Merge pull request #13780 from Budibase/BUDI-8284/protect-writes-on-readonly-columns
Prevent write readonly view column
This commit is contained in:
commit
bec60dd53b
|
@ -873,6 +873,27 @@ describe.each([
|
||||||
expect(row.one).toBeUndefined()
|
expect(row.one).toBeUndefined()
|
||||||
expect(row.two).toEqual("bar")
|
expect(row.two).toEqual("bar")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it("can't persist readonly columns", async () => {
|
||||||
|
mocks.licenses.useViewReadonlyColumns()
|
||||||
|
const view = await config.api.viewV2.create({
|
||||||
|
tableId: table._id!,
|
||||||
|
name: generator.guid(),
|
||||||
|
schema: {
|
||||||
|
one: { visible: true, readonly: true },
|
||||||
|
two: { visible: true },
|
||||||
|
},
|
||||||
|
})
|
||||||
|
const row = await config.api.row.save(view.id, {
|
||||||
|
tableId: table!._id,
|
||||||
|
_viewId: view.id,
|
||||||
|
one: "foo",
|
||||||
|
two: "bar",
|
||||||
|
})
|
||||||
|
|
||||||
|
expect(row.one).toBeUndefined()
|
||||||
|
expect(row.two).toEqual("bar")
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe("patch", () => {
|
describe("patch", () => {
|
||||||
|
@ -893,6 +914,33 @@ describe.each([
|
||||||
expect(row.one).toEqual("foo")
|
expect(row.one).toEqual("foo")
|
||||||
expect(row.two).toEqual("newBar")
|
expect(row.two).toEqual("newBar")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it("can't update readonly columns", async () => {
|
||||||
|
mocks.licenses.useViewReadonlyColumns()
|
||||||
|
const view = await config.api.viewV2.create({
|
||||||
|
tableId: table._id!,
|
||||||
|
name: generator.guid(),
|
||||||
|
schema: {
|
||||||
|
one: { visible: true, readonly: true },
|
||||||
|
two: { visible: true },
|
||||||
|
},
|
||||||
|
})
|
||||||
|
const newRow = await config.api.row.save(table._id!, {
|
||||||
|
one: "foo",
|
||||||
|
two: "bar",
|
||||||
|
})
|
||||||
|
await config.api.row.patch(view.id, {
|
||||||
|
tableId: table._id!,
|
||||||
|
_id: newRow._id!,
|
||||||
|
_rev: newRow._rev!,
|
||||||
|
one: "newFoo",
|
||||||
|
two: "newBar",
|
||||||
|
})
|
||||||
|
|
||||||
|
const row = await config.api.row.get(table._id!, newRow._id!)
|
||||||
|
expect(row.one).toEqual("foo")
|
||||||
|
expect(row.two).toEqual("newBar")
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe("destroy", () => {
|
describe("destroy", () => {
|
||||||
|
|
|
@ -144,8 +144,12 @@ describe("trimViewRowInfo middleware", () => {
|
||||||
name: generator.guid(),
|
name: generator.guid(),
|
||||||
tableId: table._id!,
|
tableId: table._id!,
|
||||||
schema: {
|
schema: {
|
||||||
name: {},
|
name: {
|
||||||
address: {},
|
visible: true,
|
||||||
|
},
|
||||||
|
address: {
|
||||||
|
visible: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -104,7 +104,13 @@ export async function remove(viewId: string): Promise<ViewV2> {
|
||||||
|
|
||||||
export function allowedFields(view: View | ViewV2) {
|
export function allowedFields(view: View | ViewV2) {
|
||||||
return [
|
return [
|
||||||
...Object.keys(view?.schema || {}),
|
...Object.keys(view?.schema || {}).filter(key => {
|
||||||
|
if (!isV2(view)) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
const fieldSchema = view.schema![key]
|
||||||
|
return fieldSchema.visible && !fieldSchema.readonly
|
||||||
|
}),
|
||||||
...dbCore.CONSTANT_EXTERNAL_ROW_COLS,
|
...dbCore.CONSTANT_EXTERNAL_ROW_COLS,
|
||||||
...dbCore.CONSTANT_INTERNAL_ROW_COLS,
|
...dbCore.CONSTANT_INTERNAL_ROW_COLS,
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in New Issue