replace previewMany by getExistingRelations

packages/core/content-manager/server/controllers/collection-types.js

@@ -1,11 +1,9 @@
 'use strict';
 
-const { prop, pick } = require('lodash/fp');
-const { MANY_RELATIONS } = require('@strapi/utils').relations.constants;
 const { setCreatorFields, pipeAsync } = require('@strapi/utils');
 
 const { getService, pickWritableAttributes } = require('../utils');
-const { validateBulkDeleteInput, validatePagination } = require('./validation');
+const { validateBulkDeleteInput } = require('./validation');
 
 module.exports = {
   async find(ctx) {
@@ -241,74 +239,4 @@ module.exports = {
 
     ctx.body = { count };
   },
-
-  async previewManyRelations(ctx) {
-    const { userAbility } = ctx.state;
-    const { model, id, targetField } = ctx.params;
-    const { pageSize = 10, page = 1 } = ctx.request.query;
-
-    validatePagination({ page, pageSize });
-
-    const contentTypeService = getService('content-types');
-    const entityManager = getService('entity-manager');
-    const permissionChecker = getService('permission-checker').create({ userAbility, model });
-
-    if (permissionChecker.cannot.read()) {
-      return ctx.forbidden();
-    }
-
-    const modelDef = strapi.getModel(model);
-    const assoc = modelDef.attributes[targetField];
-
-    if (!assoc || !MANY_RELATIONS.includes(assoc.relation)) {
-      return ctx.badRequest('Invalid target field');
-    }
-
-    const entity = await entityManager.findOneWithCreatorRoles(id, model);
-
-    if (!entity) {
-      return ctx.notFound();
-    }
-
-    if (permissionChecker.cannot.read(entity, targetField)) {
-      return ctx.forbidden();
-    }
-
-    let relationList;
-    // FIXME: load relations using query.load
-    if (!assoc.inversedBy && !assoc.mappedBy) {
-      const populatedEntity = await entityManager.findOne(id, model, [targetField]);
-      const relationsListIds = populatedEntity[targetField].map(prop('id'));
-
-      relationList = await entityManager.findPage(
-        {
-          page,
-          pageSize,
-          filters: {
-            id: relationsListIds,
-          },
-        },
-        assoc.target
-      );
-    } else {
-      relationList = await entityManager.findPage(
-        {
-          page,
-          pageSize,
-          filters: {
-            [assoc.inversedBy || assoc.mappedBy]: entity.id,
-          },
-        },
-        assoc.target
-      );
-    }
-
-    const config = await contentTypeService.findConfiguration({ uid: model });
-    const mainField = prop(['metadatas', targetField, 'edit', 'mainField'], config);
-
-    ctx.body = {
-      pagination: relationList.pagination,
-      results: relationList.results.map(pick(['id', mainField])),
-    };
-  },
 };

packages/core/content-manager/server/controllers/relations.js

@@ -3,10 +3,11 @@
 const { prop, isEmpty } = require('lodash/fp');
 const { hasDraftAndPublish } = require('@strapi/utils').contentTypes;
 const { PUBLISHED_AT_ATTRIBUTE } = require('@strapi/utils').contentTypes.constants;
+const { MANY_RELATIONS } = require('@strapi/utils').relations.constants;
 const { transformParamsToQuery } = require('@strapi/utils').convertQueryParams;
 
 const { getService } = require('../utils');
-const { validateFindAvailable } = require('./validation/relations');
+const { validateFindAvailable, validateFindExisting } = require('./validation/relations');
 
 const addWhereClause = (params, whereClause) => {
   params.where = params.where || {};
@@ -106,4 +107,93 @@ module.exports = {
 
