Skip to content

Commit

Permalink
fix(database): sql authorized findMany queries (#668)
Browse files Browse the repository at this point in the history
  • Loading branch information
kon14 committed Aug 3, 2023
1 parent f4564a2 commit f98c18a
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 38 deletions.
29 changes: 9 additions & 20 deletions modules/database/src/adapters/SchemaAdapter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ export abstract class SchemaAdapter<T> {

async getPaginatedAuthorizedQuery(
operation: string,
parsedQuery: Indexable,
query: Indexable,
userId?: string,
scope?: string,
skip?: number,
Expand All @@ -182,10 +182,10 @@ export abstract class SchemaAdapter<T> {
!this.originalSchema.modelOptions.conduit?.authorization?.enabled ||
(isNil(userId) && isNil(scope))
)
return { parsedQuery, modified: false };
return { query, modified: false };
const view = await this.permissionCheck(operation, userId, scope);
if (!view) return { parsedQuery, modified: false };
const docs = await view.findMany(parsedQuery, {
if (!view) return { query, modified: false };
const docs = await view.findMany(query, {
select: '_id',
skip,
limit,
Expand All @@ -194,23 +194,12 @@ export abstract class SchemaAdapter<T> {
scope: undefined,
});
if (isNil(docs)) {
return { parsedQuery: null, modified: false };
}
if (this.adapter.getDatabaseType() === 'MongoDB') {
return {
parsedQuery: {
_id: {
$in: docs.map((doc: any) => doc._id),
},
},
modified: true,
};
} else {
return {
parsedQuery: { _id: { [Op.in]: docs.map((doc: any) => doc._id) } },
modified: true,
};
return { query: null, modified: false };
}
return {
query: { _id: { $in: docs.map((doc: any) => doc._id) } },
modified: true,
};
}

async addPermissionToData(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ export class MongooseSchema extends SchemaAdapter<Model<any>> {
scope?: string;
},
): Promise<any> {
let { parsedQuery, modified } = await this.getPaginatedAuthorizedQuery(
const { query: filter, modified } = await this.getPaginatedAuthorizedQuery(
'read',
parseQuery(this.parseStringToQuery(query)),
options?.userId,
Expand All @@ -269,10 +269,10 @@ export class MongooseSchema extends SchemaAdapter<Model<any>> {
options?.limit,
options?.sort,
);
if (isNil(parsedQuery)) {
if (isNil(filter)) {
return [];
}
let finalQuery = this.model.find(parsedQuery, options?.select);
let finalQuery = this.model.find(filter, options?.select);
if (!isNil(options?.skip) && !modified) {
finalQuery = finalQuery.skip(options?.skip!);
}
Expand Down
29 changes: 14 additions & 15 deletions modules/database/src/adapters/sequelize-adapter/SequelizeSchema.ts
Original file line number Diff line number Diff line change
Expand Up @@ -369,27 +369,26 @@ export class SequelizeSchema extends SchemaAdapter<ModelStatic<any>> {
scope?: string;
},
) {
const { filter, parsingResult } = parseQueryFilter(
const { query: filter, modified } = await this.getPaginatedAuthorizedQuery(
'read',
query as Indexable,
options?.userId,
options?.scope,
options?.skip,
options?.limit,
options?.sort,
);
if (isNil(filter)) {
return [];
}
const { filter: parsedFilter, parsingResult } = parseQueryFilter(
this,
this.parseStringToQuery(query),
this.parseStringToQuery(filter),
{
populate: options?.populate,
select: options?.select,
},
);
const { parsedQuery: parsedFilter, modified } =
await this.getPaginatedAuthorizedQuery(
'read',
filter,
options?.userId,
options?.scope,
options?.skip,
options?.limit,
options?.sort,
);
if (isNil(parsedFilter)) {
return [];
}
const findOptions: FindOptions = {
where: parsedFilter,
nest: true,
Expand Down

0 comments on commit f98c18a

Please sign in to comment.