript helper", () => {
|
||||
|
|
@ -118,8 +122,7 @@ describe("Javascript", () => {
|
|||
})
|
||||
|
||||
it("should handle errors", () => {
|
||||
const output = processJS(`throw "Error"`)
|
||||
expect(output).toBe("Error while executing JS")
|
||||
expect(processJS(`throw "Error"`)).toEqual("Error")
|
||||
})
|
||||
|
||||
it("should timeout after one second", () => {
|
||||
|
|
@ -127,16 +130,18 @@ describe("Javascript", () => {
|
|||
expect(output).toBe("Timed out while executing JS")
|
||||
})
|
||||
|
||||
it("should prevent access to the process global", () => {
|
||||
const output = processJS(`return process`)
|
||||
expect(output).toBe("Error while executing JS")
|
||||
it("should prevent access to the process global", async () => {
|
||||
expect(processJS(`return process`)).toEqual(
|
||||
"ReferenceError: process is not defined"
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe("check JS helpers", () => {
|
||||
it("should error if using the format helper. not helpers.", () => {
|
||||
const output = processJS(`return helper.toInt(4.3)`)
|
||||
expect(output).toBe("Error while executing JS")
|
||||
expect(processJS(`return helper.toInt(4.3)`)).toEqual(
|
||||
"ReferenceError: helper is not defined"
|
||||
)
|
||||
})
|
||||
|
||||
it("should be able to use toInt", () => {
|
||||
|
|
@ -156,4 +161,323 @@ describe("Javascript", () => {
|
|||
expect(output).toBe("Custom")
|
||||
})
|
||||
})
|
||||
|
||||
describe("mutability", () => {
|
||||
it("should not allow the context to be mutated", async () => {
|
||||
const context = { array: [1] }
|
||||
const result = await processJS(
|
||||
`
|
||||
const array = $("array");
|
||||
array.push(2);
|
||||
return array[1]
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toEqual(2)
|
||||
expect(context.array).toEqual([1])
|
||||
})
|
||||
})
|
||||
|
||||
describe("malice", () => {
|
||||
it("should not be able to call JS functions", () => {
|
||||
expect(processJS(`return alert("hello")`)).toEqual(
|
||||
"ReferenceError: alert is not defined"
|
||||
)
|
||||
|
||||
expect(processJS(`return prompt("hello")`)).toEqual(
|
||||
"ReferenceError: prompt is not defined"
|
||||
)
|
||||
|
||||
expect(processJS(`return confirm("hello")`)).toEqual(
|
||||
"ReferenceError: confirm is not defined"
|
||||
)
|
||||
|
||||
expect(processJS(`return setTimeout(() => {}, 1000)`)).toEqual(
|
||||
"ReferenceError: setTimeout is not defined"
|
||||
)
|
||||
|
||||
expect(processJS(`return setInterval(() => {}, 1000)`)).toEqual(
|
||||
"ReferenceError: setInterval is not defined"
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
// the test cases here were extracted from templates/real world examples of JS in Budibase
|
||||
describe("real test cases from Budicloud", () => {
|
||||
const context = {
|
||||
"Unit Value": 2,
|
||||
Quantity: 1,
|
||||
}
|
||||
it("handle test case 1", async () => {
|
||||
const result = await processJS(
|
||||
`
|
||||
var Gross = $("[Unit Value]") * $("[Quantity]")
|
||||
return Gross.toFixed(2)`,
|
||||
context
|
||||
)
|
||||
expect(result).toBeDefined()
|
||||
expect(result).toBe("2.00")
|
||||
})
|
||||
|
||||
it("handle test case 2", async () => {
|
||||
const todayDate = new Date()
|
||||
// add a year and a month
|
||||
todayDate.setMonth(new Date().getMonth() + 1)
|
||||
todayDate.setFullYear(todayDate.getFullYear() + 1)
|
||||
const context = {
|
||||
"Purchase Date": DATE,
|
||||
today: todayDate.toISOString(),
|
||||
}
|
||||
const result = await processJS(
|
||||
`
|
||||
var purchase = new Date($("[Purchase Date]"));
|
||||
let purchaseyear = purchase.getFullYear();
|
||||
