npm - @base44-preview/cli - Versions diffs - 0.0.50-pr.481.d091ce8 → 0.0.50-pr.481.e4f75d4 - Mend

@base44-preview/cli 0.0.50-pr.481.d091ce8 → 0.0.50-pr.481.e4f75d4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -253962,6 +253962,8 @@ function evaluateOperator(recordValue, operator) {
           return false;
         }
         break;
+      default:
+        return false;
     }
   }
   return true;
@@ -254026,6 +254028,9 @@ function checkRLS(rule, record2, user) {
   return evaluateCondition(rule, record2, user);
 }
 function applyFLS(record2, schema10, user, operation) {
+  if (Array.isArray(record2)) {
+    return record2.map((r5) => applyFLS(r5, schema10, user, operation));
+  }
   const result = {};
   for (const [key2, value] of Object.entries(record2)) {
     const rule = schema10.properties[key2]?.rls?.[operation];
@@ -254216,9 +254221,15 @@ async function createEntityRoutes(db2, logger2, broadcast) {
   const parseBody = import_express4.json();
   function withCollection(handler) {
     return async (req, res) => {
-      const collection = db2.getCollection(req.params.entityName);
+      const { entityName } = req.params;
+      const collection = db2.getCollection(entityName);
       if (!collection) {
-        res.status(404).json({ error: `Entity "${req.params.entityName}" not found` });
+        res.status(404).json({ error: `Entity "${entityName}" not found` });
+        return;
+      }
+      const schema10 = db2.getSchema(entityName);
+      if (!schema10) {
+        res.status(404).json({ error: `Schema for "${entityName}" not found` });
         return;
       }
       let currentUser;
@@ -254227,7 +254238,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         const { payload } = import_jsonwebtoken3.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
         currentUser = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
       } catch {}
-      await handler(req, res, collection, currentUser);
+      await handler(req, res, collection, schema10, currentUser);
     };
   }
   function emit(appId, entityName, type, data) {
@@ -254247,7 +254258,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
   }
   const userRouter = createUserRouter(db2, logger2);
   router.use("/User", userRouter);
-  router.get("/:entityName/:id", withCollection(async (req, res, collection, currentUser) => {
+  router.get("/:entityName/:id", withCollection(async (req, res, collection, schema10, currentUser) => {
     const { entityName, id: id2 } = req.params;
     try {
       const doc2 = await collection.findOneAsync({ id: id2 });
@@ -254255,38 +254266,27 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(404).json({ error: `Record with id "${id2}" not found` });
         return;
       }
-      const schema10 = db2.getSchema(entityName);
-      if (!checkRLS(schema10?.rls?.read, doc2, currentUser)) {
+      if (!checkRLS(schema10.rls?.read, doc2, currentUser)) {
         res.status(404).json({
           message: `Entity ${entityName} with ID ${id2} not found`
         });
         return;
       }
-      let result = stripInternalFields(doc2);
-      if (schema10) {
-        result = applyFLS(result, schema10, currentUser, "read");
-      }
+      const result = applyFLS(stripInternalFields(doc2), schema10, currentUser, "read");
       res.json(result);
     } catch (error48) {
       logger2.error(`Error in GET /${entityName}/${id2}:`, error48);
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.get("/:entityName", withCollection(async (req, res, collection, currentUser) => {
+  router.get("/:entityName", withCollection(async (req, res, collection, schema10, currentUser) => {
     const { entityName } = req.params;
     try {
-      const schema10 = db2.getSchema(entityName);
-      if (schema10?.rls?.read === false) {
-        res.json([]);
-        return;
-      }
       let results = stripInternalFields(await queryEntity(collection, req.query));
-      if (schema10?.rls?.read && schema10.rls.read !== true) {
+      if (schema10.rls?.read && schema10.rls.read !== true) {
         results = results.filter((doc2) => checkRLS(schema10.rls.read, doc2, currentUser));
       }
-      if (schema10) {
-        results = results.map((doc2) => applyFLS(doc2, schema10, currentUser, "read"));
-      }
+      results = results.map((doc2) => applyFLS(doc2, schema10, currentUser, "read"));
       res.json(results);
     } catch (error48) {
       if (error48 instanceof InvalidInputError) {
@@ -254297,12 +254297,11 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       }
     }
   }));
-  router.post("/:entityName", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.post("/:entityName", parseBody, withCollection(async (req, res, collection, schema10, currentUser) => {
     const { appId, entityName } = req.params;
     try {
       const now = new Date().toISOString();
       const { _id, ...body } = req.body;
-      const schema10 = db2.getSchema(entityName);
       if (!checkRLS(schema10?.rls?.create, {
         ...body,
         created_by: currentUser?.email,
@@ -254311,10 +254310,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(403).json({ error: "Permission denied" });
         return;
       }
-      let filteredBody = db2.prepareRecord(entityName, body);
-      if (schema10) {
-        filteredBody = applyFLS(filteredBody, schema10, currentUser, "write");
-      }
+      const filteredBody = applyFLS(db2.prepareRecord(entityName, body), schema10, currentUser, "write");
       db2.validate(entityName, filteredBody);
       const record2 = {
         ...filteredBody,
@@ -254324,7 +254320,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         created_date: now,
         updated_date: now
       };
-      const inserted = stripInternalFields(await collection.insertAsync(record2));
+      const inserted = applyFLS(stripInternalFields(await collection.insertAsync(record2)), schema10, currentUser, "read");
       emit(appId, entityName, "create", inserted);
       res.status(201).json(inserted);
     } catch (error48) {
@@ -254336,7 +254332,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.post("/:entityName/bulk", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.post("/:entityName/bulk", parseBody, withCollection(async (req, res, collection, schema10, currentUser) => {
     const { appId, entityName } = req.params;
     if (!Array.isArray(req.body)) {
       res.status(400).json({ error: "Request body must be an array" });
@@ -254344,7 +254340,6 @@ async function createEntityRoutes(db2, logger2, broadcast) {
     }
     try {
       const now = new Date().toISOString();
-      const schema10 = db2.getSchema(entityName);
       const records = [];
       for (const record2 of req.body) {
         if (!checkRLS(schema10?.rls?.create, {
@@ -254369,7 +254364,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
           updated_date: now
         });
       }
-      const inserted = stripInternalFields(await collection.insertAsync(records));
+      const inserted = applyFLS(stripInternalFields(await collection.insertAsync(records)), schema10, currentUser, "read");
       emit(appId, entityName, "create", inserted);
       res.status(201).json(inserted);
     } catch (error48) {
@@ -254381,12 +254376,11 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.put("/:entityName/:id", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.put("/:entityName/:id", parseBody, withCollection(async (req, res, collection, schema10, currentUser) => {
     const { appId, entityName, id: id2 } = req.params;
     const { id: _id, created_date: _created_date, ...body } = req.body;
     try {
-      const schema10 = db2.getSchema(entityName);
-      if (schema10?.rls?.update !== undefined) {
+      if (schema10.rls?.update !== undefined) {
         const existing = await collection.findOneAsync({ id: id2 });
         if (!existing) {
           res.status(404).json({ error: `Record with id "${id2}" not found` });
@@ -254399,10 +254393,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
           return;
         }
       }
-      let filteredBody = db2.prepareRecord(entityName, body, true);
-      if (schema10) {
-        filteredBody = applyFLS(filteredBody, schema10, currentUser, "write");
-      }
+      const filteredBody = applyFLS(db2.prepareRecord(entityName, body, true), schema10, currentUser, "write");
       db2.validate(entityName, filteredBody, true);
       const updateData = {
         ...filteredBody,
@@ -254413,7 +254404,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(404).json({ error: `Record with id "${id2}" not found` });
         return;
       }
-      const updated = stripInternalFields(result.affectedDocuments);
+      const updated = applyFLS(stripInternalFields(result.affectedDocuments), schema10, currentUser, "read");
       emit(appId, entityName, "update", updated);
       res.json(updated);
     } catch (error48) {
@@ -254425,7 +254416,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.delete("/:entityName/:id", withCollection(async (req, res, collection, currentUser) => {
+  router.delete("/:entityName/:id", withCollection(async (req, res, collection, schema10, currentUser) => {
     const { appId, entityName, id: id2 } = req.params;
     try {
       const doc2 = await collection.findOneAsync({ id: id2 });
@@ -254433,8 +254424,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(404).json({ error: `Record with id "${id2}" not found` });
         return;
       }
-      const schema10 = db2.getSchema(entityName);
-      if (!checkRLS(schema10?.rls?.delete, doc2, currentUser)) {
+      if (!checkRLS(schema10.rls?.delete, doc2, currentUser)) {
         res.status(404).json({
           message: `Entity ${entityName} with ID ${id2} not found`
         });
@@ -254448,11 +254438,10 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.delete("/:entityName", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.delete("/:entityName", parseBody, withCollection(async (req, res, collection, schema10, currentUser) => {
     const { entityName } = req.params;
     try {
       const query = req.body || {};
-      const schema10 = db2.getSchema(entityName);
       const rlsDelete = schema10?.rls?.delete;
       if (rlsDelete !== undefined && rlsDelete !== true) {
         if (rlsDelete === false) {
@@ -260882,4 +260871,4 @@ export {
   CLIExitError
 };
-//# debugId=18683176A875C40664756E2164756E21
+//# debugId=F32E631496E2C78D64756E2164756E21