Account for JS current user bindings as well as HBS

2024-12-12 08:32:57 +00:00 · 2024-12-12 08:32:57 +00:00 · dc10bbf4c7
parent 62e47cc268
commit dc10bbf4c7
1 changed files with 20 additions and 1 deletions
--- a/packages/server/src/websockets/grid.ts
+++ b/packages/server/src/websockets/grid.ts
@ -11,6 +11,11 @@ import { GridSocketEvent } from "@budibase/shared-core"
 import { userAgent } from "koa-useragent"
 import { createContext, runMiddlewares } from "./middleware"
 import sdk from "../sdk"
+import {
+  findHBSBlocks,
+  isJSBinding,
+  decodeJSBinding,
+} from "@budibase/string-templates"

 const { PermissionType, PermissionLevel } = permissions

@ -19,6 +24,20 @@ export default class GridSocket extends BaseSocket {
    super(app, server, "/socket/grid")
  }

+  // Checks if a view's query contains any current user bindings
+  containsCurrentUserBinding(view: ViewV2): boolean {
+    return findHBSBlocks(JSON.stringify(view.query))
+      .map(binding => {
+        const sanitizedBinding = binding.replace(/\\"/g, '"')
+        if (isJSBinding(sanitizedBinding)) {
+          return decodeJSBinding(sanitizedBinding)
+        } else {
+          return sanitizedBinding
+        }
+      })
+      .some(binding => binding?.includes("[user]"))
+  }
+
  async onConnect(socket: Socket) {
    // Initial identification of connected spreadsheet
    socket.on(GridSocketEvent.SelectDatasource, async (payload, callback) => {
@ -36,7 +55,7 @@ export default class GridSocket extends BaseSocket {
        try {
          await context.doInAppContext(appId, async () => {
            const view = await sdk.views.get(ds.id)
-            if (JSON.stringify(view.query).includes("[user]")) {
+            if (this.containsCurrentUserBinding(view)) {
              valid = false
            }
          })