Merge pull request #14468 from Budibase/BUDI-8562/fix-trimming-views
Trimming views
This commit is contained in:
Adria Navarro
GitHub
commit
27b640b360
File diff suppressed because it is too large
Load Diff
|
|
@ -1,10 +1,10 @@
|
||||||
import { Ctx, Row } from "@budibase/types"
|
import { Ctx, Row, ViewV2 } from "@budibase/types"
|
||||||
|
|
||||||
import sdk from "../sdk"
|
import sdk from "../sdk"
|
||||||
import { Next } from "koa"
|
import { Next } from "koa"
|
||||||
import { getSourceId } from "../api/controllers/row/utils"
|
import { getSourceId } from "../api/controllers/row/utils"
|
||||||
|
|
||||||
export default async (ctx: Ctx<Row>, next: Next) => {
|
export default async (ctx: Ctx<Row, Row>, next: Next) => {
|
||||||
const { body } = ctx.request
|
const { body } = ctx.request
|
||||||
const viewId = getSourceId(ctx).viewId ?? body._viewId
|
const viewId = getSourceId(ctx).viewId ?? body._viewId
|
||||||
|
|
||||||
|
|
@ -14,22 +14,31 @@ export default async (ctx: Ctx<Row>, next: Next) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
// don't need to trim delete requests
|
// don't need to trim delete requests
|
||||||
if (ctx?.method?.toLowerCase() !== "delete") {
|
const trimFields = ctx?.method?.toLowerCase() !== "delete"
|
||||||
await trimViewFields(ctx.request.body, viewId)
|
if (!trimFields) {
|
||||||
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
return next()
|
const view = await sdk.views.get(viewId)
|
||||||
|
ctx.request.body = await trimNonViewFields(ctx.request.body, view, "WRITE")
|
||||||
|
|
||||||
|
await next()
|
||||||
|
|
||||||
|
ctx.body = await trimNonViewFields(ctx.body, view, "READ")
|
||||||
}
|
}
|
||||||
|
|
||||||
// have to mutate the koa context, can't return
|
// have to mutate the koa context, can't return
|
||||||
export async function trimViewFields(body: Row, viewId: string): Promise<void> {
|
export async function trimNonViewFields(
|
||||||
const view = await sdk.views.get(viewId)
|
row: Row,
|
||||||
const allowedKeys = sdk.views.allowedFields(view)
|
view: ViewV2,
|
||||||
|
permission: "WRITE" | "READ"
|
||||||
|
): Promise<Row> {
|
||||||
|
row = { ...row }
|
||||||
|
const allowedKeys = sdk.views.allowedFields(view, permission)
|
||||||
// have to mutate the context, can't update reference
|
// have to mutate the context, can't update reference
|
||||||
const toBeRemoved = Object.keys(body).filter(
|
const toBeRemoved = Object.keys(row).filter(key => !allowedKeys.includes(key))
|
||||||
key => !allowedKeys.includes(key)
|
|
||||||
)
|
|
||||||
for (let removeKey of toBeRemoved) {
|
for (let removeKey of toBeRemoved) {
|
||||||
delete body[removeKey]
|
delete row[removeKey]
|
||||||
}
|
}
|
||||||
|
return row
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ import {
|
||||||
PROTECTED_EXTERNAL_COLUMNS,
|
PROTECTED_EXTERNAL_COLUMNS,
|
||||||
PROTECTED_INTERNAL_COLUMNS,
|
PROTECTED_INTERNAL_COLUMNS,
|
||||||
} from "@budibase/shared-core"
|
} from "@budibase/shared-core"
|
||||||
import { cloneDeep } from "lodash/fp"
|
|
||||||
|
|
||||||
import * as utils from "../../../db/utils"
|
import * as utils from "../../../db/utils"
|
||||||
import { isExternalTableID } from "../../../integrations/utils"
|
import { isExternalTableID } from "../../../integrations/utils"
|
||||||
|
|
@ -139,14 +138,20 @@ export async function remove(viewId: string): Promise<ViewV2> {
|
||||||
return pickApi(tableId).remove(viewId)
|
return pickApi(tableId).remove(viewId)
|
||||||
}
|
}
|
||||||
|
|
||||||
export function allowedFields(view: View | ViewV2) {
|
export function allowedFields(
|
||||||
|
view: View | ViewV2,
