From c042a8fd61667ae7d336005facf4fc82ed0ed256 Mon Sep 17 00:00:00 2001 From: Thodoris Greasidis Date: Fri, 1 Oct 2021 16:18:27 +0300 Subject: [PATCH] Add support for $filter based /canAccess Change-type: minor See: https://www.flowdock.com/app/rulemotion/resin-tech/threads/7WcMXnx1te1vhkaOtmQB2fU-0n8 Signed-off-by: Thodoris Greasidis --- src/sbvr-api/permissions.ts | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/sbvr-api/permissions.ts b/src/sbvr-api/permissions.ts index 162947575..a178b05d2 100644 --- a/src/sbvr-api/permissions.ts +++ b/src/sbvr-api/permissions.ts @@ -32,7 +32,7 @@ import * as memoize from 'memoizee'; import * as randomstring from 'randomstring'; import * as env from '../config-loader/env'; import * as sbvrUtils from '../sbvr-api/sbvr-utils'; -import { HookReq, addPureHook, addHook } from './hooks'; +import { HookReq, addPureHook, addHook, HookArgs } from './hooks'; import { BadRequestError, PermissionError, @@ -1595,9 +1595,8 @@ export const setup = () => { POSTPARSE: async ({ req, request, - }: { - req: HookReq; - request: ODataRequest & { permissionType?: PermissionCheck }; + }: HookArgs & { + request: { permissionType?: PermissionCheck }; }) => { // If the abstract sql query is already generated then adding permissions will do nothing if (request.abstractSqlQuery != null) { @@ -1607,7 +1606,10 @@ export const setup = () => { request.method === 'POST' && request.odataQuery.property?.resource === 'canAccess' ) { - if (request.odataQuery.key == null) { + const { key } = request.odataQuery; + const $filter = request.odataQuery.options?.$filter; + if ((key == null) === ($filter == null)) { + // Exactly one of key or $filter are allowed throw new BadRequestError(); } const { action, method } = request.values; @@ -1638,7 +1640,12 @@ export const setup = () => { const idField = resourceTable.idField; request.odataQuery.options = { $select: { properties: [{ name: idField }] }, - $top: 1, + ...(key != null + ? { $top: 1 } + : { + $filter, + $orderby: { properties: [{ name: idField, order: 'asc' }] }, + }), }; request.odataQuery.resource = request.resourceName; delete request.odataQuery.property;