konecty · 7sete7 · Apr 4, 2024 · Mar 28, 2024 · Mar 28, 2024
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -17,4 +17,4 @@
 			"type": "node"
 		}
 	]
-}
+}
diff --git a/src/imports/data/data.js b/src/imports/data/data.js
@@ -271,7 +271,7 @@ export async function find({
 
 			return acc;
 		}, {});
-
+		
 		const startTime = process.hrtime();
 
 		tracingSpan?.addEvent('Executing find query', { query, queryOptions });
@@ -346,6 +346,7 @@ export async function find({
  *
  * @returns {Promise<import('../types/result').KonectyResult<object[]>>} - Konecty result
  */
+
 export async function findById({ authTokenId, document, fields, dataId, withDetailFields, contextUser }) {
 	const { success, data: user, errors } = await getUserSafe(authTokenId, contextUser);
 	if (success === false) {
@@ -1697,8 +1698,8 @@ export async function update({ authTokenId, document, data, contextUser, tracing
 			}
 		}
 
-		const responseData = updatedRecords.map(record => removeUnauthorizedDataForRead(access, record)).map(record => dateToString(record));
-
+		const responseData = updatedRecords.map(record => removeUnauthorizedDataForRead(access, record, user, metaObject)).map(record => dateToString(record));
+	
 		if (emailsToSend.length > 0) {
 			tracingSpan?.addEvent('Sending emails');
 
@@ -2681,4 +2682,4 @@ export async function historyFind({ authTokenId, document, dataId, fields, conte
 	});
 
 	return successReturn(resultData);
-}
+}
diff --git a/src/imports/utils/accessUtils.ts b/src/imports/utils/accessUtils.ts
@@ -1,9 +1,10 @@
 import isObject from 'lodash/isObject';
-
 import { Filter } from '@imports/model/Filter';
 import { MetaAccess } from '@imports/model/MetaAccess';
 import { MetaObject } from '@imports/model/MetaObject';
+import { MetaObjectType } from '@imports/types/metadata';
 import { User } from '@imports/model/User';
+import { filterConditionToFn } from '@imports/data/filterUtils';
 
 export function getFieldConditions(metaAccess: MetaAccess, fieldName: string) {
 	const accessField = metaAccess.fields?.[fieldName];
@@ -124,17 +125,30 @@ export function getAccessFor(documentName: string, user: User): MetaAccess | fal
 	return false;
 }
 
-export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record<string, unknown>) {
+export function removeUnauthorizedDataForRead(metaAccess: MetaAccess, data: Record<string, unknown>, user: User, metaObject: MetaObjectType) {
 	if (!isObject(data)) {
 		return data;
 	}
+	const newData: typeof data = {};
 
 	for (const fieldName in data) {
 		const access = getFieldPermissions(metaAccess, fieldName);
 		if (access.isReadable !== true) {
-			delete data[fieldName];
+			continue
+		}
+		const accessFieldConditions = getFieldConditions(metaAccess, fieldName);
+		if (accessFieldConditions.READ != null) {
+			const condition = filterConditionToFn(accessFieldConditions.READ, metaObject, { user });
+			if(condition.success === false) {
+				continue
+			}
+
+			if(condition.data(data) === false) {
+				continue
+			}
 		}
+		newData[fieldName] = data[fieldName];
 	}
 
-	return data;
+	return newData;
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,4 +17,4 @@ @@
     			"type": "node"
     		}
     	]
-    }
+    }