Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Remove Unused code path in SqlQueryStructure

See original GitHub issue

Issue

Tests like those in ODataASTVisitorUnitTests fail because the integration test fixture does not take authorization into consideration. These tests need to be updated.

Background

SqlQueryStructure handling REST requests checks if Columns.Count == 0 here: https://github.com/Azure/hawaii-gql/blob/38588fc1496f82299dfa067744db5fcc2c5d062e/DataGateway.Service/Resolvers/Sql Query Structures/SqlQueryStructure.cs#L134-L141 And proceeds to add all columns from the table definition as “FieldsToBeReturned” in the results. This code path will not be reached in production code with Authorization mechanics in place. The behavior with authorization is that, for Find Requests, the results will only contain fields that the request is allowed to access.

For example, consider the following permissions config:

{
"Book": {
      "source": "books",
      "permissions": [
        {
          "role": "Author",
          "actions": [
            {
              "action": "read",
              "fields": {
                "include": [ "*" ],
                "exclude": [ "publisher_id" ]
              }
            }
          ]
        }
      ],
      "relationships": {
      }
    }
}

and REST Request: http://localhost:5001/rest/book/id/8 the expected result does not include the publisher_id field:

{
    "value": [
        {
            "id": 8,
            "title": "Time to Eat"
        }
    ]
}

Issue Analytics

State:
Created a year ago
Comments:10 (10 by maintainers)

Top GitHub Comments

1reaction

seantleonardcommented, Aug 23, 2022

@ayush3797, can you reevaluate now that REST API test refactor is merged?

0reactions

ayush3797commented, Nov 7, 2022

From the description in the issue, it seems that if the request columns count ==0, we explicitly add all the columns from table to be returned back. That is still a bug. Shouldn’t we only add the columns that the request is authorized to see?

Yes, that was a bug. However, in the PR https://github.com/Azure/data-api-builder/pull/953, the code block is removed so the bug and the code block is no more relevant.

Top Results From Across the Web

How to remove unused code in IntelliJ IDEA? [duplicate]

Just right click on you file or source code folder, got to Analyze and Inspect Code . Choose the scope, like a folder...

Remove unused code - web.dev

This guide will help you get a handle on your project's unused code by showing you how to analyze your project's codebase, and...

Delete unused code (and how to retrieve it)

This is common advice you may be familiar with. The rationale is legit: unused code adds cruft to the codebase, making it harder...

Best way to remove Dead Code ? Unused Function ...

There are tools that you can run in prod to capture usage and code paths and then use to remove unused sections, but...

Waiting until end of project to remove commented out code ...

Waiting until end of project to remove commented out code, remove unused code, and resolve compiler warnings · Consider using a different comment ......