mirror of
https://github.com/strapi/strapi.git
synced 2025-07-18 22:45:47 +00:00
e55ea1d6b5
* Add model option to hide/show creators fields in public API response Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add content-types util, rework sanitize-entity's private handling Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Update search e2e tests, fix an issue on empty search for the core-api controller (find) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix GraphQL plugin (handle privates attributes on typeDefs + resolver builds) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix sanitizeEntity import Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Move doc update from beta to stable Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix e2e test Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Remove creator's field from upload controller routes Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix typedef build for graphql association Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix pr (comments + several issues) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add tests for search behavior in content-manager Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Rename files variables to meaningful names (upload controllers) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix test with search id matching serialNumber Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> * Add toHasBeenCalledWith check for config.get (utils/content-types.test.js) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com>
135 lines
3.7 KiB
JavaScript
135 lines
3.7 KiB
JavaScript
'use strict';
|
|
|
|
const _ = require('lodash');
|
|
const { isPrivateAttribute } = require('./content-types');
|
|
|
|
const sanitizeEntity = (dataSource, options) => {
|
|
const { model, withPrivate = false, isOutput = true, includeFields = null } = options;
|
|
|
|
if (typeof dataSource !== 'object' || _.isNil(dataSource)) {
|
|
return dataSource;
|
|
}
|
|
|
|
const data = parseOriginalData(dataSource);
|
|
|
|
if (typeof data !== 'object' || _.isNil(data)) {
|
|
return data;
|
|
}
|
|
|
|
if (_.isArray(data)) {
|
|
return data.map(entity => sanitizeEntity(entity, options));
|
|
}
|
|
|
|
if (_.isNil(model)) {
|
|
return null;
|
|
}
|
|
|
|
const { attributes } = model;
|
|
const allowedFields = getAllowedFields({ includeFields, model, isOutput });
|
|
|
|
const reducerFn = (acc, value, key) => {
|
|
const attribute = attributes[key];
|
|
const allowedFieldsHasKey = allowedFields.includes(key);
|
|
|
|
if (shouldRemoveAttribute(model, key, attribute, { withPrivate, isOutput })) {
|
|
return acc;
|
|
}
|
|
|
|
// Relations
|
|
const relation = attribute && (attribute.model || attribute.collection || attribute.component);
|
|
if (relation) {
|
|
if (_.isNil(value)) {
|
|
return { ...acc, [key]: value };
|
|
}
|
|
|
|
const [nextFields, isAllowed] = includeFields
|
|
? getNextFields(allowedFields, key, { allowedFieldsHasKey })
|
|
: [null, true];
|
|
|
|
if (!isAllowed) {
|
|
return acc;
|
|
}
|
|
|
|
const nextOptions = {
|
|
model: strapi.getModel(relation, attribute.plugin),
|
|
withPrivate,
|
|
isOutput,
|
|
includeFields: nextFields,
|
|
};
|
|
|
|
const nextVal = Array.isArray(value)
|
|
? value.map(elem => sanitizeEntity(elem, nextOptions))
|
|
: sanitizeEntity(value, nextOptions);
|
|
|
|
return { ...acc, [key]: nextVal };
|
|
}
|
|
|
|
const isAllowedField = !includeFields || allowedFieldsHasKey;
|
|
|
|
// Dynamic zones
|
|
if (attribute && attribute.type === 'dynamiczone' && value !== null && isAllowedField) {
|
|
const nextVal = value.map(elem =>
|
|
sanitizeEntity(elem, {
|
|
model: strapi.getModel(elem.__component),
|
|
withPrivate,
|
|
isOutput,
|
|
})
|
|
);
|
|
return { ...acc, [key]: nextVal };
|
|
}
|
|
|
|
// Other fields
|
|
if (isAllowedField) {
|
|
return { ...acc, [key]: value };
|
|
}
|
|
|
|
return acc;
|
|
};
|
|
|
|
return _.reduce(data, reducerFn, {});
|
|
};
|
|
|
|
const parseOriginalData = data => (_.isFunction(data.toJSON) ? data.toJSON() : data);
|
|
|
|
const CREATOR_FIELDS = ['created_by', 'updated_by'];
|
|
const COMPONENT_FIELDS = ['__component'];
|
|
const STATIC_FIELDS = ['id', '__v'];
|
|
|
|
const getAllowedFields = ({ includeFields, model, isOutput }) => {
|
|
const { options, primaryKey } = model;
|
|
|
|
const timestamps = options.timestamps || [];
|
|
|
|
return _.concat(
|
|
includeFields || [],
|
|
...(isOutput
|
|
? [primaryKey, timestamps, STATIC_FIELDS, COMPONENT_FIELDS, CREATOR_FIELDS]
|
|
: [primaryKey, STATIC_FIELDS, COMPONENT_FIELDS])
|
|
);
|
|
};
|
|
|
|
const getNextFields = (fields, key, { allowedFieldsHasKey }) => {
|
|
const searchStr = `${key}.`;
|
|
|
|
const transformedFields = (fields || [])
|
|
.filter(field => field.startsWith(searchStr))
|
|
.map(field => field.replace(searchStr, ''));
|
|
|
|
const isAllowed = allowedFieldsHasKey || transformedFields.length > 0;
|
|
const nextFields = allowedFieldsHasKey ? null : transformedFields;
|
|
|
|
return [nextFields, isAllowed];
|
|
};
|
|
|
|
const shouldRemoveAttribute = (model, key, attribute = {}, { withPrivate, isOutput }) => {
|
|
const isPassword = attribute.type === 'password';
|
|
const isPrivate = isPrivateAttribute(model, key);
|
|
|
|
const shouldRemovePassword = isOutput;
|
|
const shouldRemovePrivate = !withPrivate && isOutput;
|
|
|
|
return !!((isPassword && shouldRemovePassword) || (isPrivate && shouldRemovePrivate));
|
|
};
|
|
|
|
module.exports = sanitizeEntity;
|