|
||||||
|
permission: "WRITE" | "READ"
|
||||||
|
) {
|
||||||
return [
|
return [
|
||||||
...Object.keys(view?.schema || {}).filter(key => {
|
...Object.keys(view?.schema || {}).filter(key => {
|
||||||
if (!isV2(view)) {
|
if (!isV2(view)) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
const fieldSchema = view.schema![key]
|
const fieldSchema = view.schema![key]
|
||||||
return fieldSchema.visible && !fieldSchema.readonly
|
if (permission === "WRITE") {
|
||||||
|
return fieldSchema.visible && !fieldSchema.readonly
|
||||||
|
}
|
||||||
|
return fieldSchema.visible
|
||||||
}),
|
}),
|
||||||
...PROTECTED_EXTERNAL_COLUMNS,
|
...PROTECTED_EXTERNAL_COLUMNS,
|
||||||
...PROTECTED_INTERNAL_COLUMNS,
|
...PROTECTED_INTERNAL_COLUMNS,
|
||||||
|
|
@ -157,17 +162,19 @@ export function enrichSchema(
|
||||||
view: ViewV2,
|
view: ViewV2,
|
||||||
tableSchema: TableSchema
|
tableSchema: TableSchema
|
||||||
): ViewV2Enriched {
|
): ViewV2Enriched {
|
||||||
let schema = cloneDeep(tableSchema)
|
let schema: TableSchema = {}
|
||||||
const anyViewOrder = Object.values(view.schema || {}).some(
|
const anyViewOrder = Object.values(view.schema || {}).some(
|
||||||
ui => ui.order != null
|
ui => ui.order != null
|
||||||
)
|
)
|
||||||
for (const key of Object.keys(schema)) {
|
for (const key of Object.keys(tableSchema).filter(
|
||||||
|
key => tableSchema[key].visible !== false
|
||||||
|
)) {
|
||||||
// if nothing specified in view, then it is not visible
|
// if nothing specified in view, then it is not visible
|
||||||
const ui = view.schema?.[key] || { visible: false }
|
const ui = view.schema?.[key] || { visible: false }
|
||||||
schema[key] = {
|
schema[key] = {
|
||||||
...schema[key],
|
...tableSchema[key],
|
||||||
...ui,
|
...ui,
|
||||||
order: anyViewOrder ? ui?.order ?? undefined : schema[key].order,
|
order: anyViewOrder ? ui?.order ?? undefined : tableSchema[key].order,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -101,14 +101,6 @@ describe("table sdk", () => {
|
||||||
type: "number",
|
type: "number",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
hiddenField: {
|
|
||||||
type: "string",
|
|
||||||
name: "hiddenField",
|
|
||||||
visible: false,
|
|
||||||
constraints: {
|
|
||||||
type: "string",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
@ -143,10 +135,6 @@ describe("table sdk", () => {
|
||||||
...basicTable.schema.id,
|
...basicTable.schema.id,
|
||||||
visible: true,
|
visible: true,
|
||||||
},
|
},
|
||||||
hiddenField: {
|
|
||||||
...basicTable.schema.hiddenField,
|
|
||||||
visible: false,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
@ -181,10 +169,6 @@ describe("table sdk", () => {
|
||||||
...basicTable.schema.id,
|
...basicTable.schema.id,
|
||||||
visible: false,
|
visible: false,
|
||||||
},
|
},
|
||||||
hiddenField: {
|
|
||||||
...basicTable.schema.hiddenField,
|
|
||||||
visible: false,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
@ -209,7 +193,6 @@ describe("table sdk", () => {
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
...view,
|
...view,
|
||||||
schema: {
|
schema: {
|
||||||
...basicTable.schema,
|
|
||||||
name: {
|
name: {
|
||||||
type: "string",
|
type: "string",
|
||||||
name: "name",
|
name: "name",
|
||||||
|
|
@ -264,7 +247,6 @@ describe("table sdk", () => {
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
...view,
|
...view,
|
||||||
schema: {
|
schema: {
|
||||||
...basicTable.schema,
|
|
||||||
name: {
|
name: {
|
||||||
type: "string",
|
type: "string",
|
||||||
name: "name",
|
name: "name",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue