Trim on output
This commit is contained in:
Adria Navarro
parent
c7c48d6f8f
commit
458ef9e754
|
|
@ -1,10 +1,10 @@
|
||||||
import { Ctx, Row } from "@budibase/types"
|
import { Ctx, Row, ViewV2 } from "@budibase/types"
|
||||||
|
|
||||||
import sdk from "../sdk"
|
import sdk from "../sdk"
|
||||||
import { Next } from "koa"
|
import { Next } from "koa"
|
||||||
import { getSourceId } from "../api/controllers/row/utils"
|
import { getSourceId } from "../api/controllers/row/utils"
|
||||||
|
|
||||||
export default async (ctx: Ctx<Row>, next: Next) => {
|
export default async (ctx: Ctx<Row, Row>, next: Next) => {
|
||||||
const { body } = ctx.request
|
const { body } = ctx.request
|
||||||
const viewId = getSourceId(ctx).viewId ?? body._viewId
|
const viewId = getSourceId(ctx).viewId ?? body._viewId
|
||||||
|
|
||||||
|
|
@ -14,22 +14,31 @@ export default async (ctx: Ctx<Row>, next: Next) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
// don't need to trim delete requests
|
// don't need to trim delete requests
|
||||||
if (ctx?.method?.toLowerCase() !== "delete") {
|
const trimFields = ctx?.method?.toLowerCase() !== "delete"
|
||||||
await trimViewFields(ctx.request.body, viewId)
|
if (!trimFields) {
|
||||||
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
return next()
|
const view = await sdk.views.get(viewId)
|
||||||
|
ctx.request.body = await trimNonViewFields(ctx.request.body, view, "WRITE")
|
||||||
|
|
||||||
|
await next()
|
||||||
|
|
||||||
|
ctx.body = await trimNonViewFields(ctx.body, view, "READ")
|
||||||
}
|
}
|
||||||
|
|
||||||
// have to mutate the koa context, can't return
|
// have to mutate the koa context, can't return
|
||||||
export async function trimViewFields(body: Row, viewId: string): Promise<void> {
|
export async function trimNonViewFields(
|
||||||
const view = await sdk.views.get(viewId)
|
row: Row,
|
||||||
const allowedKeys = sdk.views.allowedFields(view)
|
view: ViewV2,
|
||||||
|
permission: "WRITE" | "READ"
|
||||||
|
): Promise<Row> {
|
||||||
|
row = { ...row }
|
||||||
|
const allowedKeys = sdk.views.allowedFields(view, permission)
|
||||||
// have to mutate the context, can't update reference
|
// have to mutate the context, can't update reference
|
||||||
const toBeRemoved = Object.keys(body).filter(
|
const toBeRemoved = Object.keys(row).filter(key => !allowedKeys.includes(key))
|
||||||
key => !allowedKeys.includes(key)
|
|
||||||
)
|
|
||||||
for (let removeKey of toBeRemoved) {
|
for (let removeKey of toBeRemoved) {
|
||||||
delete body[removeKey]
|
delete row[removeKey]
|
||||||
}
|
}
|
||||||
|
return row
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -139,14 +139,20 @@ export async function remove(viewId: string): Promise<ViewV2> {
|
||||||
return pickApi(tableId).remove(viewId)
|
return pickApi(tableId).remove(viewId)
|
||||||
}
|
}
|
||||||
|
|
||||||
export function allowedFields(view: View | ViewV2) {
|
export function allowedFields(
|
||||||
|
view: View | ViewV2,
|
||||||
|
permission: "WRITE" | "READ"
|
||||||
|
) {
|
||||||
return [
|
return [
|
||||||
...Object.keys(view?.schema || {}).filter(key => {
|
...Object.keys(view?.schema || {}).filter(key => {
|
||||||
if (!isV2(view)) {
|
if (!isV2(view)) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
const fieldSchema = view.schema![key]
|
const fieldSchema = view.schema![key]
|
||||||
return fieldSchema.visible && !fieldSchema.readonly
|
if (permission === "WRITE") {
|
||||||
|
return fieldSchema.visible && !fieldSchema.readonly
|
||||||
|
}
|
||||||
|
return fieldSchema.visible
|
||||||
}),
|
}),
|
||||||
...PROTECTED_EXTERNAL_COLUMNS,
|
...PROTECTED_EXTERNAL_COLUMNS,
|
||||||
...PROTECTED_INTERNAL_COLUMNS,
|
...PROTECTED_INTERNAL_COLUMNS,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue