diff --git a/packages/bbui/src/Layout/Page.svelte b/packages/bbui/src/Layout/Page.svelte index 62dd9cc909..e469927e60 100644 --- a/packages/bbui/src/Layout/Page.svelte +++ b/packages/bbui/src/Layout/Page.svelte @@ -43,12 +43,11 @@ flex-direction: row; justify-content: flex-start; align-items: stretch; - overflow-y: scroll !important; flex: 1 1 auto; overflow-x: hidden; } .main { - overflow: auto; + overflow-y: scroll; } .content { display: flex; diff --git a/packages/builder/src/global.css b/packages/builder/src/global.css index adf4a47070..a13d491416 100644 --- a/packages/builder/src/global.css +++ b/packages/builder/src/global.css @@ -61,7 +61,7 @@ a { height: 8px; } ::-webkit-scrollbar-track { - background: var(--spectrum-alias-background-color-default); + background: transparent; } ::-webkit-scrollbar-thumb { background-color: var(--spectrum-global-color-gray-400); @@ -71,6 +71,5 @@ a { background: var(--spectrum-alias-background-color-default); } html * { - scrollbar-color: var(--spectrum-global-color-gray-400) - var(--spectrum-alias-background-color-default); + scrollbar-color: var(--spectrum-global-color-gray-400) transparent; } diff --git a/packages/server/src/websockets/grid.ts b/packages/server/src/websockets/grid.ts index 661d47cb6d..205c2896a3 100644 --- a/packages/server/src/websockets/grid.ts +++ b/packages/server/src/websockets/grid.ts @@ -1,7 +1,7 @@ import authorized from "../middleware/authorized" import currentApp from "../middleware/currentapp" import { BaseSocket } from "./websocket" -import { auth, permissions } from "@budibase/backend-core" +import { auth, permissions, context } from "@budibase/backend-core" import http from "http" import Koa from "koa" import { getSourceId } from "../api/controllers/row/utils" @@ -10,6 +10,12 @@ import { Socket } from "socket.io" import { GridSocketEvent } from "@budibase/shared-core" import { userAgent } from "koa-useragent" import { createContext, runMiddlewares } from "./middleware" +import sdk from "../sdk" +import { + findHBSBlocks, + isJSBinding, + decodeJSBinding, +} from "@budibase/string-templates" const { PermissionType, PermissionLevel } = permissions @@ -18,15 +24,46 @@ export default class GridSocket extends BaseSocket { super(app, server, "/socket/grid") } + // Checks if a view's query contains any current user bindings + containsCurrentUserBinding(view: ViewV2): boolean { + return findHBSBlocks(JSON.stringify(view.query)) + .map(binding => { + const sanitizedBinding = binding.replace(/\\"/g, '"') + if (isJSBinding(sanitizedBinding)) { + return decodeJSBinding(sanitizedBinding) + } else { + return sanitizedBinding + } + }) + .some(binding => binding?.includes("[user]")) + } + async onConnect(socket: Socket) { // Initial identification of connected spreadsheet socket.on(GridSocketEvent.SelectDatasource, async (payload, callback) => { const ds = payload.datasource const appId = payload.appId const resourceId = ds?.type === "table" ? ds?.tableId : ds?.id + let valid = true - // Ignore if no table or app specified + // Validate datasource if (!resourceId || !appId) { + // Ignore if no table or app specified + valid = false + } else if (ds.type === "viewV2") { + // If this is a view filtered by current user, don't sync changes + try { + await context.doInAppContext(appId, async () => { + const view = await sdk.views.get(ds.id) + if (this.containsCurrentUserBinding(view)) { + valid = false + } + }) + } catch (err) { + valid = false + } + } + if (!valid) { socket.disconnect(true) return }