yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-27 10:56:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/core/utils/lib/traverse-entity.js
Ben Irvin 801e3db415 add traverse query 
fix single type

fix query

sanitize pagination count params

add comments

Cleanup the params/filters sanitize helpers

sanitize association resolver

Sanitize sort

fix graphql single type

fix graphql types

fix addFindQuery

Sanitize fields

Update sanitize sort to handle all the different formats

Update fields sanitize to handle regular strings & wildcard

Fix non scalar recursion

Add a traverse factory

Add visitor to remove dz & morph relations

Replace the old traverse utils (sort, filters) by one created using the traverse factory

add sanitize populate

await args

fix async and duplicate sanitization

sanitize u&p params

Add traverse fields

Fix traverse & sanitize fields

add traverse fields to nested populate

sanitize admin api filter queries

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

sanitize sort params in admin API

todo

make token fields unsearchable with _q

sanitize delete mutation

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>

fix errors on queries without ctx

rename findParams to sanitizedParams

Sanitize queries everywhere in the content manager admin controllers

sanitize single type update and delete

Ignore non attribute keys in the sanitize sort

Fix the sanitize query sort for nested string sort

Fix permission check for the admin

typo

sanitize upload

sanitize admin media library

sanitize admin users

Add missing await

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

set U&P users fields to searchable:false

add token support to createContentAPIRequest

add searchable:false to getstarted U&P schema

remove comment

sanitize component resolver

remove await

add searchable false to the file's folder path

Fix admin query when the permission query is set to null

add basic tests for filtering private params

add tests for fields

add pagination tests

Fix admin user fields not being sanitized

Fix convert query params for the morph fragment on undefined value

Traverse dynamic zone on nested populate

Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations

Sanitize 'on' subpopulate

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

don't throw error on invalid attributes

check models for snake case column name instead of assuming they are operators

Add first batch of api tests for params sanitize

Fix sort traversal: handle object arrays

Put back removePassword for fields,sort,filters

Add schemas and fixtures for sanitize api tests

Add tests for relations (sanitize api tests)

Move constant to domain scope

Rename sanitize params to sanitize query

Fix typo

Cleanup fixtures file

Fix variable name conflict

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>

Update comment for array filters

Rename sanitize test

Test implicit & explicit array operator for filter

Remove unused code
2023-03-15 14:59:19 +01:00

124 lines
3.6 KiB
JavaScript
Raw Blame History

'use strict';
const { cloneDeep, isObject, isArray, isNil, curry } = require('lodash/fp');
const traverseEntity = async (visitor, options, entity) => {
const { path = { raw: null, attribute: null }, schema } = options;
// End recursion
if (!isObject(entity) || isNil(schema)) {
return entity;
}
// Don't mutate the original entity object
const copy = cloneDeep(entity);
for (const key of Object.keys(copy)) {
// Retrieve the attribute definition associated to the key from the schema
const attribute = schema.attributes[key];
// If the attribute doesn't exist within the schema, ignore it
if (isNil(attribute)) {
continue;
}
const newPath = { ...path };
newPath.raw = isNil(path.raw) ? key : `${path.raw}.${key}`;
if (!isNil(attribute)) {
newPath.attribute = isNil(path.attribute) ? key : `${path.attribute}.${key}`;
}
// Visit the current attribute
const visitorOptions = { data: copy, schema, key, value: copy[key], attribute, path: newPath };
const visitorUtils = createVisitorUtils({ data: copy });
await visitor(visitorOptions, visitorUtils);
// Extract the value for the current key (after calling the visitor)
const value = copy[key];
// Ignore Nil values
if (isNil(value)) {
continue;
}
const isRelation = attribute.type === 'relation';
const isComponent = attribute.type === 'component';
const isDynamicZone = attribute.type === 'dynamiczone';
const isMedia = attribute.type === 'media';
if (isRelation) {
const isMorphRelation = attribute.relation.toLowerCase().startsWith('morph');
const traverseTarget = (entry) => {
// Handle polymorphic relationships
const targetSchemaUID = isMorphRelation ? entry.__type : attribute.target;
const targetSchema = strapi.getModel(targetSchemaUID);
const traverseOptions = { schema: targetSchema, path: newPath };
return traverseEntity(visitor, traverseOptions, entry);
};
// need to update copy
copy[key] = isArray(value)
? await Promise.all(value.map(traverseTarget))
: await traverseTarget(value);
}
if (isMedia) {
const traverseTarget = (entry) => {
const targetSchemaUID = 'plugin::upload.file';
const targetSchema = strapi.getModel(targetSchemaUID);
const traverseOptions = { schema: targetSchema, path: newPath };
return traverseEntity(visitor, traverseOptions, entry);
};
// need to update copy
copy[key] = isArray(value)
? await Promise.all(value.map(traverseTarget))
: await traverseTarget(value);
}
if (isComponent) {
const targetSchema = strapi.getModel(attribute.component);
const traverseOptions = { schema: targetSchema, path: newPath };
const traverseComponent = (entry) => traverseEntity(visitor, traverseOptions, entry);
copy[key] = isArray(value)
? await Promise.all(value.map(traverseComponent))
: await traverseComponent(value);
}
if (isDynamicZone && isArray(value)) {
const visitDynamicZoneEntry = (entry) => {
const targetSchema = strapi.getModel(entry.__component);
const traverseOptions = { schema: targetSchema, path: newPath };
return traverseEntity(visitor, traverseOptions, entry);
};
copy[key] = await Promise.all(value.map(visitDynamicZoneEntry));
}
}
return copy;
};
const createVisitorUtils = ({ data }) => ({
remove(key) {
delete data[key];
},
set(key, value) {
data[key] = value;
},
});
module.exports = curry(traverseEntity);
Reference in New Issue View Git Blame Copy Permalink