Don't allow saving _viewId on row.create

This commit is contained in:
Adria Navarro 2023-07-31 09:54:20 +02:00
parent 3167fcdc76
commit ed256242c8
2 changed files with 18 additions and 1 deletions

View File

@ -62,10 +62,15 @@ export async function patch(
} }
} }
export const save = async (ctx: any) => { export const save = async (ctx: UserCtx<Row>) => {
const appId = ctx.appId const appId = ctx.appId
const tableId = utils.getTableId(ctx) const tableId = utils.getTableId(ctx)
const body = ctx.request.body const body = ctx.request.body
if (body._viewId) {
ctx.throw(400, "Table row endpoints cannot contain view info")
}
// if it has an ID already then its a patch // if it has an ID already then its a patch
if (body && body._id) { if (body && body._id) {
return patch(ctx) return patch(ctx)

View File

@ -391,6 +391,18 @@ describe("/rows", () => {
expect(saved.arrayFieldArrayStrKnown).toEqual(["One"]) expect(saved.arrayFieldArrayStrKnown).toEqual(["One"])
expect(saved.optsFieldStrKnown).toEqual("Alpha") expect(saved.optsFieldStrKnown).toEqual("Alpha")
}) })
it("should not allow creating a table row with view id data", async () => {
const res = await request
.post(`/api/${row.tableId}/rows`)
.send({ ...row, _viewId: generator.guid() })
.set(config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(400)
expect(res.body.message).toEqual(
"Table row endpoints cannot contain view info"
)
})
}) })
describe("patch", () => { describe("patch", () => {