From 28137f95006005b7b1585e3890790b7f330d989f Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Fri, 24 May 2024 16:07:07 +0200 Subject: [PATCH] Validate view schema on upsert --- .../src/api/routes/tests/viewV2.spec.ts | 8 ++++-- packages/server/src/sdk/app/views/index.ts | 28 ++++++++++++++++++- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/packages/server/src/api/routes/tests/viewV2.spec.ts b/packages/server/src/api/routes/tests/viewV2.spec.ts index 2ad02a8082..61c8dbbe0f 100644 --- a/packages/server/src/api/routes/tests/viewV2.spec.ts +++ b/packages/server/src/api/routes/tests/viewV2.spec.ts @@ -141,7 +141,7 @@ describe.each([ type: SortType.STRING, }, schema: { - name: { + Price: { visible: true, }, }, @@ -150,7 +150,11 @@ describe.each([ expect(res).toEqual({ ...newView, - schema: newView.schema, + schema: { + Price: { + visible: true, + }, + }, id: expect.any(String), version: 2, }) diff --git a/packages/server/src/sdk/app/views/index.ts b/packages/server/src/sdk/app/views/index.ts index 2edfd900c4..e62931b934 100644 --- a/packages/server/src/sdk/app/views/index.ts +++ b/packages/server/src/sdk/app/views/index.ts @@ -2,10 +2,11 @@ import { RenameColumn, TableSchema, View, + ViewUIFieldMetadata, ViewV2, ViewV2Enriched, } from "@budibase/types" -import { db as dbCore } from "@budibase/backend-core" +import { HTTPError, db as dbCore } from "@budibase/backend-core" import { cloneDeep } from "lodash" import * as utils from "../../../db/utils" @@ -13,6 +14,7 @@ import { isExternalTableID } from "../../../integrations/utils" import * as internal from "./internal" import * as external from "./external" +import sdk from "../../../sdk" function pickApi(tableId: any) { if (isExternalTableID(tableId)) { @@ -31,14 +33,38 @@ export async function getEnriched(viewId: string): Promise { return pickApi(tableId).getEnriched(viewId) } +async function guardViewSchema( + tableId: string, + schema?: Record +) { + if (!schema || !Object.keys(schema).length) { + return + } + const table = await sdk.tables.getTable(tableId) + if (schema) { + for (const field of Object.keys(schema)) { + if (!table.schema[field]) { + throw new HTTPError( + `Field "${field}" is not valid for the requested table`, + 400 + ) + } + } + } +} + export async function create( tableId: string, viewRequest: Omit ): Promise { + await guardViewSchema(tableId, viewRequest.schema) + return pickApi(tableId).create(tableId, viewRequest) } export async function update(tableId: string, view: ViewV2): Promise { + await guardViewSchema(tableId, view.schema) + return pickApi(tableId).update(tableId, view) }