@atscript/moost-db 0.1.67 → 0.1.69

package/dist/index.cjs

@@ -23,7 +23,7 @@ function transformValidationError(error, reply) {
 		}));
 	}
 }
-const validationErrorTransform = () => (0, moost.defineInterceptor)({ error: transformValidationError }, moost.TInterceptorPriority.CATCH_ERROR);
+const validationErrorTransform = () => (0, moost.defineInterceptor)({ error: transformValidationError }, moost.TInterceptorPriority.BEFORE_ALL);
 const UseValidationErrorTransform = () => (0, moost.Intercept)(validationErrorTransform());
 //#endregion
 //#region src/dto/controls.dto.as
@@ -991,15 +991,24 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	_overlayIsNoOp;
 	/** path → sibling-ref path for `@db.amount.currency.ref` / `@db.unit.ref`. */
 	_quantityRefByPath;
+	/** Paths the adapter vetoes for filtering (e.g. JSON storage on SQL). Symmetric with `/meta` `filterable: false`. */
+	_adapterNonFilterable;
 	constructor(readable, app) {
 		super(readable.type, readable.tableName, app, readable.isView ? "view" : "table");
 		this.readable = readable;
+		this._adapterNonFilterable = this._collectAdapterNonFilterable();
 		this._gates = this._buildGates();
 		this._preferredIdSet = new Set(readable.preferredId ?? []);
 		this._quantityRefByPath = this._collectQuantityRefs();
 		const defaultOverlay = AsReadableController.prototype.applyMetaOverlay;
 		this._overlayIsNoOp = this.applyMetaOverlay === defaultOverlay;
 	}
+	_collectAdapterNonFilterable() {
+		const out = /* @__PURE__ */ new Set();
+		if (!this.readable.fieldDescriptors || typeof this.readable.canFilterField !== "function") return out;
+		for (const fd of this.readable.fieldDescriptors) if (!fd.ignored && !this.readable.canFilterField(fd)) out.add(fd.path);
+		return out;
+	}
 	_collectQuantityRefs() {
 		const out = /* @__PURE__ */ new Map();
 		if (!this.readable.flatMap) return out;
@@ -1037,6 +1046,20 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	hasField(path) {
 		return this.readable.flatMap.has(path);
 	}
+	/**
+	* Adds an adapter-capability veto on top of the base gate. Distinct from the
+	* `@db.column.filterable` rejection because the message must reference the
+	* adapter, not an annotation the user could add to bypass it. Sort uses
+	* adapter capability differently and is enforced at the SQL builder layer.
+	*/
+	checkGates(filter, controls, gates) {
+		const baseError = super.checkGates(filter, controls, gates);
+		if (baseError) return baseError;
+		if (this._adapterNonFilterable.size === 0) return void 0;
+		const offender = findFilterOffender(filter, (f) => !this._adapterNonFilterable.has(f));
+		if (!offender) return void 0;
+		return new _moostjs_event_http.HttpError(400, `Filtering on field "${offender}" is not permitted — adapter cannot filter on this storage type.`);
+	}
 	/** Validates $with relations against the readable. */
 	validateParsed(parsed, type) {
 		const baseError = super.validateParsed(parsed, type);
@@ -1070,6 +1093,15 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 		return filter;
 	}
 	/**
+	* Transform filter for the `/one/:id` and `/one?...` endpoints. Defaults to
+	* {@link transformFilter} so any row-level read overlay applied to `/query` /
+	* `/pages` also gates id-based reads (existence is not leaked through
+	* `findById`). Override to scope `/one` differently.
+	*/
+	transformOne(filter) {
+		return this.transformFilter(filter);
+	}
+	/**
 	* Transform projection before querying.
 	* May return a Promise for async lookups.
 	*/
@@ -1385,6 +1417,8 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	}
 	/**
 	* **GET /one/:id** — retrieves a single record by ID or unique property.
+	* The id-filter is AND-combined with {@link transformOne} so row-level
+	* read overlays gate `/one` symmetrically with `/query` / `/pages`.
 	*/
 	async getOne(id, url) {
 		const { parsed, hasNonControl } = this.parseControlsOnlyFromUrl(url);
@@ -1399,7 +1433,8 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	}
 	/**
 	* **GET /one?field1=val1&field2=val2** — retrieves a single record by composite key
-	* (composite primary key or compound unique index).
+	* (composite primary key or compound unique index). Same `transformOne`
+	* gating as {@link getOne}.
 	*/
 	async getOneComposite(query, url) {
 		const idObj = this.extractIdShape(query);
@@ -1418,7 +1453,16 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 			...parsedControls,
 			$select: initialSelect
 		};
-		const row = await this.readable.findById(id, { controls });
+		const idFilter = this.readable.resolveIdFilter(id);
+		let row = null;
+		if (idFilter) {
+			const overlay = await this.transformOne({});
+			const filter = overlay && Object.keys(overlay).length > 0 ? { $and: [idFilter, overlay] } : idFilter;
+			row = await this.readable.findOne({
+				filter,
+				controls
+			});
+		}
 		const item = await this.returnOne(Promise.resolve(row));
 		if (item instanceof _moostjs_event_http.HttpError) return item;
 		if (!prep) return item;

