fix single type
fix query
sanitize pagination count params
add comments
Cleanup the params/filters sanitize helpers
sanitize association resolver
Sanitize sort
fix graphql single type
fix graphql types
fix addFindQuery
Sanitize fields
Update sanitize sort to handle all the different formats
Update fields sanitize to handle regular strings & wildcard
Fix non scalar recursion
Add a traverse factory
Add visitor to remove dz & morph relations
Replace the old traverse utils (sort, filters) by one created using the traverse factory
add sanitize populate
await args
fix async and duplicate sanitization
sanitize u&p params
Add traverse fields
Fix traverse & sanitize fields
add traverse fields to nested populate
sanitize admin api filter queries
Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>
sanitize sort params in admin API
todo
make token fields unsearchable with _q
sanitize delete mutation
Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js
Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>
fix errors on queries without ctx
rename findParams to sanitizedParams
Sanitize queries everywhere in the content manager admin controllers
sanitize single type update and delete
Ignore non attribute keys in the sanitize sort
Fix the sanitize query sort for nested string sort
Fix permission check for the admin
typo
sanitize upload
sanitize admin media library
sanitize admin users
Add missing await
Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>
set U&P users fields to searchable:false
add token support to createContentAPIRequest
add searchable:false to getstarted U&P schema
remove comment
sanitize component resolver
remove await
add searchable false to the file's folder path
Fix admin query when the permission query is set to null
add basic tests for filtering private params
add tests for fields
add pagination tests
Fix admin user fields not being sanitized
Fix convert query params for the morph fragment on undefined value
Traverse dynamic zone on nested populate
Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations
Sanitize 'on' subpopulate
Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>
don't throw error on invalid attributes
check models for snake case column name instead of assuming they are operators
Add first batch of api tests for params sanitize
Fix sort traversal: handle object arrays
Put back removePassword for fields,sort,filters
Add schemas and fixtures for sanitize api tests
Add tests for relations (sanitize api tests)
Move constant to domain scope
Rename sanitize params to sanitize query
Fix typo
Cleanup fixtures file
Fix variable name conflict
Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js
Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>
Update comment for array filters
Rename sanitize test
Test implicit & explicit array operator for filter
Remove unused code
* Rework sanitizeEntity, first iteration
* remove console.log
* Remove useless comments
* Fix e2e tests
* Fix up user e2e test
* Fix remove-restricted-relations visitor
* Handle grapqhql resolver, prevent access to restricted relations
* Handle polymorphic relation in the related visitor
* Remove morph attribute if empty
* Use only the find action to check if the relation is allowed
