From f98c18a3e29205de2a6b2448a07bae58780a9bcd Mon Sep 17 00:00:00 2001
From: Konstantinos Feretos <konferetos@tutanota.com>
Date: Thu, 3 Aug 2023 12:36:53 +0300
Subject: [PATCH] fix(database): sql authorized findMany queries (#668)

---
 .../database/src/adapters/SchemaAdapter.ts    | 29 ++++++-------------
 .../mongoose-adapter/MongooseSchema.ts        |  6 ++--
 .../sequelize-adapter/SequelizeSchema.ts      | 29 +++++++++----------
 3 files changed, 26 insertions(+), 38 deletions(-)

diff --git a/modules/database/src/adapters/SchemaAdapter.ts b/modules/database/src/adapters/SchemaAdapter.ts
index f2f6eb7ca..be2cc9ff2 100644
--- a/modules/database/src/adapters/SchemaAdapter.ts
+++ b/modules/database/src/adapters/SchemaAdapter.ts
@@ -171,7 +171,7 @@ export abstract class SchemaAdapter<T> {
 
   async getPaginatedAuthorizedQuery(
     operation: string,
-    parsedQuery: Indexable,
+    query: Indexable,
     userId?: string,
     scope?: string,
     skip?: number,
@@ -182,10 +182,10 @@ export abstract class SchemaAdapter<T> {
       !this.originalSchema.modelOptions.conduit?.authorization?.enabled ||
       (isNil(userId) && isNil(scope))
     )
-      return { parsedQuery, modified: false };
+      return { query, modified: false };
     const view = await this.permissionCheck(operation, userId, scope);
-    if (!view) return { parsedQuery, modified: false };
-    const docs = await view.findMany(parsedQuery, {
+    if (!view) return { query, modified: false };
+    const docs = await view.findMany(query, {
       select: '_id',
       skip,
       limit,
@@ -194,23 +194,12 @@ export abstract class SchemaAdapter<T> {
       scope: undefined,
     });
     if (isNil(docs)) {
-      return { parsedQuery: null, modified: false };
-    }
-    if (this.adapter.getDatabaseType() === 'MongoDB') {
-      return {
-        parsedQuery: {
-          _id: {
-            $in: docs.map((doc: any) => doc._id),
-          },
-        },
-        modified: true,
-      };
-    } else {
-      return {
-        parsedQuery: { _id: { [Op.in]: docs.map((doc: any) => doc._id) } },
-        modified: true,
-      };
+      return { query: null, modified: false };
     }
+    return {
+      query: { _id: { $in: docs.map((doc: any) => doc._id) } },
+      modified: true,
+    };
   }
 
   async addPermissionToData(
diff --git a/modules/database/src/adapters/mongoose-adapter/MongooseSchema.ts b/modules/database/src/adapters/mongoose-adapter/MongooseSchema.ts
index bf0d6af06..595d04cf8 100644
--- a/modules/database/src/adapters/mongoose-adapter/MongooseSchema.ts
+++ b/modules/database/src/adapters/mongoose-adapter/MongooseSchema.ts
@@ -260,7 +260,7 @@ export class MongooseSchema extends SchemaAdapter<Model<any>> {
       scope?: string;
     },
   ): Promise<any> {
-    let { parsedQuery, modified } = await this.getPaginatedAuthorizedQuery(
+    const { query: filter, modified } = await this.getPaginatedAuthorizedQuery(
       'read',
       parseQuery(this.parseStringToQuery(query)),
       options?.userId,
@@ -269,10 +269,10 @@ export class MongooseSchema extends SchemaAdapter<Model<any>> {
       options?.limit,
       options?.sort,
     );
-    if (isNil(parsedQuery)) {
+    if (isNil(filter)) {
       return [];
     }
-    let finalQuery = this.model.find(parsedQuery, options?.select);
+    let finalQuery = this.model.find(filter, options?.select);
     if (!isNil(options?.skip) && !modified) {
       finalQuery = finalQuery.skip(options?.skip!);
     }
diff --git a/modules/database/src/adapters/sequelize-adapter/SequelizeSchema.ts b/modules/database/src/adapters/sequelize-adapter/SequelizeSchema.ts
index 95a0b9ebf..ba8c5c3ae 100644
--- a/modules/database/src/adapters/sequelize-adapter/SequelizeSchema.ts
+++ b/modules/database/src/adapters/sequelize-adapter/SequelizeSchema.ts
@@ -369,27 +369,26 @@ export class SequelizeSchema extends SchemaAdapter<ModelStatic<any>> {
       scope?: string;
     },
   ) {
-    const { filter, parsingResult } = parseQueryFilter(
+    const { query: filter, modified } = await this.getPaginatedAuthorizedQuery(
+      'read',
+      query as Indexable,
+      options?.userId,
+      options?.scope,
+      options?.skip,
+      options?.limit,
+      options?.sort,
+    );
+    if (isNil(filter)) {
+      return [];
+    }
+    const { filter: parsedFilter, parsingResult } = parseQueryFilter(
       this,
-      this.parseStringToQuery(query),
+      this.parseStringToQuery(filter),
       {
         populate: options?.populate,
         select: options?.select,
       },
     );
-    const { parsedQuery: parsedFilter, modified } =
-      await this.getPaginatedAuthorizedQuery(
-        'read',
-        filter,
-        options?.userId,
-        options?.scope,
-        options?.skip,
-        options?.limit,
-        options?.sort,
-      );
-    if (isNil(parsedFilter)) {
-      return [];
-    }
     const findOptions: FindOptions = {
       where: parsedFilter,
       nest: true,