Adding test case for creation, updating validator.

packages/server/src/api/controllers/public/views.ts

@@ -13,6 +13,9 @@ function fixView(view: ViewV2, params?: { viewId: string }) {
   if (!view.version) {
     view.version = 2
   }
+  if (!view.query) {
+    view.query = {}
+  }
   return view
 }
 

packages/server/src/api/routes/public/tests/Request.ts

@@ -1,10 +1,19 @@
-import { User, Table, SearchFilters, Row } from "@budibase/types"
+import {
+  User,
+  Table,
+  SearchFilters,
+  Row,
+  ViewV2Schema,
+  ViewV2,
+  ViewV2Type,
+} from "@budibase/types"
 import { HttpMethod, MakeRequestResponse, generateMakeRequest } from "./utils"
 import TestConfiguration from "../../../../tests/utilities/TestConfiguration"
-import { Expectations } from "../../../../tests/utilities/api/base"
 
 type RequestOpts = { internal?: boolean; appId?: string }
 
+type Response<T> = { data: T }
+
 export interface PublicAPIExpectations {
   status?: number
   body?: Record<string, any>
@@ -15,6 +24,7 @@ export class PublicAPIRequest {
   private appId: string | undefined
 
   tables: PublicTableAPI
+  views: PublicViewAPI
   rows: PublicRowAPI
   apiKey: string
 
@@ -28,6 +38,7 @@ export class PublicAPIRequest {
     this.appId = appId
     this.tables = new PublicTableAPI(this)
     this.rows = new PublicRowAPI(this)
+    this.views = new PublicViewAPI(this)
   }
 
   static async init(config: TestConfiguration, user: User, opts?: RequestOpts) {
@@ -73,7 +84,7 @@ export class PublicTableAPI {
   async create(
     table: Table,
     expectations?: PublicAPIExpectations
-  ): Promise<{ data: Table }> {
+  ): Promise<Response<Table>> {
     return this.request.send("post", "/tables", table, expectations)
   }
 }
@@ -89,7 +100,7 @@ export class PublicRowAPI {
     tableId: string,
     query: SearchFilters,
     expectations?: PublicAPIExpectations
-  ): Promise<{ data: Row[] }> {
+  ): Promise<Response<Row[]>> {
     return this.request.send(
       "post",
       `/tables/${tableId}/rows/search`,
@@ -99,4 +110,67 @@ export class PublicRowAPI {
       expectations
     )
   }
+
+  async viewSearch(
+    viewId: string,
+    query: SearchFilters,
+    expectations?: PublicAPIExpectations
+  ): Promise<Response<Row[]>> {
+    return this.request.send(
+      "post",
+      `/views/${viewId}/rows/search`,
+      {
+        query,
+      },
+      expectations
+    )
+  }
+}
+
+export class PublicViewAPI {
+  request: PublicAPIRequest
+
+  constructor(request: PublicAPIRequest) {
+    this.request = request
+  }
+
+  async create(
+    view: Omit<ViewV2, "id" | "version">,
+    expectations?: PublicAPIExpectations
+  ): Promise<Response<ViewV2>> {
+    return this.request.send("post", "/views", view, expectations)
+  }
+
+  async update(
+    viewId: string,
+    view: Omit<ViewV2, "id" | "version">,
+    expectations?: PublicAPIExpectations
+  ): Promise<Response<ViewV2>> {
+    return this.request.send("put", `/views/${viewId}`, view, expectations)
+  }
+
+  async destroy(
+    viewId: string,
+    expectations?: PublicAPIExpectations
+  ): Promise<void> {
+    return this.request.send(
+      "delete",
+      `/views/${viewId}`,
+      undefined,
+      expectations
+    )
+  }
+
+  async find(
+    viewId: string,
+    expectations?: PublicAPIExpectations
+  ): Promise<Response<ViewV2>> {
+    return this.request.send("get", `/views/${viewId}`, undefined, expectations)
+  }
+
+  async fetch(
+    expectations?: PublicAPIExpectations
+  ): Promise<Response<ViewV2[]>> {
+    return this.request.send("get", "/views", undefined, expectations)
+  }
 }

packages/server/src/api/routes/public/tests/views.spec.ts

@@ -0,0 +1,32 @@
+import * as setup from "../../tests/utilities"
+import { basicTable } from "../../../../tests/utilities/structures"
+import { Table } from "@budibase/types"
+import { PublicAPIRequest } from "./Request"
+
+describe("check public API security", () => {
+  const config = setup.getConfig()
+  let request: PublicAPIRequest, table: Table
+
+  beforeAll(async () => {
+    await config.init()
+    request = await PublicAPIRequest.init(config, await config.globalUser())
+    table = (await request.tables.create(basicTable())).data
+  })
+
+  it("should be able to create a view", async () => {
+    await request.views.create(
+      {
+        name: "view",
+        tableId: table._id!,
+        query: {},
+        schema: {
+          name: {
+            readonly: true,
+            visible: true,
+          },
+        },
+      },
+      { status: 201 }
+    )
+  })
+})

packages/server/src/api/routes/utils/validators.ts

@@ -9,6 +9,9 @@ import {
   Table,
   WebhookActionType,
   BuiltinPermissionID,
+  ViewV2Type,
+  SortOrder,
+  SortType,
 } from "@budibase/types"
 import Joi, { CustomValidator } from "joi"
 import { ValidSnippetNameRegex, helpers } from "@budibase/shared-core"
@@ -67,7 +70,26 @@ export function tableValidator() {
 }
 
 export function viewValidator() {
-  return auth.joiValidator.body(Joi.object())
+  return auth.joiValidator.body(
+    Joi.object({
+      id: OPTIONAL_STRING,
+      tableId: Joi.string().required(),
+      name: Joi.string().required(),
+      type: Joi.string().optional().valid(null, ViewV2Type.CALCULATION),
+      primaryDisplay: OPTIONAL_STRING,
+      schema: Joi.object().required(),
+      query: searchFiltersValidator().optional(),
+      sort: Joi.object({
+        field: Joi.string().required(),
+        order: Joi.string()
+          .optional()
+          .valid(...Object.values(SortOrder)),
+        type: Joi.string()
+          .optional()
+          .valid(...Object.values(SortType)),
+      }).optional(),
+    })
+  )
 }
 
 export function nameValidator() {
@@ -95,8 +117,7 @@ export function datasourceValidator() {
   )
 }
 
-function filterObject(opts?: { unknown: boolean }) {
+function searchFiltersValidator() {
-  const { unknown = true } = opts || {}
   const conditionalFilteringObject = () =>
     Joi.object({
       conditions: Joi.array().items(Joi.link("#schema")).required(),
@@ -123,7 +144,14 @@ function filterObject(opts?: { unknown: boolean }) {
     fuzzyOr: Joi.forbidden(),
     documentType: Joi.forbidden(),
   }
-  return Joi.object(filtersValidators).unknown(unknown).id("schema")
+
+  return Joi.object(filtersValidators)
+}
+
+function filterObject(opts?: { unknown: boolean }) {
+  const { unknown = true } = opts || {}
+
+  return searchFiltersValidator().unknown(unknown).id("schema")
 }
 
 export function internalSearchValidator() {