Skip to content

Commit

Permalink
fix: keep unknown params in query
Browse files Browse the repository at this point in the history
  • Loading branch information
@jimlambie
jimlambie committed Jun 15, 2018
1 parent 5d2b265 commit 52b9500
Show file tree
Hide file tree
Showing 3 changed files with 143 additions and 17 deletions.
14 changes: 7 additions & 7 deletions dadi/lib/controller/index.js
View file
Expand Up @@ -17,13 +17,13 @@ Controller.prototype._prepareQuery = function (req) {

// Remove filter params that don't exist in
// the model schema.
if (!Array.isArray(query)) {
Object.keys(query).forEach(key => {
if (!this.model.isKeyValid(key)) {
delete query[key]
}
})
}
// if (!Array.isArray(query)) {
// Object.keys(query).forEach(key => {
// if (!this.model.isKeyValid(key)) {
// delete query[key]
// }
// })
// }

// If id is present in the url, add to the query.
if (req.params && req.params.id) {
Expand Down
140 changes: 133 additions & 7 deletions test/acceptance/acl/collections-api.js
View file
Expand Up @@ -393,6 +393,132 @@ describe('Collections API', () => {
})
})

describe('COUNT', function () {
it('should return 400 for an invalid query', function (done) {
let testClient = {
clientId: 'apiClient',
secret: 'someSecret',
resources: { 'collection:testdb_test-schema': PERMISSIONS.READ }
}

help.createACLClient(testClient).then(() => {
client
.post(config.get('auth.tokenUrl'))
.set('content-type', 'application/json')
.send(testClient)
.expect(200)
.end((err, res) => {
if (err) return done(err)

let bearerToken = res.body.accessToken

client
.get(`/vtest/testdb/test-schema/count?filter={"$where":{"title":"xxx"}}`)
.set('content-type', 'application/json')
.set('Authorization', `Bearer ${bearerToken}`)
.end((err, res) => {
if (err) return done(err)
res.statusCode.should.eql(400)
done()
})
})
})
})

it('should return 403 with no permissions', function (done) {
let testClient = {
clientId: 'apiClient',
secret: 'someSecret',
resources: { 'collection:testdb_test-schema': {} }
}

help.createACLClient(testClient).then(() => {
client
.post(config.get('auth.tokenUrl'))
.set('content-type', 'application/json')
.send(testClient)
.expect(200)
.end((err, res) => {
if (err) return done(err)

let bearerToken = res.body.accessToken

client
.get(`/vtest/testdb/test-schema/count`)
.set('content-type', 'application/json')
.set('Authorization', `Bearer ${bearerToken}`)
.end((err, res) => {
if (err) return done(err)
res.statusCode.should.eql(403)
done()
})
})
})
})

it('should return 403 with no read permission', function (done) {
let testClient = {
clientId: 'apiClient',
secret: 'someSecret',
resources: { 'collection:testdb_test-schema': PERMISSIONS.NO_READ }
}

help.createACLClient(testClient).then(() => {
client
.post(config.get('auth.tokenUrl'))
.set('content-type', 'application/json')
.send(testClient)
.expect(200)
.end((err, res) => {
if (err) return done(err)

let bearerToken = res.body.accessToken

client
.get(`/vtest/testdb/test-schema/count`)
.set('content-type', 'application/json')
.set('Authorization', `Bearer ${bearerToken}`)
.end((err, res) => {
if (err) return done(err)
res.statusCode.should.eql(403)
done()
})
})
})
})

it('should return 200 with read permission', function (done) {
let testClient = {
clientId: 'apiClient',
secret: 'someSecret',
resources: { 'collection:testdb_test-schema': PERMISSIONS.READ }
}

help.createACLClient(testClient).then(() => {
client
.post(config.get('auth.tokenUrl'))
.set('content-type', 'application/json')
.send(testClient)
.expect(200)
.end((err, res) => {
if (err) return done(err)

let bearerToken = res.body.accessToken

client
.get(`/vtest/testdb/test-schema/count`)
.set('content-type', 'application/json')
.set('Authorization', `Bearer ${bearerToken}`)
.end((err, res) => {
if (err) return done(err)
res.statusCode.should.eql(200)
done()
})
})
})
})
})

describe('POST', function () {
it('should return 400 with invalid payload', function (done) {
let testClient = {
Expand Down Expand Up @@ -564,7 +690,7 @@ describe('Collections API', () => {
})
})
})
})
})

it('should return 200 with all permissions (query in body)', function (done) {
let testClient = {
Expand Down Expand Up @@ -636,7 +762,7 @@ describe('Collections API', () => {
})
})
})
})
})

it('should return 200 with update permissions (query in body)', function (done) {
let testClient = {
Expand Down Expand Up @@ -708,7 +834,7 @@ describe('Collections API', () => {
})
})
})
})
})

it('should return 200 and not update any documents when the query differs from the filter permission', function (done) {
let testClient = {
Expand Down Expand Up @@ -772,7 +898,7 @@ describe('Collections API', () => {
})
})
})
})
})
})

describe('DELETE', function () {
Expand Down Expand Up @@ -839,7 +965,7 @@ describe('Collections API', () => {
})
})
})
})
})

it('should return 204 with delete permission (query in body)', function (done) {
let testClient = {
Expand Down Expand Up @@ -936,7 +1062,7 @@ describe('Collections API', () => {
})
})
})
})
})

it('should return 204 and not delete any documents when the query differs from the filter permission', function (done) {
let testClient = {
Expand Down Expand Up @@ -996,6 +1122,6 @@ describe('Collections API', () => {
})
})
})
})
})
})
})
6 changes: 3 additions & 3 deletions test/unit/controller.js
View file
Expand Up @@ -73,7 +73,7 @@ describe('Controller', () => {
stub.restore()
})

it('should strip unknown params from the query', () => {
it('should not strip unknown params from the query', () => {
let mod = model(
'testModel',
help.getModelSchema(),
Expand All @@ -91,7 +91,7 @@ describe('Controller', () => {
let queryParameters = stub.returnsArg(0).args[0][0].query

queryParameters.fieldName.should.equal('test')
should.not.exist(queryParameters.busted)
should.exist(queryParameters.busted)

stub.restore()
})
Expand Down Expand Up @@ -520,7 +520,7 @@ describe('Controller', () => {

sinon.stub(libHelp, 'clearCache').callsFake(pathname => {
pathname.should.eql(req.url)
})
})

controller(mod).delete(req)

Expand Down

0 comments on commit 52b9500

Please sign in to comment.