Fix#413: Adhere widget name and controls to designs
- Widget Name now adheres to designs
- Position and sizes of widget controls now adhere to designs.
See merge request theappsmith/internal-tools-client!198
Selected Option is now available in dropdown widget.
Fixes#383
Added a concept of derived properties for widgets. A derived property is something that is not stored in dsl because it can be evaluated from stored properties. For example: We do not need to store a `selectedOption` for a dropdown because it can be derived from `selectedIndex` and `options`. Similarly we do not need to store `selectedRow` in a table because it can be derived from `tableData` and `selectedRowIndex`.
Such properties are constructed on the fly for their usage in js execution and autocomplete.
To add a derived property to a widget add `getDerivedPropertiesMap` function which returns an object like this:
```
{
<DerivedPropertyName>: (widgetData: FlattenedWidgetProps) => {<<Implements how the derived property is evaluated.>>}
}
```
See merge request theappsmith/internal-tools-client!191
Creating a list of public endpoints that anonymous users can access.
OPA controls access to all endpoints and the list of authenticated resources and public URLs is defined in a single place in that file.
The url_allow function in acl.rego is an overloaded function that replicates the OR condition in Rego. Either the user is authenticated and has permissions to access those resources, or the URL is public and accessible by any user.
See merge request theappsmith/internal-tools-server!117
OPA controls access to all endpoints and the list of authenticated resources and public URLs is defined in a single place in that file.
The url_allow function in acl.rego is an overloaded function that replicates the OR condition in Rego. Either the user is authenticated and has permissions to access those resources, or the URL is public and accessible by any user.
User Auth Flow
The following user scenarios are implemented:
Login
=====
- User should be able to login using email and password
- - Known issue: No redirect happens after login. In fact, an error shows. User should go to `/applications` manually
- User should be able to login using google
- - Know issue: User redirects to the `release` application or `production` applications. If you're using `release` or `production`, you'll be on the same domain.
- User should be able to see validation errors on login page for email and password
- Login button is in loading state when clicked (logging In)
- Login page should start with login button disabled
- Login page shows login errors, if any.
- User should be able to redirect to signup page from the link in the page
- User should be able to redirect to forgot page from the link in the page
- If the email field has any value, the value is carried over to forgot password page.
Sign Up
=======
- User should be able to sign up with email and password
- User should be able to see success message on successful signup.
- User should be able to see password and email validation errors.
- The signup button should work exactly the way it works in the login page
- User should be able to go back to login page from the link on the page.
Forgot Password
===============
- User should be able to see the email field populated if they had something in the email field on the login page. Works only when redirecting from login page's forgot password link.
- User should be able to see validation messages
- User should be able to initiate a request to send a reset token to their provided email
- The reset button should work exactly the way it works on the login page
- User should see the success and failure messages, with actionable links.
Reset Password
==============
- User should be able to reset their password
- User should be able to see success/failure messages with actionable links.
- User should be able to see validation errors.
- User should be able to go back to login page in case they change their mind.
Other changes
=============
- User should see proper error messages when we have a 500 error in forms
- User should redirect to login page if trying without a logged in session on protected routes (for eg: `applications/`)
- Custom form error message tag component which adheres to appsmith's intent colors.
See merge request theappsmith/internal-tools-client!177
Upgrading to Spring boot 2.2.2 for features in Spring security
Now, we have an authenticationSuccessHandler & authenticationFailureHandler for OAuth & Form sign ups. This makes the whole flow much cleaner & easier to handle.
See merge request theappsmith/internal-tools-server!115
Now, we have an authenticationSuccessHandler & authenticationFailureHandler for OAuth & Form sign ups. This makes the whole flow much easier to handle.
Adding endpoint to fetch current user's profile.
Also redirecting the browser to this user profile endpoint on username password login success. This ensures that the client fetches the profile along with setting the session ID cookie in the browser
See merge request theappsmith/internal-tools-server!113
Also redirecting the browser to this user profile endpoint on username password login success. This ensures that the client fetches the profile along with setting the session ID cookie in the browser
Redirect to the client's homepage on success of username password login
This has been done with the express purpose of ensuring that the session ID is set correctly in the browser by the client. This can only happen when there is a 302 redirect by the browser.
See merge request theappsmith/internal-tools-server!112
This involves overriding the default success and failure handlers for login in the SecurityConfig class. The handlers are defined in the filters package.
Fixed : Unbinding action from page during DSL update leads to unbinding of all actions.
Removed unbinding of actions from the page if not present in the DSL.
See merge request theappsmith/internal-tools-server!110
Separate loading states per action
Fixes: #320, #273
* Fixes issue where loading state of one action is shared with others
* Adds a loading overlay when saving an action
See merge request theappsmith/internal-tools-client!188
Moving the annotation @EnableMongoAuditing to the CommonConfig class because it wasn't being acknowledged by Spring
This now ensures that Spring JPA inserts the createdAt and updatedAt timestamps to the MongoDB along with the document itself.
See merge request theappsmith/internal-tools-server!109
Removes pageId from actions no longer in DSL in action collection
Removes pageId from actions no longer in DSL and adds pageIds for actions in DSL in actions collection.
All of these operations are now happening in bulk to improve performance
See merge request theappsmith/internal-tools-server!107
Assigning groups & permissions to new user signups
When a new user signs up, a new personal organization is created for that user. Default permission groups are created for this personal organization based on the database that contains this information in the `groups` collection with organization name `default-org`. These default groups should NEVER be deleted from the DB.
The user is then assigned to these default groups which allows him/her to administer their personal organization as org admins
would.
Also, the `User` domain object now returns the email ID as the username of the user.
See merge request theappsmith/internal-tools-server!108
The default groups for an organization are created by copying over data from the groups collection with the organizationId 'default-org'. This ensures that we can update the permissions in the DB and add new permissions without any code changes. The new user is then assigned to these groups so that they have all the permissions required to administer the organization.
Also adding a display name for the groups so that the UI can show a different name than the one used internally within the DB to represent the group.
