Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ParsedRequest filter changes from 4.3.x introduce breaking change
See original GitHub issueI updated to 4.4.1 in early January and notice that request filter handling changed. In some controllers, it is necessary to add additional filters before handing the request off to the service for database operations (e.g. to add authorization criteria to the database query). Below is an example of how I implemented this prior to 4.3.x.
@Override()
async getMany(@ParsedRequest() req: CrudRequest, @User() user: User) {
// Simulating user only having access to remoteId == 10
req.parsed.filter.push({
field: 'remoteId',
operator: '$eq',
value: user.remoteId,
});
return await this.base.getManyBase(req);
}
After upgrading to 4.4.1, I notice that these filter conditions are not incorporated when generating the database query. I tracked the change down to this commit 702603917e5e3968ae306881ff099a4907eca57a.
I have created a demonstration repository demonstrating the issue: https://github.com/iamjoeker/crud_filter_change_poc
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Let me start by saying how much I love this library and its goals and appreciate the efforts to bring it to life.
My apologies as I realize now that I probably didn’t do a good job of communicating my intent when I opened the issue.
While I concur that
@CrudAuthis the preferred way to handle this starting with version 4.3 (as shared in the crud-4.4.1-working branch of my poc). My concern is that this is a BC break that happened in a minor release (which is not expected per semver). I was lucky to have discovered the issue before it resulted in significant data disclosure. I raise the issue in the hope that the BC break can be corrected and reported for others who may have been potentially impacted.If it would be welcomed, I’m willing to submit a PR. Based on my research, fixing the BC break would require a new 4.3.x and 4.4.x release (and possibly a 5.x release with the BC break included).
@tevenFr maybe try this
you should never modify
req.optionsby request because of #368but there has a bug #432 ┓( ´∀` )┏ (temporary fix patch is working)