let purchasemonth = purchase.getMonth();
|
||||
|
||||
var today = new Date($("today"));
|
||||
let todayyear = today.getFullYear();
|
||||
let todaymonth = today.getMonth();
|
||||
|
||||
var age = todayyear - purchaseyear
|
||||
|
||||
if (((todaymonth - purchasemonth) < 6) == true){
|
||||
return age
|
||||
}
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBeDefined()
|
||||
expect(result).toBe(1)
|
||||
})
|
||||
|
||||
it("should handle test case 3", async () => {
|
||||
const context = {
|
||||
Escalate: true,
|
||||
"Budget ($)": 1100,
|
||||
}
|
||||
const result = await processJS(
|
||||
`
|
||||
if ($("[Escalate]") == true) {
|
||||
if ($("Budget ($)") <= 1000)
|
||||
{return 2;}
|
||||
if ($("Budget ($)") > 1000)
|
||||
{return 3;}
|
||||
}
|
||||
else {
|
||||
if ($("Budget ($)") <= 1000)
|
||||
{return 1;}
|
||||
if ($("Budget ($)") > 1000)
|
||||
if ($("Budget ($)") < 10000)
|
||||
{return 2;}
|
||||
else
|
||||
{return 3}
|
||||
}
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBeDefined()
|
||||
expect(result).toBe(3)
|
||||
})
|
||||
|
||||
it("should handle test case 4", async () => {
|
||||
const context = {
|
||||
"Time Sheets": ["a", "b"],
|
||||
}
|
||||
const result = await processJS(
|
||||
`
|
||||
let hours = 0
|
||||
if (($("[Time Sheets]") != null) == true){
|
||||
for (i = 0; i < $("[Time Sheets]").length; i++){
|
||||
let hoursLogged = "Time Sheets." + i + ".Hours"
|
||||
hours += $(hoursLogged)
|
||||
}
|
||||
return hours
|
||||
}
|
||||
if (($("[Time Sheets]") != null) == false){
|
||||
return hours
|
||||
}
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBeDefined()
|
||||
expect(result).toBe("0ab")
|
||||
})
|
||||
|
||||
it("should handle test case 5", async () => {
|
||||
const context = {
|
||||
change: JSON.stringify({ a: 1, primaryDisplay: "a" }),
|
||||
previous: JSON.stringify({ a: 2, primaryDisplay: "b" }),
|
||||
}
|
||||
const result = await processJS(
|
||||
`
|
||||
let change = $("[change]") ? JSON.parse($("[change]")) : {}
|
||||
let previous = $("[previous]") ? JSON.parse($("[previous]")) : {}
|
||||
|
||||
function simplifyLink(originalKey, value, parent) {
|
||||
if (Array.isArray(value)) {
|
||||
if (value.filter(item => Object.keys(item || {}).includes("primaryDisplay")).length > 0) {
|
||||
parent[originalKey] = value.map(link => link.primaryDisplay)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (let entry of Object.entries(change)) {
|
||||
simplifyLink(entry[0], entry[1], change)
|
||||
}
|
||||
for (let entry of Object.entries(previous)) {
|
||||
simplifyLink(entry[0], entry[1], previous)
|
||||
}
|
||||
|
||||
let diff = Object.fromEntries(Object.entries(change).filter(([k, v]) => previous[k]?.toString() !== v?.toString()))
|
||||
|
||||
delete diff.audit_change
|
||||
delete diff.audit_previous
|
||||
delete diff._id
|
||||
delete diff._rev
|
||||
delete diff.tableId
|
||||
delete diff.audit
|
||||
|
||||
for (let entry of Object.entries(diff)) {
|
||||
simplifyLink(entry[0], entry[1], diff)
|
||||
}
|
||||
|
||||
return JSON.stringify(change)?.replaceAll(",\\"", ",\\n\\t\\"").replaceAll("{\\"", "{\\n\\t\\"").replaceAll("}", "\\n}")
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe(`{\n\t"a":1,\n\t"primaryDisplay":"a"\n}`)
|
||||
})
|
||||
|
||||
it("should handle test case 6", async () => {
|
||||
const context = {
|
||||
"Join Date": DATE,
|
||||
}
|
||||
const result = await processJS(
|
||||
`
|
||||
var rate = 5;
|
||||
var today = new Date();
|
||||
|
||||
// comment
|
||||
function monthDiff(dateFrom, dateTo) {
|
||||
return dateTo.getMonth() - dateFrom.getMonth() +
|
||||
(12 * (dateTo.getFullYear() - dateFrom.getFullYear()))