package/dist/index.d.cts

@@ -182,11 +182,21 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
   private readonly _overlayIsNoOp;
   /** path → sibling-ref path for `@db.amount.currency.ref` / `@db.unit.ref`. */
   private readonly _quantityRefByPath;
+  /** Paths the adapter vetoes for filtering (e.g. JSON storage on SQL). Symmetric with `/meta` `filterable: false`. */
+  private readonly _adapterNonFilterable;
   constructor(readable: AtscriptDbReadable<T>, app: Moost);
+  private _collectAdapterNonFilterable;
   private _collectQuantityRefs;
   private _buildGates;
   private _collectAnnotated;
   protected hasField(path: string): boolean;
+  /**
+   * Adds an adapter-capability veto on top of the base gate. Distinct from the
+   * `@db.column.filterable` rejection because the message must reference the
+   * adapter, not an annotation the user could add to bypass it. Sort uses
+   * adapter capability differently and is enforced at the SQL builder layer.
+   */
+  protected checkGates(filter: FilterExpr | undefined, controls: Record<string, unknown>, gates: ReadableGates): HttpError | undefined;
   /** Validates $with relations against the readable. */
   protected validateParsed(parsed: Uniquery, type: "query" | "pages" | "getOne"): HttpError | undefined;
   /**
@@ -200,6 +210,13 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
    * May return a Promise for async lookups (session, permissions).
    */
   protected transformFilter(filter: FilterExpr): FilterExpr | Promise<FilterExpr>;
+  /**
+   * Transform filter for the `/one/:id` and `/one?...` endpoints. Defaults to
+   * {@link transformFilter} so any row-level read overlay applied to `/query` /
+   * `/pages` also gates id-based reads (existence is not leaked through
+   * `findById`). Override to scope `/one` differently.
+   */
+  protected transformOne(filter: FilterExpr): FilterExpr | Promise<FilterExpr>;
   /**
    * Transform projection before querying.
    * May return a Promise for async lookups.
@@ -252,11 +269,14 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
   } | HttpError>;
   /**
    * **GET /one/:id** — retrieves a single record by ID or unique property.
+   * The id-filter is AND-combined with {@link transformOne} so row-level
+   * read overlays gate `/one` symmetrically with `/query` / `/pages`.
    */
   getOne(id: string, url: string): Promise<DataType | HttpError>;
   /**
    * **GET /one?field1=val1&field2=val2** — retrieves a single record by composite key
-   * (composite primary key or compound unique index).
+   * (composite primary key or compound unique index). Same `transformOne`
+   * gating as {@link getOne}.
    */
   getOneComposite(query: Record<string, string>, url: string): Promise<DataType | HttpError>;
   private _findByIdAndAugment;

package/dist/index.d.mts

@@ -182,11 +182,21 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
   private readonly _overlayIsNoOp;
   /** path → sibling-ref path for `@db.amount.currency.ref` / `@db.unit.ref`. */
   private readonly _quantityRefByPath;
+  /** Paths the adapter vetoes for filtering (e.g. JSON storage on SQL). Symmetric with `/meta` `filterable: false`. */
+  private readonly _adapterNonFilterable;
   constructor(readable: AtscriptDbReadable<T>, app: Moost);
+  private _collectAdapterNonFilterable;
   private _collectQuantityRefs;
   private _buildGates;
   private _collectAnnotated;
   protected hasField(path: string): boolean;
+  /**
+   * Adds an adapter-capability veto on top of the base gate. Distinct from the
+   * `@db.column.filterable` rejection because the message must reference the
+   * adapter, not an annotation the user could add to bypass it. Sort uses
+   * adapter capability differently and is enforced at the SQL builder layer.
+   */
+  protected checkGates(filter: FilterExpr | undefined, controls: Record<string, unknown>, gates: ReadableGates): HttpError | undefined;
   /** Validates $with relations against the readable. */
   protected validateParsed(parsed: Uniquery, type: "query" | "pages" | "getOne"): HttpError | undefined;
   /**
@@ -200,6 +210,13 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
    * May return a Promise for async lookups (session, permissions).
    */
   protected transformFilter(filter: FilterExpr): FilterExpr | Promise<FilterExpr>;
+  /**
+   * Transform filter for the `/one/:id` and `/one?...` endpoints. Defaults to
+   * {@link transformFilter} so any row-level read overlay applied to `/query` /
+   * `/pages` also gates id-based reads (existence is not leaked through
+   * `findById`). Override to scope `/one` differently.
+   */
+  protected transformOne(filter: FilterExpr): FilterExpr | Promise<FilterExpr>;
   /**
    * Transform projection before querying.
    * May return a Promise for async lookups.
@@ -252,11 +269,14 @@ declare class AsDbReadableController<T extends TAtscriptAnnotatedType = TAtscrip
   } | HttpError>;
   /**
    * **GET /one/:id** — retrieves a single record by ID or unique property.
+   * The id-filter is AND-combined with {@link transformOne} so row-level
+   * read overlays gate `/one` symmetrically with `/query` / `/pages`.
    */
   getOne(id: string, url: string): Promise<DataType | HttpError>;
   /**
    * **GET /one?field1=val1&field2=val2** — retrieves a single record by composite key
-   * (composite primary key or compound unique index).
+   * (composite primary key or compound unique index). Same `transformOne`
+   * gating as {@link getOne}.
    */
   getOneComposite(query: Record<string, string>, url: string): Promise<DataType | HttpError>;
   private _findByIdAndAugment;

package/dist/index.mjs

@@ -22,7 +22,7 @@ function transformValidationError(error, reply) {
 		}));
 	}
 }
-const validationErrorTransform = () => defineInterceptor({ error: transformValidationError }, TInterceptorPriority.CATCH_ERROR);
+const validationErrorTransform = () => defineInterceptor({ error: transformValidationError }, TInterceptorPriority.BEFORE_ALL);
 const UseValidationErrorTransform = () => Intercept(validationErrorTransform());
 //#endregion
 //#region src/dto/controls.dto.as
@@ -990,15 +990,24 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	_overlayIsNoOp;
 	/** path → sibling-ref path for `@db.amount.currency.ref` / `@db.unit.ref`. */
 	_quantityRefByPath;
+	/** Paths the adapter vetoes for filtering (e.g. JSON storage on SQL). Symmetric with `/meta` `filterable: false`. */
+	_adapterNonFilterable;
 	constructor(readable, app) {
 		super(readable.type, readable.tableName, app, readable.isView ? "view" : "table");
 		this.readable = readable;
+		this._adapterNonFilterable = this._collectAdapterNonFilterable();
 		this._gates = this._buildGates();
 		this._preferredIdSet = new Set(readable.preferredId ?? []);
 		this._quantityRefByPath = this._collectQuantityRefs();
 		const defaultOverlay = AsReadableController.prototype.applyMetaOverlay;
 		this._overlayIsNoOp = this.applyMetaOverlay === defaultOverlay;
 	}
+	_collectAdapterNonFilterable() {
+		const out = /* @__PURE__ */ new Set();
+		if (!this.readable.fieldDescriptors || typeof this.readable.canFilterField !== "function") return out;
+		for (const fd of this.readable.fieldDescriptors) if (!fd.ignored && !this.readable.canFilterField(fd)) out.add(fd.path);
+		return out;
+	}
 	_collectQuantityRefs() {
 		const out = /* @__PURE__ */ new Map();
 		if (!this.readable.flatMap) return out;
@@ -1036,6 +1045,20 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	hasField(path) {
 		return this.readable.flatMap.has(path);
 	}
+	/**
+	* Adds an adapter-capability veto on top of the base gate. Distinct from the
+	* `@db.column.filterable` rejection because the message must reference the
+	* adapter, not an annotation the user could add to bypass it. Sort uses
+	* adapter capability differently and is enforced at the SQL builder layer.
+	*/
+	checkGates(filter, controls, gates) {
+		const baseError = super.checkGates(filter, controls, gates);
+		if (baseError) return baseError;
+		if (this._adapterNonFilterable.size === 0) return void 0;
+		const offender = findFilterOffender(filter, (f) => !this._adapterNonFilterable.has(f));
+		if (!offender) return void 0;
+		return new HttpError(400, `Filtering on field "${offender}" is not permitted — adapter cannot filter on this storage type.`);
+	}
 	/** Validates $with relations against the readable. */
 	validateParsed(parsed, type) {
 		const baseError = super.validateParsed(parsed, type);
@@ -1069,6 +1092,15 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 		return filter;
 	}
 	/**
+	* Transform filter for the `/one/:id` and `/one?...` endpoints. Defaults to
+	* {@link transformFilter} so any row-level read overlay applied to `/query` /
+	* `/pages` also gates id-based reads (existence is not leaked through
+	* `findById`). Override to scope `/one` differently.
+	*/
+	transformOne(filter) {
+		return this.transformFilter(filter);
+	}
+	/**
 	* Transform projection before querying.
 	* May return a Promise for async lookups.
 	*/
@@ -1384,6 +1416,8 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	}
 	/**
 	* **GET /one/:id** — retrieves a single record by ID or unique property.
+	* The id-filter is AND-combined with {@link transformOne} so row-level
+	* read overlays gate `/one` symmetrically with `/query` / `/pages`.
 	*/
 	async getOne(id, url) {
 		const { parsed, hasNonControl } = this.parseControlsOnlyFromUrl(url);
@@ -1398,7 +1432,8 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 	}
 	/**
 	* **GET /one?field1=val1&field2=val2** — retrieves a single record by composite key
-	* (composite primary key or compound unique index).
+	* (composite primary key or compound unique index). Same `transformOne`
+	* gating as {@link getOne}.
 	*/
 	async getOneComposite(query, url) {
 		const idObj = this.extractIdShape(query);
@@ -1417,7 +1452,16 @@ let AsDbReadableController = class AsDbReadableController extends AsReadableCont
 			...parsedControls,
 			$select: initialSelect
 		};
-		const row = await this.readable.findById(id, { controls });
+		const idFilter = this.readable.resolveIdFilter(id);
+		let row = null;
+		if (idFilter) {
+			const overlay = await this.transformOne({});
+			const filter = overlay && Object.keys(overlay).length > 0 ? { $and: [idFilter, overlay] } : idFilter;
+			row = await this.readable.findOne({
+				filter,
+				controls
+			});
+		}
 		const item = await this.returnOne(Promise.resolve(row));
 		if (item instanceof HttpError) return item;
 		if (!prep) return item;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atscript/moost-db",
-  "version": "0.1.67",
+  "version": "0.1.69",
   "description": "Generic database controller for Moost with Atscript.",
   "keywords": [
     "annotations",
@@ -41,24 +41,24 @@
     "@uniqu/url": "^0.1.6"
   },
   "devDependencies": {
-    "@atscript/core": "^0.1.50",
-    "@atscript/typescript": "^0.1.50",
-    "@moostjs/event-http": "^0.6.8",
+    "@atscript/core": "^0.1.51",
+    "@atscript/typescript": "^0.1.51",
+    "@moostjs/event-http": "^0.6.9",
     "@uniqu/core": "^0.1.6",
-    "@wooksjs/event-core": "^0.7.10",
-    "@wooksjs/event-http": "^0.7.10",
-    "@wooksjs/http-body": "^0.7.10",
-    "moost": "^0.6.8",
-    "unplugin-atscript": "^0.1.50"
+    "@wooksjs/event-core": "^0.7.11",
+    "@wooksjs/event-http": "^0.7.11",
+    "@wooksjs/http-body": "^0.7.11",
+    "moost": "^0.6.9",
+    "unplugin-atscript": "^0.1.51"
   },
   "peerDependencies": {
-    "@atscript/typescript": "^0.1.50",
-    "@moostjs/event-http": "^0.6.8",
+    "@atscript/typescript": "^0.1.51",
+    "@moostjs/event-http": "^0.6.9",
     "@uniqu/core": "^0.1.6",
-    "@wooksjs/event-core": "^0.7.10",
-    "@wooksjs/http-body": "^0.7.10",
-    "moost": "^0.6.8",
-    "@atscript/db": "^0.1.67"
+    "@wooksjs/event-core": "^0.7.11",
+    "@wooksjs/http-body": "^0.7.11",
+    "moost": "^0.6.9",
+    "@atscript/db": "^0.1.69"
   },
   "scripts": {
     "postinstall": "asc -f dts",