From 58c809ad8eae9692f2ee674adf5811e9d3a466e9 Mon Sep 17 00:00:00 2001 From: dziraf Date: Fri, 22 Jan 2021 15:41:55 +0100 Subject: [PATCH] feat: move accessibility check to after before hook is called --- src/backend/controllers/api-controller.ts | 6 +++++- src/backend/decorators/action/action-decorator.ts | 2 +- src/frontend/components/routes/record-action.tsx | 5 ++++- src/locale/en.ts | 4 ++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/backend/controllers/api-controller.ts b/src/backend/controllers/api-controller.ts index 15b2c7dc6..183ac35cf 100644 --- a/src/backend/controllers/api-controller.ts +++ b/src/backend/controllers/api-controller.ts @@ -152,9 +152,13 @@ class ApiController { actionContext.record = record const jsonWithRecord = await actionContext.action.handler(request, response, actionContext) - if (jsonWithRecord && jsonWithRecord.record && jsonWithRecord.record.recordActions) { + const isValidRecord = !!(jsonWithRecord && jsonWithRecord.record && jsonWithRecord.record.recordActions) + const anErrorWasHandled = jsonWithRecord && jsonWithRecord.notice && jsonWithRecord.notice.type === 'error' + + if (isValidRecord || anErrorWasHandled) { return jsonWithRecord } + throw new ConfigurationError( 'handler of a recordAction should return a RecordJSON object', 'Action#handler', diff --git a/src/backend/decorators/action/action-decorator.ts b/src/backend/decorators/action/action-decorator.ts index e147a15ed..3ba70e20e 100644 --- a/src/backend/decorators/action/action-decorator.ts +++ b/src/backend/decorators/action/action-decorator.ts @@ -86,8 +86,8 @@ class ActionDecorator { context: ActionContext, ): Promise { try { - this.canInvokeAction(context) const modifiedRequest = await this.invokeBeforeHook(request, context) + this.canInvokeAction(context) const res = await this.invokeHandler(modifiedRequest, response, context) return this.invokeAfterHook(res, modifiedRequest, context) } catch (error) { diff --git a/src/frontend/components/routes/record-action.tsx b/src/frontend/components/routes/record-action.tsx index 5093272cf..a4589ddb6 100644 --- a/src/frontend/components/routes/record-action.tsx +++ b/src/frontend/components/routes/record-action.tsx @@ -33,6 +33,9 @@ const RecordAction: React.FC = () => { setLoading(true) api.recordAction(match.params).then((response) => { setLoading(false) + if (response.data.notice && response.data.notice.type === 'error') { + addNotice(response.data.notice) + } setRecord(response.data.record) }).catch((error) => { addNotice({ @@ -65,7 +68,7 @@ const RecordAction: React.FC = () => { // Alternative approach would be to setRecord(undefined) before the fetch, but it is async and // we cannot be sure that the component wont be rendered (it will be at least once) with the // wrong data. - const hasDifferentRecord = record && record.id.toString() !== recordId + const hasDifferentRecord = record && record.id && record.id.toString() !== recordId if (loading || hasDifferentRecord) { const actionFromResource = resource.actions.find(r => r.name === actionName) diff --git a/src/locale/en.ts b/src/locale/en.ts index bf1372b1b..7df252596 100644 --- a/src/locale/en.ts +++ b/src/locale/en.ts @@ -53,8 +53,8 @@ const translations = { theseRecordsWillBeRemoved_plural: 'Following records will be removed', pickSomeFirstToRemove: 'In order to remove records, you have to pick them first', error404Resource: 'Resource of given id: {{resourceId}} cannot be found', - error404Action: 'Resource of given id: {{resourceId}} does not have an action with name: {{actionName}}', - error404Record: 'Resource of given id: {{resourceId}} does not have a record with id: {{recordId}}', + error404Action: 'Resource of given id: {{resourceId}} does not have an action with name: {{actionName}} or you are not authorized to use it!', + error404Record: 'Resource of given id: {{resourceId}} does not have a record with id: {{recordId}} or you are not authorized to use it!', seeConsoleForMore: 'See development console for more details...', noActionComponent: 'You have to implement action component for your Action', noRecordsInResource: 'There are no records in this resource',