[sync] Merge pull request #2575 from teableio/feat/computed-activity-metadata#3613
[sync] Merge pull request #2575 from teableio/feat/computed-activity-metadata#3613tea-artist wants to merge 1 commit into
Conversation
…metadata Synced from teableio/teable-ee@ed70fdd Co-authored-by: nichenqin <nichenqin@hotmail.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bf4abdafef
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| for (const { doc, onOp } of listeners) { | ||
| doc.removeListener('op', onOp); | ||
| doc.removeListener('op batch', onOp); | ||
| doc.removeListener('create', onOp); | ||
| } |
There was a problem hiding this comment.
Unsubscribe ShareDB docs during cleanup
When the table/field list changes or this provider unmounts, this cleanup only removes local listeners; the doc.subscribe() calls above remain active. Since this effect subscribes to every readable field doc, navigating between tables or reloading field metadata accumulates ShareDB subscriptions that continue receiving cmp_* traffic and holding server/client resources even though the UI no longer observes them. Call doc.unsubscribe()/doc.destroy() (and do the same for the table doc cleanup) when tearing down the effect.
Useful? React with 👍 / 👎.
| tableId: string, | ||
| ids: string[] | ||
| ): Promise<ISnapshotBase<unknown>[]> { | ||
| await this.fieldService.authorizeComputedActivityRead(tableId); |
There was a problem hiding this comment.
Validate field ids before returning share activity docs
On share-link connections this authorizes only the table, but the ids passed to loadComputedActivitySnapshots come directly from the ShareDB subscription. Unlike getFieldSnapshotBulk, which validates requested ids through the share's allowed field list, a view share with hidden fields or visibleFieldIds can request cmp_${tableId} for a hidden field id and receive its compute status/error metadata. Please filter or validate these ids against the share's readable field ids before loading docs.
Useful? React with 👍 / 👎.
| fields: snapshot.fields.map((field) => ({ | ||
| fieldId: field.fieldId, |
There was a problem hiding this comment.
Filter compute activity fields by field permissions
When a caller has table-read access but some fields are hidden or record-read denied, this response still serializes every projected activity row for the table after GetComputeActivityHandler only runs the table read guard. That exposes hidden field ids plus status/error/dirty-record metadata through /api/v2/tables/getComputeActivity, even though the UI has to filter canReadFieldRecord before subscribing or displaying activity. Filter snapshot.fields to the table fields the caller may read before mapping them here.
Useful? React with 👍 / 👎.
Coverage Report for CI Build 29639757594Coverage increased (+0.007%) to 58.902%Details
Uncovered Changes
Coverage Regressions4 previously-covered lines in 3 files lost coverage.
Coverage Stats💛 - Coveralls |
🔄 Automated sync from EE repository.
1 commit(s) synced since last sync.
Authors
Included commits
Latest source commit: teableio/teable-ee@ed70fdd
This PR was automatically created by the sync workflow.