New: Add accessQueryHook and remove post-query page fill#103
Merged
Conversation
This was referenced May 26, 2026
Closed
Adds a new content access hook that runs before find() so observers can merge access-control clauses into req.apiData.query. This keeps mongo skip/limit exact, pagination counts accurate, and avoids the need to top up short pages. Reverts the fill-the-page logic in queryHandler: with observers filtering at query time, the mechanism is unnecessary; it also had skip-drift and over-fill bugs that caused infinite re-fetch loops on the dashboard when combined with multilang/adaptframework access checks. accessCheckHook is retained for checks that cannot be expressed as queries, but is now documented as a safety net rather than the filtering path.
Mirrors the existing super-user bypass in checkAccess so query-time access mutations don't filter dashboards or other queries for super users.
taylortom
force-pushed
the
add-access-query-hook
branch
from
80758a2 to
5cba2df
Compare
github-actions Bot
pushed a commit
that referenced
this pull request
May 26, 2026
# [3.7.0](v3.6.3...v3.7.0) (2026-05-26) ### New * Add accessQueryHook and remove post-query page fill (#103) ([d1578c5](d1578c5)), closes [#103](#103) * Add accessQueryHook and remove post-query page fill (fixes #102) ([43cd4fb](43cd4fb)), closes [#102](#102) ### Update * Skip accessQueryHook for super users (refs #102) ([5cba2df](5cba2df)), closes [#102](#102)
|
🎉 This PR is included in version 3.7.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #102
New
accessQueryHook— invoked afterrequestHookand beforesetUpPagination, allowing observers to merge access-control clauses intoreq.apiData.query. Fires from bothrequestHandler(non-GET) andqueryHandler(paginated reads), so pagination counts (X-Adapt-PageTotal,Link) reflect the filtered query.Fix
queryHandler. It had two latent bugs (skip drift on subsequent pages, over-fillslicedropping records) and produced an infinite re-fetch loop on the dashboard when combined with anyaccessCheckHookobserver that filters. With observers migrated toaccessQueryHook, fill-the-page is unnecessary.accessCheckHookJSDoc updated to flag it as a safety net for non-queryable checks; filtering callers should move toaccessQueryHook.Testing
npm test— 62/62 passnpx standard— cleanadapt-authoring-multilangandadapt-authoring-adaptframework, which exercise the new hook end-to-end on the dashboard.