scantist-ossops-m2 · cingmanwu · Aug 6, 2024
diff --git a/packages/bbui/src/Tooltip/TooltipWrapper.svelte b/packages/bbui/src/Tooltip/TooltipWrapper.svelte
@@ -48,7 +48,7 @@
     display: flex;
     justify-content: center;
     top: 15px;
-    z-index: 100;
+    z-index: 200;
     width: 160px;
   }
   .icon {

diff --git a/packages/bbui/src/Tooltip/TooltipWrapper.svelte.orig b/packages/bbui/src/Tooltip/TooltipWrapper.svelte.orig
@@ -0,0 +1,60 @@
+<script>
+  import Tooltip from "./Tooltip.svelte"
+  import Icon from "../Icon/Icon.svelte"
+
+  export let tooltip = ""
+  export let size = "M"
+  export let disabled = true
+
+  let showTooltip = false
+</script>
+
+<div class:container={!!tooltip}>
+  <slot />
+  {#if tooltip}
+    <div class="icon-container">
+      <div
+        class="icon"
+        class:icon-small={size === "M" || size === "S"}
+        on:mouseover={() => (showTooltip = true)}
+        on:mouseleave={() => (showTooltip = false)}
+        on:focus
+      >
+        <Icon name="InfoOutline" size="S" {disabled} />
+      </div>
+      {#if showTooltip}
+        <div class="tooltip">
+          <Tooltip textWrapping={true} direction={"bottom"} text={tooltip} />
+        </div>
+      {/if}
+    </div>
+  {/if}
+</div>
+
+<style>
+  .container {
+    display: flex;
+    align-items: center;
+  }
+  .icon-container {
+    position: relative;
+    display: flex;
+    justify-content: center;
+    margin-left: 5px;
+    margin-right: 5px;
+  }
+  .tooltip {
+    position: absolute;
+    display: flex;
+    justify-content: center;
+    top: 15px;
+    z-index: 100;
+    width: 160px;
+  }
+  .icon {
+    transform: scale(0.75);
+  }
+  .icon-small {
+    margin-bottom: -2px;
+  }
+</style>
diff --git a/packages/builder/src/builderStore/dataBinding.js b/packages/builder/src/builderStore/dataBinding.js
@@ -9,14 +9,14 @@ import {
 import { store } from "builderStore"
 import {
   queries as queriesStores,
-  tables as tablesStore,
   roles as rolesStore,
+  tables as tablesStore,
 } from "stores/backend"
 import {
-  makePropSafe,
-  isJSBinding,
   decodeJSBinding,
   encodeJSBinding,
+  isJSBinding,
+  makePropSafe,
 } from "@budibase/string-templates"
 import { TableNames } from "../constants"
 import { JSONUtils } from "@budibase/frontend-core"
@@ -118,8 +118,7 @@ export const readableToRuntimeMap = (bindings, ctx) => {
     return {}
   }
   return Object.keys(ctx).reduce((acc, key) => {
-    let parsedQuery = readableToRuntimeBinding(bindings, ctx[key])
-    acc[key] = parsedQuery
+    acc[key] = readableToRuntimeBinding(bindings, ctx[key])
     return acc
   }, {})
 }
@@ -132,8 +131,7 @@ export const runtimeToReadableMap = (bindings, ctx) => {
     return {}
   }
   return Object.keys(ctx).reduce((acc, key) => {
-    let parsedQuery = runtimeToReadableBinding(bindings, ctx[key])
-    acc[key] = parsedQuery
+    acc[key] = runtimeToReadableBinding(bindings, ctx[key])
     return acc
   }, {})
 }

diff --git a/packages/builder/src/helpers/data/utils.js b/packages/builder/src/helpers/data/utils.js
@@ -1,4 +1,5 @@
 import { IntegrationTypes } from "constants/backend"
+import { findHBSBlocks } from "@budibase/string-templates"
 
