Merge pull request #14335 from Budibase/BUDI-8508/conditions-on-views

Support filtering views

packages/server/src/api/controllers/row/views.ts

@@ -12,6 +12,7 @@ import { dataFilters } from "@budibase/shared-core"
 import sdk from "../../../sdk"
 import { db, context } from "@budibase/backend-core"
 import { enrichSearchContext } from "./utils"
+import { isExternalTableID } from "../../../integrations/utils"
 
 export async function searchView(
   ctx: UserCtx<SearchViewRowRequest, SearchRowResponse>
@@ -36,33 +37,33 @@ export async function searchView(
   // that could let users find rows they should not be allowed to access.
   let query = dataFilters.buildQuery(view.query || [])
   if (body.query) {
-    // Extract existing fields
-    const existingFields =
-      view.query
-        ?.filter(filter => filter.field)
-        .map(filter => db.removeKeyNumbering(filter.field)) || []
-
     // Delete extraneous search params that cannot be overridden
     delete body.query.allOr
     delete body.query.onEmptyFilter
 
-    // Carry over filters for unused fields
-    Object.keys(body.query).forEach(key => {
-      const operator = key as SearchFilterKey
+    if (!isExternalTableID(view.tableId) && !db.isSqsEnabledForTenant()) {
+      // Extract existing fields
+      const existingFields =
+        view.query
+          ?.filter(filter => filter.field)
+          .map(filter => db.removeKeyNumbering(filter.field)) || []
 
-      Object.keys(body.query[operator] || {}).forEach(field => {
-        if (!existingFields.includes(db.removeKeyNumbering(field))) {
-          if (
-            operator === LogicalOperator.AND ||
-            operator === LogicalOperator.OR
-          ) {
-            // TODO
-          } else {
+      // Carry over filters for unused fields
+      Object.keys(body.query).forEach(key => {
+        const operator = key as Exclude<SearchFilterKey, LogicalOperator>
+        Object.keys(body.query[operator] || {}).forEach(field => {
+          if (!existingFields.includes(db.removeKeyNumbering(field))) {
             query[operator]![field] = body.query[operator]![field]
           }
-        }
+        })
       })
-    })
+    } else {
+      query = {
+        $and: {
+          conditions: [query, body.query],
+        },
+      }
+    }
   }
 
   await context.ensureSnippetContext(true)

packages/server/src/api/routes/tests/viewV2.spec.ts

@@ -1485,6 +1485,119 @@ describe.each([
           }
         )
       })
+
+      isLucene &&
+        it("in lucene, cannot override a view filter", async () => {
+          await config.api.row.save(table._id!, {
+            one: "foo",
+            two: "bar",
+          })
+          const two = await config.api.row.save(table._id!, {
+            one: "foo2",
+            two: "bar2",
+          })
+
+          const view = await config.api.viewV2.create({
+            tableId: table._id!,
+            name: generator.guid(),
+            query: [
+              {
+                operator: BasicOperator.EQUAL,
+                field: "two",
+                value: "bar2",
+              },
+            ],
+            schema: {
+              id: { visible: true },
+              one: { visible: false },
+              two: { visible: true },
+            },
+          })
+
+          const response = await config.api.viewV2.search(view.id, {
+            query: {
+              equal: {
+                two: "bar",
+              },
+            },
+          })
+          expect(response.rows).toHaveLength(1)
+          expect(response.rows).toEqual([
+            expect.objectContaining({ _id: two._id }),
+          ])
+        })
+
+      !isLucene &&
+        it("can filter a view without a view filter", async () => {
+          const one = await config.api.row.save(table._id!, {
+            one: "foo",
+            two: "bar",
+          })
+          await config.api.row.save(table._id!, {
+            one: "foo2",
+            two: "bar2",
+          })
+
+          const view = await config.api.viewV2.create({
+            tableId: table._id!,
+            name: generator.guid(),
+            schema: {
+              id: { visible: true },
+              one: { visible: false },
+              two: { visible: true },
+            },
+          })
+
+          const response = await config.api.viewV2.search(view.id, {
+            query: {
+              equal: {
+                two: "bar",
+              },
+            },
+          })
+          expect(response.rows).toHaveLength(1)
+          expect(response.rows).toEqual([
+            expect.objectContaining({ _id: one._id }),
+          ])
+        })
+
+      !isLucene &&
+        it("cannot bypass a view filter", async () => {
+          await config.api.row.save(table._id!, {
+            one: "foo",
+            two: "bar",
+          })
+          await config.api.row.save(table._id!, {
+            one: "foo2",
+            two: "bar2",
+          })
+
+          const view = await config.api.viewV2.create({
+            tableId: table._id!,
+            name: generator.guid(),
+            query: [
+              {
+                operator: BasicOperator.EQUAL,
+                field: "two",
+                value: "bar2",
+              },
+            ],
+            schema: {
+              id: { visible: true },
+              one: { visible: false },
+              two: { visible: true },
+            },
+          })
+
+          const response = await config.api.viewV2.search(view.id, {
+            query: {
+              equal: {
+                two: "bar",
+              },
+            },
+          })
+          expect(response.rows).toHaveLength(0)
+        })
     })
 
     describe("permissions", () => {

packages/server/src/sdk/app/rows/search/internal/sqs.ts

@@ -2,7 +2,7 @@ import {
   Datasource,
   DocumentType,
   FieldType,
-  LogicalOperator,
+  isLogicalSearchOperator,
   Operation,
   QueryJson,
   RelationshipFieldMetadata,
@@ -141,10 +141,7 @@ function cleanupFilters(
 
   const prefixFilters = (filters: SearchFilters) => {
     for (const filterKey of Object.keys(filters) as (keyof SearchFilters)[]) {
-      if (
-        filterKey === LogicalOperator.AND ||
-        filterKey === LogicalOperator.OR
-      ) {
+      if (isLogicalSearchOperator(filterKey)) {
         for (const condition of filters[filterKey]!.conditions) {
           prefixFilters(condition)
         }

packages/shared-core/src/filters.ts

@@ -18,6 +18,7 @@ import {
   BasicOperator,
   RangeOperator,
   LogicalOperator,
+  isLogicalSearchOperator,
 } from "@budibase/types"
 import dayjs from "dayjs"
 import { OperatorOptions, SqlNumberTypeRangeMap } from "./constants"
@@ -359,10 +360,7 @@ export const buildQuery = (filter: SearchFilter[]) => {
           high: value,
         }
       }
-    } else if (
-      queryOperator === LogicalOperator.AND ||
-      queryOperator === LogicalOperator.OR
-    ) {
+    } else if (isLogicalSearchOperator(queryOperator)) {
       // TODO
     } else if (query[queryOperator] && operator !== "onEmptyFilter") {
       if (type === "boolean") {
@@ -464,10 +462,9 @@ export const runQuery = (docs: Record<string, any>[], query: SearchFilters) => {
     ) =>
     (doc: Record<string, any>) => {
       for (const [key, testValue] of Object.entries(query[type] || {})) {
-        const valueToCheck =
-          type === LogicalOperator.AND || type === LogicalOperator.OR
-            ? doc
-            : deepGet(doc, removeKeyNumbering(key))
+        const valueToCheck = isLogicalSearchOperator(type)
+          ? doc
+          : deepGet(doc, removeKeyNumbering(key))
         const result = test(valueToCheck, testValue)
         if (query.allOr && result) {
           return true

packages/types/src/sdk/search.ts

@@ -28,6 +28,12 @@ export enum LogicalOperator {
   OR = "$or",
 }
 
+export function isLogicalSearchOperator(
+  value: string
+): value is LogicalOperator {
+  return value === LogicalOperator.AND || value === LogicalOperator.OR
+}
+
 export type SearchFilterOperator =
   | BasicOperator
   | ArrayOperator