yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-15 17:49:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: filter by non visible and writtable fields

Browse Source
This commit is contained in:
Marc-Roig 2023-07-12 17:32:51 +02:00 committed by Gustav Hansen
parent 123f4d0a47
commit 723ae05bd3
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
packages/core/admin/server/services/permission/permissions-manager/sanitize.js
View File

@ -56,6 +56,7 @@ module.exports = ({ action, ability, model }) => {
const sanitizeFilters = pipeAsync( const sanitizeFilters = pipeAsync(
traverse.traverseQueryFilters(allowedFields(permittedFields), { schema }), traverse.traverseQueryFilters(allowedFields(permittedFields), { schema }),
traverse.traverseQueryFilters(omitDisallowedAdminUserFields, { schema }), traverse.traverseQueryFilters(omitDisallowedAdminUserFields, { schema }),
traverse.traverseQueryFilters(omitHiddenFields, { schema }),
traverse.traverseQueryFilters(removePassword, { schema }), traverse.traverseQueryFilters(removePassword, { schema }),
traverse.traverseQueryFilters( traverse.traverseQueryFilters(
({ key, value }, { remove }) => { ({ key, value }, { remove }) => {
@ -71,6 +72,7 @@ module.exports = ({ action, ability, model }) => {
traverse.traverseQuerySort(allowedFields(permittedFields), { schema }), traverse.traverseQuerySort(allowedFields(permittedFields), { schema }),
traverse.traverseQuerySort(omitDisallowedAdminUserFields, { schema }), traverse.traverseQuerySort(omitDisallowedAdminUserFields, { schema }),
traverse.traverseQuerySort(removePassword, { schema }), traverse.traverseQuerySort(removePassword, { schema }),
traverse.traverseQueryFilters(omitHiddenFields, { schema }),
traverse.traverseQuerySort( traverse.traverseQuerySort(
({ key, attribute, value }, { remove }) => { ({ key, attribute, value }, { remove }) => {
if (!isScalarAttribute(attribute) && isEmpty(value)) { if (!isScalarAttribute(attribute) && isEmpty(value)) {
@ -84,11 +86,13 @@ module.exports = ({ action, ability, model }) => {
const sanitizePopulate = pipeAsync( const sanitizePopulate = pipeAsync(
traverse.traverseQueryPopulate(allowedFields(permittedFields), { schema }), traverse.traverseQueryPopulate(allowedFields(permittedFields), { schema }),
traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, { schema }), traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, { schema }),
traverse.traverseQueryFilters(omitHiddenFields, { schema }),
traverse.traverseQueryPopulate(removePassword, { schema }) traverse.traverseQueryPopulate(removePassword, { schema })
); );
const sanitizeFields = pipeAsync( const sanitizeFields = pipeAsync(
traverse.traverseQueryFields(allowedFields(permittedFields), { schema }), traverse.traverseQueryFields(allowedFields(permittedFields), { schema }),
traverse.traverseQueryFilters(omitHiddenFields, { schema }),
traverse.traverseQueryFields(removePassword, { schema }) traverse.traverseQueryFields(removePassword, { schema })
); );
@ -256,10 +260,16 @@ module.exports = ({ action, ability, model }) => {
}; };
const getQueryFields = (fields = []) => { const getQueryFields = (fields = []) => {
const nonVisibleAttributes = getNonVisibleAttributes(schema);
const writableAttributes = getWritableAttributes(schema);
const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);
return uniq([ return uniq([
...fields, ...fields,
...STATIC_FIELDS, ...STATIC_FIELDS,
...COMPONENT_FIELDS, ...COMPONENT_FIELDS,
...nonVisibleWritableAttributes,
CREATED_AT_ATTRIBUTE, CREATED_AT_ATTRIBUTE,
UPDATED_AT_ATTRIBUTE, UPDATED_AT_ATTRIBUTE,
PUBLISHED_AT_ATTRIBUTE, PUBLISHED_AT_ATTRIBUTE,