From 715a7d09c53589c22cae6754d5d6b48ddf36a71a Mon Sep 17 00:00:00 2001 From: TiagoEmanuel8 Date: Thu, 28 Mar 2024 16:52:11 -0300 Subject: [PATCH 1/2] fix: fix error update price --- .vscode/launch.json | 2 +- src/imports/data/data.js | 9 +++++---- src/imports/utils/accessUtils.ts | 25 ++++++++++++++++++++++--- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 27bb9638..0674ab06 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -17,4 +17,4 @@ "type": "node" } ] -} +} \ No newline at end of file diff --git a/src/imports/data/data.js b/src/imports/data/data.js index ec668c9e..5ce143cf 100644 --- a/src/imports/data/data.js +++ b/src/imports/data/data.js @@ -271,7 +271,7 @@ export async function find({ return acc; }, {}); - + const startTime = process.hrtime(); tracingSpan?.addEvent('Executing find query', { query, queryOptions }); @@ -346,6 +346,7 @@ export async function find({ * * @returns {Promise>} - Konecty result */ + export async function findById({ authTokenId, document, fields, dataId, withDetailFields, contextUser }) { const { success, data: user, errors } = await getUserSafe(authTokenId, contextUser); if (success === false) { @@ -1697,8 +1698,8 @@ export async function update({ authTokenId, document, data, contextUser, tracing } } - const responseData = updatedRecords.map(record => removeUnauthorizedDataForRead(access, record)).map(record => dateToString(record)); - + const responseData = updatedRecords.map(record => removeUnauthorizedDataForRead(access, record, user, metaObject)).map(record => dateToString(record)); + if (emailsToSend.length > 0) { tracingSpan?.addEvent('Sending emails'); @@ -2681,4 +2682,4 @@ export async function historyFind({ authTokenId, document, dataId, fields, conte }); return successReturn(resultData); -} +} \ No newline at end of file diff --git a/src/imports/utils/accessUtils.ts b/src/imports/utils/accessUtils.ts index 9aaa477a..041ce26f 100644 --- a/src/imports/utils/accessUtils.ts +++ b/src/imports/utils/accessUtils.ts @@ -4,6 +4,12 @@ import { Filter } from '@imports/model/Filter'; import { MetaAccess } from '@imports/model/MetaAccess'; import { MetaObject } from '@imports/model/MetaObject'; import { User } from '@imports/model/User'; +import { clearProjectionPathCollision, filterConditionToFn } from '@imports/data/filterUtils'; +import { errorReturn, successReturn } from './return'; +import { applyIfMongoVersionGreaterThanOrEqual } from '@imports/database/versioning'; +import { getUserSafe } from '@imports/auth/getUser'; +import { convertStringOfFieldsSeparatedByCommaIntoObjectToFind } from './convertStringOfFieldsSeparatedByCommaIntoObjectToFind'; + export function getFieldConditions(metaAccess: MetaAccess, fieldName: string) { const accessField = metaAccess.fields?.[fieldName]; @@ -124,17 +130,30 @@ export function getAccessFor(documentName: string, user: User): MetaAccess | fal return false; } -export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record) { +export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record, user: any, metaObject: any) { if (!isObject(data)) { return data; } + const newData: typeof data = {}; for (const fieldName in data) { const access = getFieldPermissions(metaAccess, fieldName); if (access.isReadable !== true) { - delete data[fieldName]; + continue + } + const accessFieldConditions = getFieldConditions(metaAccess, fieldName); + if (accessFieldConditions.READ != null) { + const condition = filterConditionToFn(accessFieldConditions.READ, metaObject, { user }); + if(condition.success === false) { + continue + } + + if(condition.data(data) === false) { + continue + } } + newData[fieldName] = data[fieldName]; } - return data; + return newData; } From 1c0bca3118964f67cdcba7d2149b92d06e1e4d2d Mon Sep 17 00:00:00 2001 From: TiagoEmanuel8 Date: Thu, 28 Mar 2024 17:36:50 -0300 Subject: [PATCH 2/2] refactor: tipando objetos e removendo imports --- src/imports/utils/accessUtils.ts | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/imports/utils/accessUtils.ts b/src/imports/utils/accessUtils.ts index 041ce26f..8dd815b5 100644 --- a/src/imports/utils/accessUtils.ts +++ b/src/imports/utils/accessUtils.ts @@ -1,15 +1,10 @@ import isObject from 'lodash/isObject'; - import { Filter } from '@imports/model/Filter'; import { MetaAccess } from '@imports/model/MetaAccess'; import { MetaObject } from '@imports/model/MetaObject'; +import { MetaObjectType } from '@imports/types/metadata'; import { User } from '@imports/model/User'; -import { clearProjectionPathCollision, filterConditionToFn } from '@imports/data/filterUtils'; -import { errorReturn, successReturn } from './return'; -import { applyIfMongoVersionGreaterThanOrEqual } from '@imports/database/versioning'; -import { getUserSafe } from '@imports/auth/getUser'; -import { convertStringOfFieldsSeparatedByCommaIntoObjectToFind } from './convertStringOfFieldsSeparatedByCommaIntoObjectToFind'; - +import { filterConditionToFn } from '@imports/data/filterUtils'; export function getFieldConditions(metaAccess: MetaAccess, fieldName: string) { const accessField = metaAccess.fields?.[fieldName]; @@ -130,7 +125,7 @@ export function getAccessFor(documentName: string, user: User): MetaAccess | fal return false; } -export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record, user: any, metaObject: any) { +export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record, user: User, metaObject: MetaObjectType) { if (!isObject(data)) { return data; }