Saltcorn 0.8.4 has been released with the following changes:
Consistent permission checks – Table read and write permissions are now strictly enforced. In previous versions the view permissions were allowed to override the table read and write permissions. This was inconsistent and hard to understand. Now, if you want to read a row you need table read permission (which means you either need to have a role that is higher than the minimum role to read, or you need to have ownership of that row), and similarly to write.
Emails continue to be improved. Formatting is improved with more styles supported. Links to images and to views are now absolute (which is necessary for them to be useful in emails). Files can now also be included as attachments to emails.
CSRF checks are now disabled in the API. This makes it much easier to use the API to send data to a Saltcorn application.
Restore snapshot in full – several people have asked how we can run separate development and production instances and move functionality from the development to the production instance. This can now be done by downloading a snapshot from the development instance ad restoring it in full on the production instance. Snapshots include the application build but exclude the table row data. This currently only works on the root tenant. Support for subdomain tenants will be introduced in the next release.
In the file manager, multiple selected files can be downloaded as a zip archive. If you have uploaded a zip archive, it can now be extracted in the file manager as well.
Inline list edit – in list views, you can now enable “Click to Edit”. This means that when the user mouse-hovers a value, they can click to turn that value into an input box (a little icon appears, to indicate that). This is a very simple function only for string or numeric fields, we have already written code for the next release which will make this applicable to more fields and improve the user experience.
Modify row action – there is now an action to modify rows. This makes it much simpler to create an action that makes a simple modification of the active row.
Our Python based security test suite now includes tests for real-time chat and OAuth-based authentication. This gave us the confidence to upgrade numerous dependencies.