 export function schemaToFields(schema) {
   const response = {}
@@ -31,7 +32,8 @@ export function breakQueryString(qs) {
   let paramObj = {}
   for (let param of params) {
     const split = param.split("=")
-    paramObj[split[0]] = split.slice(1).join("=")
+    console.log(split[1])
+    paramObj[split[0]] = decodeURIComponent(split.slice(1).join("="))
   }
   return paramObj
 }
@@ -46,7 +48,19 @@ export function buildQueryString(obj) {
       if (str !== "") {
         str += "&"
       }
-      str += `${key}=${encodeURIComponent(value || "")}`
+      const bindings = findHBSBlocks(value)
+      let count = 0
+      const bindingMarkers = {}
+      bindings.forEach(binding => {
+        const marker = `BINDING...${count++}`
+        value = value.replace(binding, marker)
+        bindingMarkers[marker] = binding
+      })
+      let encoded = encodeURIComponent(value || "")
+      Object.entries(bindingMarkers).forEach(([marker, binding]) => {
+        encoded = encoded.replace(marker, binding)
+      })
+      str += `${key}=${encoded}`
     }
   }
   return str

diff --git a/.../builder/app/[application]/data/datasource/[selectedDatasource]/rest/[query]/index.svelte b/.../builder/app/[application]/data/datasource/[selectedDatasource]/rest/[query]/index.svelte
@@ -347,6 +347,7 @@
     const datasourceUrl = datasource?.config.url
     const qs = query?.fields.queryString
     breakQs = restUtils.breakQueryString(qs)
+    console.log(breakQs)
     breakQs = runtimeToReadableMap(mergedBindings, breakQs)
 
     const path = query.fields.path
@@ -708,6 +709,7 @@
   .url-block {
     display: flex;
     gap: var(--spacing-s);
+    z-index: 200;
   }
   .verb {
     flex: 1;

diff --git a/packages/worker/src/api/controllers/global/self.js b/packages/worker/src/api/controllers/global/self.js
@@ -80,16 +80,15 @@ const addSessionAttributesToUser = ctx => {
   ctx.body.csrfToken = ctx.user.csrfToken
 }
 
-/**
- * Remove the attributes that are session based from the current user,
- * so that stale values are not written to the db
- */
-const removeSessionAttributesFromUser = ctx => {
-  delete ctx.request.body.csrfToken
-  delete ctx.request.body.account
-  delete ctx.request.body.accountPortalAccess
-  delete ctx.request.body.budibaseAccess
-  delete ctx.request.body.license
+const sanitiseUserUpdate = ctx => {
+  const allowed = ["firstName", "lastName", "password", "forceResetPassword"]
+  const resp = {}
+  for (let [key, value] of Object.entries(ctx.request.body)) {
+    if (allowed.includes(key)) {
+      resp[key] = value
+    }
+  }
+  return resp
 }
 
 exports.getSelf = async ctx => {
@@ -117,25 +116,23 @@ exports.updateSelf = async ctx => {
   const db = getGlobalDB()
   const user = await db.get(ctx.user._id)
   let passwordChange = false
-  if (ctx.request.body.password) {
+
+  const userUpdateObj = sanitiseUserUpdate(ctx)
+  if (userUpdateObj.password) {
     // changing password
     passwordChange = true
-    ctx.request.body.password = await hash(ctx.request.body.password)
+    userUpdateObj.password = await hash(userUpdateObj.password)
     // Log all other sessions out apart from the current one
     await platformLogout({
       ctx,
       userId: ctx.user._id,
       keepActiveSession: true,
     })
   }
-  // don't allow sending up an ID/Rev, always use the existing one
-  delete ctx.request.body._id
-  delete ctx.request.body._rev
-  removeSessionAttributesFromUser(ctx)
 
   const response = await db.put({
     ...user,
-    ...ctx.request.body,
+    ...userUpdateObj,
   })
   await userCache.invalidateUser(user._id)
   ctx.body = {

diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts
@@ -14,7 +14,6 @@ import {
   errors,
   events,
   tenancy,
-  users as usersCore,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
 import { groups as groupUtils } from "@budibase/pro"
@@ -148,9 +147,7 @@ export const bulkDelete = async (ctx: any) => {
   }
 
   try {
-    let response = await users.bulkDelete(userIds)
-
-    ctx.body = response
+    ctx.body = await users.bulkDelete(userIds)
   } catch (err) {
     ctx.throw(err)
   }