     ctx.body = await strapi.query(targetedModel.uid).findPage(queryParams);
   },
+
+  async findExisting(ctx) {
+    const { userAbility } = ctx.state;
+    const { model, id, targetField } = ctx.params;
+
+    await validateFindExisting(ctx.request.query);
+
+    const { component, idsToOmit, _q, ...query } = ctx.request.query;
+
+    const sourceModelUid = component || model;
+
+    const sourceModel = strapi.getModel(sourceModelUid);
+    if (!sourceModel) {
+      return ctx.badRequest("The model doesn't exist");
+    }
+
+    // permission check
+    const entityManager = getService('entity-manager');
+    const permissionChecker = getService('permission-checker').create({
+      userAbility,
+      model,
+    });
+
+    if (permissionChecker.cannot.read()) {
+      return ctx.forbidden();
+    }
+
+    const entity = await entityManager.findOneWithCreatorRoles(id, model);
+
+    if (!entity) {
+      return ctx.notFound();
+    }
+
+    if (permissionChecker.cannot.read(entity)) {
+      return ctx.forbidden();
+    }
+
+    const attribute = sourceModel.attributes[targetField];
+    if (!attribute || attribute.type !== 'relation') {
+      return ctx.badRequest("This relational field doesn't exist");
+    }
+
+    const targetedModel = strapi.getModel(attribute.target);
+
+    const modelConfig = component
+      ? await getService('components').findConfiguration(sourceModel)
+      : await getService('content-types').findConfiguration(sourceModel);
+    const mainField = prop(`metadatas.${targetField}.edit.mainField`, modelConfig) || 'id';
+
+    const fieldsToSelect = ['id', mainField];
+    if (hasDraftAndPublish(targetedModel)) {
+      fieldsToSelect.push(PUBLISHED_AT_ATTRIBUTE);
+    }
+
+    // TODO: for RBAC reasons, find a way to exclude filters that should not be there
+    // i.e. all filters except locale for i18n
+    const queryParams = {
+      orderBy: mainField,
+      ...transformParamsToQuery(targetedModel.uid, query),
+      select: fieldsToSelect, // cannot select other fields as the user may not have the permissions
+    };
+
+    if (!isEmpty(idsToOmit)) {
+      addWhereClause(queryParams, { id: { $notIn: idsToOmit } });
+    }
+
+    // searching should be allowed only on mainField for permission reasons
+    if (_q) {
+      addWhereClause(queryParams, { [mainField]: { $containsi: _q } });
+    }
+
+    const subQuery = strapi.db.queryBuilder(sourceModel.uid);
+
+    const alias = subQuery.getAlias();
+
+    const knexSubQuery = subQuery
+      .where({ id })
+      .join({ alias, targetField })
+      .select(`${alias}.id`)
+      .getKnexQuery();
+
+    addWhereClause(queryParams, { id: { $in: knexSubQuery } });
+
+    if (MANY_RELATIONS.includes(attribute.relation)) {
+      ctx.body = await strapi.query(targetedModel.uid).findPage(queryParams);
+    } else {
+      ctx.body = await strapi.query(targetedModel.uid).findOne(queryParams);
+    }
+  },
 };

packages/core/content-manager/server/controllers/validation/relations.js

@@ -12,9 +12,20 @@ const validateFindAvailableSchema = yup
     page: yup.number().integer().min(1),
     pageSize: yup.number().integer().min(1).max(100),
   })
-  .noUnknown()
+  .required();
+
+const validateFindExistingSchema = yup
+  .object()
+  .shape({
+    component: yup.string(),
+    _q: yup.string(),
+    idsToOmit: yup.array().of(yup.strapiID()),
+    page: yup.number().integer().min(1),
+    pageSize: yup.number().integer().min(1).max(100),
+  })
   .required();
 
 module.exports = {
   validateFindAvailable: validateYupSchema(validateFindAvailableSchema, { strict: false }),
+  validateFindExisting: validateYupSchema(validateFindExistingSchema, { strict: false }),
 };

packages/core/content-manager/server/routes/admin.js

@@ -185,7 +185,7 @@ module.exports = {
     {
       method: 'GET',
       path: '/collection-types/:model/:id/:targetField',
-      handler: 'collection-types.previewManyRelations',
+      handler: 'relations.findExisting',
       config: {
         middlewares: [routing],
         policies: [

packages/core/database/lib/query/helpers/where.js

@@ -206,12 +206,12 @@ const applyOperator = (qb, column, operator, value) => {
     }
 
     case '$in': {
-      qb.whereIn(column, _.castArray(value));
+      qb.whereIn(column, _.isObject(value) ? value : [value]);
       break;
     }
 
     case '$notIn': {
-      qb.whereNotIn(column, _.castArray(value));
+      qb.whereNotIn(column, _.isObject(value) ? value : [value]);
       break;
     }