MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix issue with determining when to hide sensitive fields from query definitions and never delete the query schema

This commit is contained in:
Andrew Kingston 2021-11-25 11:21:54 +00:00
parent 439c8cd3ef
commit 737ce9dc32
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
packages/server/src/api/controllers/query.js
View File

@ -1,6 +1,10 @@
const { processString } = require("@budibase/string-templates") const { processString } = require("@budibase/string-templates")
const CouchDB = require("../../db") const CouchDB = require("../../db")
const { generateQueryID, getQueryParams } = require("../../db/utils") const {
generateQueryID,
getQueryParams,
isProdAppID,
} = require("../../db/utils")
const { BaseQueryVerbs } = require("../../constants") const { BaseQueryVerbs } = require("../../constants")
const env = require("../../environment") const env = require("../../environment")
const { Thread, ThreadType } = require("../../threads") const { Thread, ThreadType } = require("../../threads")
@ -90,10 +94,9 @@ exports.find = async function (ctx) {
const db = new CouchDB(ctx.appId) const db = new CouchDB(ctx.appId)
const query = enrichQueries(await db.get(ctx.params.queryId)) const query = enrichQueries(await db.get(ctx.params.queryId))
// remove properties that could be dangerous in real app // remove properties that could be dangerous in real app
if (env.isProd()) { if (isProdAppID(ctx.appId)) {
delete query.fields delete query.fields
delete query.parameters delete query.parameters
delete query.schema
} }
ctx.body = query ctx.body = query
} }