|
||||
}
|
||||
var serviceMonths = monthDiff( new Date($("[Join Date]")), today);
|
||||
var serviceYears = serviceMonths / 12;
|
||||
|
||||
if (serviceYears >= 1 && serviceYears < 5){
|
||||
rate = 10;
|
||||
}
|
||||
if (serviceYears >= 5 && serviceYears < 10){
|
||||
rate = 15;
|
||||
}
|
||||
if (serviceYears >= 10){
|
||||
rate = 15;
|
||||
rate += 0.5 * (Number(serviceYears.toFixed(0)) - 10);
|
||||
}
|
||||
return rate;
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe(10)
|
||||
})
|
||||
|
||||
it("should handle test case 7", async () => {
|
||||
const context = {
|
||||
"P I": "Pass",
|
||||
"PA I": "Pass",
|
||||
"F I": "Fail",
|
||||
"V I": "Pass",
|
||||
}
|
||||
const result = await processJS(
|
||||
`if (($("[P I]") == "Pass") == true)
|
||||
if (($("[ P I]") == "Pass") == true)
|
||||
if (($("[F I]") == "Pass") == true)
|
||||
if (($("[V I]") == "Pass") == true)
|
||||
{return "Pass"}
|
||||
|
||||
if (($("[PA I]") == "Fail") == true)
|
||||
{return "Fail"}
|
||||
if (($("[ P I]") == "Fail") == true)
|
||||
{return "Fail"}
|
||||
if (($("[F I]") == "Fail") == true)
|
||||
{return "Fail"}
|
||||
if (($("[V I]") == "Fail") == true)
|
||||
{return "Fail"}
|
||||
|
||||
else
|
||||
{return ""}`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe("Fail")
|
||||
})
|
||||
|
||||
it("should handle test case 8", async () => {
|
||||
const context = {
|
||||
"T L": [{ Hours: 10 }],
|
||||
"B H": 50,
|
||||
}
|
||||
const result = await processJS(
|
||||
`var totalHours = 0;
|
||||
if (($("[T L]") != null) == true){
|
||||
for (let i = 0; i < ($("[T L]").length); i++){
|
||||
var individualHours = "T L." + i + ".Hours";
|
||||
var hoursNum = Number($(individualHours));
|
||||
totalHours += hoursNum;
|
||||
}
|
||||
return totalHours.toFixed(2);
|
||||
}
|
||||
if (($("[T L]") != null) == false) {
|
||||
return totalHours.toFixed(2);
|
||||
}
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe("10.00")
|
||||
})
|
||||
|
||||
it("should handle test case 9", async () => {
|
||||
const context = {
|
||||
"T L": [{ Hours: 10 }],
|
||||
"B H": 50,
|
||||
}
|
||||
const result = await processJS(
|
||||
`var totalHours = 0;
|
||||
if (($("[T L]") != null) == true){
|
||||
for (let i = 0; i < ($("[T L]").length); i++){
|
||||
var individualHours = "T L." + i + ".Hours";
|
||||
var hoursNum = Number($(individualHours));
|
||||
totalHours += hoursNum;
|
||||
}
|
||||
return ($("[B H]") - totalHours).toFixed(2);
|
||||
}
|
||||
if (($("[T L]") != null) == false) {
|
||||
return ($("[B H]") - totalHours).toFixed(2);
|
||||
}`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe("40.00")
|
||||
})
|
||||
|
||||
it("should handle test case 10", async () => {
|
||||
const context = {
|
||||
"F F": [{ "F S": 10 }],
|
||||
}
|
||||
const result = await processJS(
|
||||
`var rating = 0;
|
||||
|
||||
if ($("[F F]") != null){
|
||||
for (i = 0; i < $("[F F]").length; i++){
|
||||
var individualRating = $("F F." + i + ".F S");
|
||||
rating += individualRating;
|
||||
}
|
||||
rating = (rating / $("[F F]").length);
|
||||
}
|
||||
return rating;
|
||||
`,
|
||||
context
|
||||
)
|
||||
expect(result).toBe(10)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
import vm from "vm"
|
||||
|
||||
jest.mock("@budibase/handlebars-helpers/lib/math", () => {
|
||||
const actual = jest.requireActual("@budibase/handlebars-helpers/lib/math")
|
||||
|
||||
|
|
@ -17,7 +15,7 @@ jest.mock("@budibase/handlebars-helpers/lib/uuid", () => {
|
|||
}
|
||||
})
|
||||
|
||||
import { processString, setJSRunner } from "../src/index"
|
||||
import { defaultJSSetup, processString } from "../src/index"
|
||||
|
||||
import tk from "timekeeper"
|
||||
import { getParsedManifest, runJsHelpersTests } from "./utils"
|
||||
|
|
@ -32,9 +30,7 @@ describe("manifest", () => {
|
|||
const manifest = getParsedManifest()
|
||||
|
||||
beforeAll(() => {
|
||||
setJSRunner((js, context) => {
|
||||
return vm.runInNewContext(js, context, { timeout: 1000 })
|
||||
})
|
||||
defaultJSSetup()
|
||||
})
|
||||
|
||||
describe("examples are valid", () => {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ export interface RowActionResponse extends RowActionData {
|
|||
id: string
|
||||
tableId: string
|
||||
automationId: string
|
||||
allowedViews: string[] | undefined
|
||||
allowedSources: string[] | undefined
|
||||
}
|
||||
|
||||
export interface RowActionsResponse {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ export interface UpdateSelfRequest {
|
|||
freeTrialConfirmedAt?: string
|
||||
appFavourites?: string[]
|
||||
tours?: Record<string, Date>
|
||||
appSort?: string
|
||||
}
|
||||
|
||||
export interface UpdateSelfResponse {
|
||||
|
|
|
|||
|
|
@ -7,10 +7,9 @@ export interface CreateAccount {
|
|||
tenantId: string
|
||||
hosting: Hosting
|
||||
authType: AuthType
|
||||
accountName: string
|
||||
// optional fields - for sso based sign ups
|
||||
registrationStep?: string
|
||||
// profile
|
||||
tenantName?: string
|
||||
name?: string
|
||||
size?: string
|
||||
profession?: string
|
||||
|
|
@ -20,11 +19,6 @@ export interface CreatePassswordAccount extends CreateAccount {
|
|||
password: string
|
||||
}
|
||||
|
||||
export interface CreateVerifiableSSOAccount extends CreateAccount {
|
||||
provider?: AccountSSOProvider
|
||||
thirdPartyProfile?: any
|
||||
}
|
||||
|
||||
export const isCreatePasswordAccount = (
|
||||
account: CreateAccount
|
||||
): account is CreatePassswordAccount => account.authType === AuthType.PASSWORD
|
||||
|
|
@ -56,6 +50,7 @@ export interface Account extends CreateAccount {
|
|||
providerType?: AccountSSOProviderType
|
||||
quotaUsage?: QuotaUsage
|
||||
offlineLicenseToken?: string
|
||||
tenantName?: string
|
||||
}
|
||||
|
||||
export interface PasswordAccount extends Account {
|
||||
|
|
|
|||
|
|
@ -8,8 +8,10 @@ export interface TableRowActions extends Document {
|
|||
export interface RowActionData {
|
||||
name: string
|
||||
automationId: string
|
||||
permissions: {
|
||||
table: { runAllowed: boolean }
|
||||
views: Record<string, { runAllowed: boolean }>
|
||||
}
|
||||
permissions: RowActionPermissions
|
||||
}
|
||||
|
||||
export interface RowActionPermissions {
|
||||
table: { runAllowed: boolean }
|
||||
views: Record<string, { runAllowed: boolean }>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -94,6 +94,7 @@ export interface ViewV2 {
|
|||
type?: SortType
|
||||
}
|
||||
schema?: ViewV2Schema
|
||||
uiMetadata?: Record<string, any>
|
||||
}
|
||||
|
||||
export type ViewV2Schema = Record<string, ViewFieldMetadata>
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ export interface User extends Document {
|
|||
scimInfo?: { isSync: true } & Record<string, any>
|
||||
appFavourites?: string[]
|
||||
ssoId?: string
|
||||
appSort?: string
|
||||
}
|
||||
|
||||
export enum UserStatus {
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ export const buildSelfSaveValidation = () => {
|
|||
freeTrialConfirmedAt: Joi.string().optional(),
|
||||
appFavourites: Joi.array().optional(),
|
||||
tours: Joi.object().optional(),
|
||||
appSort: Joi.string().optional(),
|
||||
}
|
||||
return auth.joiValidator.body(Joi.object(schema).required().unknown(false))
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue