strapi/packages/core/utils/lib/sanitize-entity.js

'use strict';

const _ = require('lodash');
const {
  constants,
  isPrivateAttribute,
  getNonWritableAttributes,
  getNonVisibleAttributes,
  getWritableAttributes,
} = require('./content-types');

const { ID_ATTRIBUTE, CREATED_AT_ATTRIBUTE, UPDATED_AT_ATTRIBUTE } = constants;

const sanitizeEntity = (dataSource, options) => {
  const { model, withPrivate = false, isOutput = true, includeFields = null } = options;

  if (typeof dataSource !== 'object' || _.isNil(dataSource)) {
    return dataSource;
  }

  const data = parseOriginalData(dataSource);

  if (typeof data !== 'object' || _.isNil(data)) {
    return data;
  }

  if (_.isArray(data)) {
    return data.map(entity => sanitizeEntity(entity, options));
  }

  if (_.isNil(model)) {
    if (isOutput) {
      return null;
    } else {
      return data;
    }
  }

  const { attributes } = model;
  const allowedFields = getAllowedFields({ includeFields, model, isOutput });

  const reducerFn = (acc, value, key) => {
    const attribute = attributes[key];
    const allowedFieldsHasKey = allowedFields.includes(key);

    if (shouldRemoveAttribute(model, key, attribute, { withPrivate, isOutput })) {
      return acc;
    }

    // Relations
    const relation = attribute && (attribute.model || attribute.collection || attribute.component);
    if (relation) {
      if (_.isNil(value)) {
        return { ...acc, [key]: value };
      }

      const [nextFields, isAllowed] = includeFields
        ? getNextFields(allowedFields, key, { allowedFieldsHasKey })
        : [null, true];

      if (!isAllowed) {
        return acc;
      }

      const baseOptions = {
        withPrivate,
        isOutput,
        includeFields: nextFields,
      };

      let sanitizeFn;
      if (relation === '*') {
        sanitizeFn = entity => {
          if (_.isNil(entity) || !_.has(entity, '__contentType')) {
            return entity;
          }

          return sanitizeEntity(entity, {
            model: strapi.db.getModelByGlobalId(entity.__contentType),
            ...baseOptions,
          });
        };
      } else {
        sanitizeFn = entity =>
          sanitizeEntity(entity, {
            model: strapi.getModel(relation, attribute.plugin),
            ...baseOptions,
          });
      }

      const nextVal = Array.isArray(value) ? value.map(sanitizeFn) : sanitizeFn(value);

      return { ...acc, [key]: nextVal };
    }

    const isAllowedField = !includeFields || allowedFieldsHasKey;

    // Dynamic zones
    if (attribute && attribute.type === 'dynamiczone' && value !== null && isAllowedField) {
      const nextVal = value.map(elem =>
        sanitizeEntity(elem, {
          model: strapi.getModel(elem.__component),
          withPrivate,
          isOutput,
        })
      );
      return { ...acc, [key]: nextVal };
    }

    // Other fields
    if (isAllowedField) {
      return { ...acc, [key]: value };
    }

    return acc;
  };

  return _.reduce(data, reducerFn, {});
};

const parseOriginalData = data => (_.isFunction(data.toJSON) ? data.toJSON() : data);

const COMPONENT_FIELDS = ['__component'];
const STATIC_FIELDS = [ID_ATTRIBUTE];

const getAllowedFields = ({ includeFields, model, isOutput }) => {
  const nonWritableAttributes = getNonWritableAttributes(model);
  const nonVisibleAttributes = getNonVisibleAttributes(model);

  const writableAttributes = getWritableAttributes(model);

  const nonVisibleWritableAttributes = _.intersection(writableAttributes, nonVisibleAttributes);

  return _.concat(
    includeFields || [],
    ...(isOutput
      ? [
          STATIC_FIELDS,
          CREATED_AT_ATTRIBUTE,
          UPDATED_AT_ATTRIBUTE,
          COMPONENT_FIELDS,
          ...nonWritableAttributes,
          ...nonVisibleAttributes,
        ]
      : [STATIC_FIELDS, COMPONENT_FIELDS, ...nonVisibleWritableAttributes])
  );
};

const getNextFields = (fields, key, { allowedFieldsHasKey }) => {
  const searchStr = `${key}.`;

  const transformedFields = (fields || [])
    .filter(field => field.startsWith(searchStr))
    .map(field => field.replace(searchStr, ''));

  const isAllowed = allowedFieldsHasKey || transformedFields.length > 0;
  const nextFields = allowedFieldsHasKey ? null : transformedFields;

  return [nextFields, isAllowed];
};

const shouldRemoveAttribute = (model, key, attribute = {}, { withPrivate, isOutput }) => {
  const isPassword = attribute.type === 'password';
  const isPrivate = isPrivateAttribute(model, key);

  const shouldRemovePassword = isOutput;
  const shouldRemovePrivate = !withPrivate && isOutput;

  return !!((isPassword && shouldRemovePassword) || (isPrivate && shouldRemovePrivate));
};

module.exports = sanitizeEntity;
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`'use strict';`

Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const _ = require('lodash');`
Split logic cleanly between visible & writable attributes 2021-03-12 14:34:04 +01:00			`const {`
			`constants,`
			`isPrivateAttribute,`
			`getNonWritableAttributes,`
			`getNonVisibleAttributes,`
			`getWritableAttributes,`
			`} = require('./content-types');`
Make lint stricter and fix the errors Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-27 11:27:17 +01:00
Wip 2021-07-08 21:53:30 +02:00			`const { ID_ATTRIBUTE, CREATED_AT_ATTRIBUTE, UPDATED_AT_ATTRIBUTE } = constants;`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const sanitizeEntity = (dataSource, options) => {`
			`const { model, withPrivate = false, isOutput = true, includeFields = null } = options;`
Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`if (typeof dataSource !== 'object' \|\| _.isNil(dataSource)) {`
			`return dataSource;`
			`}`
Fix sanitize bug with mongo objectid and use lower-case for getModel 2019-10-04 11:38:54 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const data = parseOriginalData(dataSource);`

Add utils::sanitize-entity tests (#7497) * Add utils::sanitize-entity tests Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-18 16:26:24 +02:00			`if (typeof data !== 'object' \|\| _.isNil(data)) {`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`return data;`
			`}`

Add utils::sanitize-entity tests (#7497) * Add utils::sanitize-entity tests Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-18 16:26:24 +02:00			`if (_.isArray(data)) {`
			`return data.map(entity => sanitizeEntity(entity, options));`
			`}`

Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`if (_.isNil(model)) {`
In sanitize input leave input data as is if model is not found Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-03 17:19:43 +01:00			`if (isOutput) {`
			`return null;`
			`} else {`
			`return data;`
			`}`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`}`

			`const { attributes } = model;`
			`const allowedFields = getAllowedFields({ includeFields, model, isOutput });`

			`const reducerFn = (acc, value, key) => {`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`const attribute = attributes[key];`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const allowedFieldsHasKey = allowedFields.includes(key);`

Add privateAttributes to global and per model response (#7331) * Added privateAttributes globally and per model Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added tests for sanitizeEntity Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed broken test Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added privateAttributes to GraphQL responses Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added docs for privateAttributes Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Refactored and fixed PR comments Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Merged tests and fixed broken tests from merge Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Updated documentation for new option Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Refactored GraphQL implementation Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed PR comments Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed tests for sanitize-entity Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Removed code and tests for ignorePrivateFor Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Exported getPrivateAttributes for GraphQL plugin Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Removed ignorePrivateFor from docs Signed-off-by: Diego Albitres <diego.albitres@gmail.com> 2020-09-24 02:40:10 -05:00			`if (shouldRemoveAttribute(model, key, attribute, { withPrivate, isOutput })) {`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`return acc;`
			`}`

Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`// Relations`
			`const relation = attribute && (attribute.model \|\| attribute.collection \|\| attribute.component);`
Fix e2e tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-07-08 13:53:56 +02:00			`if (relation) {`
			`if (_.isNil(value)) {`
			`return { ...acc, [key]: value };`
			`}`

Fix sanitizeEntity Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-07-02 19:26:36 +02:00			`const [nextFields, isAllowed] = includeFields`
			`? getNextFields(allowedFields, key, { allowedFieldsHasKey })`
			`: [null, true];`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`if (!isAllowed) {`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`return acc;`
			`}`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00
Fix sanitize removing polymorphic relations (#9310) 2021-02-03 19:28:11 +01:00			`const baseOptions = {`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`withPrivate,`
			`isOutput,`
			`includeFields: nextFields,`
			`};`

Fix sanitize removing polymorphic relations (#9310) 2021-02-03 19:28:11 +01:00			`let sanitizeFn;`
			`if (relation === '*') {`
Fix sanitize polumorphic entites that can be undefiend or ids only (#9441) 2021-02-18 11:20:32 +01:00			`sanitizeFn = entity => {`
			`if (_.isNil(entity) \|\| !_.has(entity, '__contentType')) {`
			`return entity;`
			`}`

			`return sanitizeEntity(entity, {`
Fix sanitize removing polymorphic relations (#9310) 2021-02-03 19:28:11 +01:00			`model: strapi.db.getModelByGlobalId(entity.__contentType),`
			`...baseOptions,`
			`});`
Fix sanitize polumorphic entites that can be undefiend or ids only (#9441) 2021-02-18 11:20:32 +01:00			`};`
Fix sanitize removing polymorphic relations (#9310) 2021-02-03 19:28:11 +01:00			`} else {`
			`sanitizeFn = entity =>`
			`sanitizeEntity(entity, {`
			`model: strapi.getModel(relation, attribute.plugin),`
			`...baseOptions,`
			`});`
			`}`

			`const nextVal = Array.isArray(value) ? value.map(sanitizeFn) : sanitizeFn(value);`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00
			`return { ...acc, [key]: nextVal };`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`}`

Fix sanitizeEntity's includeFields usage for dynamic zones Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-06 11:19:58 +02:00			`const isAllowedField = !includeFields \|\| allowedFieldsHasKey;`

Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`// Dynamic zones`
Fix sanitizeEntity's includeFields usage for dynamic zones Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-06 11:19:58 +02:00			`if (attribute && attribute.type === 'dynamiczone' && value !== null && isAllowedField) {`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const nextVal = value.map(elem =>`
			`sanitizeEntity(elem, {`
			`model: strapi.getModel(elem.__component),`
			`withPrivate,`
			`isOutput,`
			`})`
			`);`
			`return { ...acc, [key]: nextVal };`
			`}`
Fix sanitizeEntity's includeFields usage for dynamic zones Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-06 11:19:58 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`// Other fields`
			`if (isAllowedField) {`
			`return { ...acc, [key]: value };`
Better permissions-manager.sanitize behavior Forbid empty arrays as fields for permissions (on ability creation) Differentiate input from output sanitizing Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 13:03:30 +02:00			`}`

Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`return acc;`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`};`

			`return _.reduce(data, reducerFn, {});`
			`};`

			`const parseOriginalData = data => (_.isFunction(data.toJSON) ? data.toJSON() : data);`

Fix mongo issues Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-07-08 16:07:11 +02:00			`const COMPONENT_FIELDS = ['__component'];`
Init link query entity service 2021-06-30 20:00:03 +02:00			`const STATIC_FIELDS = [ID_ATTRIBUTE];`
Fix mongo issues Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-07-08 16:07:11 +02:00
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const getAllowedFields = ({ includeFields, model, isOutput }) => {`
Use non writables instead of static creator fields in fields logic 2021-03-09 20:50:23 +01:00			`const nonWritableAttributes = getNonWritableAttributes(model);`
Split logic cleanly between visible & writable attributes 2021-03-12 14:34:04 +01:00			`const nonVisibleAttributes = getNonVisibleAttributes(model);`

			`const writableAttributes = getWritableAttributes(model);`

			`const nonVisibleWritableAttributes = _.intersection(writableAttributes, nonVisibleAttributes);`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00
			`return _.concat(`
			`includeFields \|\| [],`
			`...(isOutput`
add published_at (#7374) * add published_at Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-08-18 17:09:21 +02:00			`? [`
			`STATIC_FIELDS,`
Wip 2021-07-08 21:53:30 +02:00			`CREATED_AT_ATTRIBUTE,`
			`UPDATED_AT_ATTRIBUTE,`
add published_at (#7374) * add published_at Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-08-18 17:09:21 +02:00			`COMPONENT_FIELDS,`
Use non writables instead of static creator fields in fields logic 2021-03-09 20:50:23 +01:00			`...nonWritableAttributes,`
Split logic cleanly between visible & writable attributes 2021-03-12 14:34:04 +01:00			`...nonVisibleAttributes,`
add published_at (#7374) * add published_at Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-08-18 17:09:21 +02:00			`]`
Init link query entity service 2021-06-30 20:00:03 +02:00			`: [STATIC_FIELDS, COMPONENT_FIELDS, ...nonVisibleWritableAttributes])`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`);`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`};`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00
			`const getNextFields = (fields, key, { allowedFieldsHasKey }) => {`
			const searchStr = `${key}.`;

			`const transformedFields = (fields \|\| [])`
			`.filter(field => field.startsWith(searchStr))`
			`.map(field => field.replace(searchStr, ''));`

			`const isAllowed = allowedFieldsHasKey \|\| transformedFields.length > 0;`
			`const nextFields = allowedFieldsHasKey ? null : transformedFields;`

			`return [nextFields, isAllowed];`
			`};`

Add privateAttributes to global and per model response (#7331) * Added privateAttributes globally and per model Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added tests for sanitizeEntity Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed broken test Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added privateAttributes to GraphQL responses Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Added docs for privateAttributes Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Refactored and fixed PR comments Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Merged tests and fixed broken tests from merge Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Updated documentation for new option Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Refactored GraphQL implementation Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed PR comments Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Fixed tests for sanitize-entity Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Removed code and tests for ignorePrivateFor Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Exported getPrivateAttributes for GraphQL plugin Signed-off-by: Diego Albitres <diego.albitres@gmail.com> * Removed ignorePrivateFor from docs Signed-off-by: Diego Albitres <diego.albitres@gmail.com> 2020-09-24 02:40:10 -05:00			`const shouldRemoveAttribute = (model, key, attribute = {}, { withPrivate, isOutput }) => {`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00			`const isPassword = attribute.type === 'password';`
Hide creator fields from public api by default (#8052) * Add model option to hide/show creators fields in public API response Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add content-types util, rework sanitize-entity's private handling Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Update search e2e tests, fix an issue on empty search for the core-api controller (find) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix GraphQL plugin (handle privates attributes on typeDefs + resolver builds) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix sanitizeEntity import Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Move doc update from beta to stable Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix e2e test Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Remove creator's field from upload controller routes Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix typedef build for graphql association Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr (comments + several issues) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add tests for search behavior in content-manager Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Rename files variables to meaningful names (upload controllers) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix test with search id matching serialNumber Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> * Add toHasBeenCalledWith check for config.get (utils/content-types.test.js) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-01 17:47:08 +02:00			`const isPrivate = isPrivateAttribute(model, key);`
Add new sanitize-entity.js Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-01 18:08:21 +02:00
			`const shouldRemovePassword = isOutput;`
			`const shouldRemovePrivate = !withPrivate && isOutput;`

			`return !!((isPassword && shouldRemovePassword) \|\| (isPrivate && shouldRemovePrivate));`
			`};`

Hide creator fields from public api by default (#8052) * Add model option to hide/show creators fields in public API response Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add content-types util, rework sanitize-entity's private handling Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Update search e2e tests, fix an issue on empty search for the core-api controller (find) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix GraphQL plugin (handle privates attributes on typeDefs + resolver builds) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix sanitizeEntity import Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Move doc update from beta to stable Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix e2e test Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Remove creator's field from upload controller routes Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix typedef build for graphql association Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr (comments + several issues) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add tests for search behavior in content-manager Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Rename files variables to meaningful names (upload controllers) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix test with search id matching serialNumber Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> * Add toHasBeenCalledWith check for config.get (utils/content-types.test.js) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-01 17:47:08 +02:00			`module.exports = sanitizeEntity;`