yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-02 02:44:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add permissionsQuery to one relations

Browse Source
This commit is contained in:
Bassel Kanso 2024-01-19 13:34:48 +02:00
parent 0d380ed3ae
commit a4e9327ef3
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/core/content-manager/server/src/controllers/__tests__/relations.test.ts
View File

@ -163,6 +163,17 @@ describe('Relations', () => {
describe('findExisting', () => {
test('Query mainField when mainField is listable', async () => {
global.strapi.plugins['content-manager'].services[
'permission-checker'
].create.mockReturnValue({
cannot: {
read: jest.fn().mockReturnValue(false),
},
sanitizedQuery: {
read: jest.fn((queryParams) => queryParams),
},
});
const ctx = createContext(
{
params: {

16
packages/core/content-manager/server/src/controllers/relations.ts
View File

@ -254,7 +254,7 @@ export default {
const permissionQuery = await permissionChecker.sanitizedQuery.read(queryParams);
if (isAnyToMany(attribute)) {
const [resWithIds, res] = await Promise.all([
const [resWithOnlyIds, res] = await Promise.all([
strapi.entityService.loadPages(
model,
{ id },
@ -284,13 +284,21 @@ export default {
// Filter out the results that don't exist in resWithIds to preserve correct pagination
const results = res.results.filter((item: any) =>
resWithIds.results.some((s: any) => item.id === s.id)
resWithOnlyIds.results.some((s: any) => item.id === s.id)
);
res.results = uniqBy('id', concat(results, resWithIds.results));
res.results = uniqBy('id', concat(results, resWithOnlyIds.results));
ctx.body = res;
} else {
const result = await strapi.entityService.load(model, { id }, targetField, queryParams);
const [resWithOnlyId, res] = await Promise.all([
await strapi.entityService.load(model, { id }, targetField, {
fields: ['id'],
}),
await strapi.entityService.load(model, { id }, targetField, {
...permissionQuery,
}),
]);
const result = res || resWithOnlyId;
ctx.body = {
data: result,
};