@drax/crud-back 2.11.0 → 3.0.0

package/dist/controllers/AbstractFastifyController.js

@@ -1,4 +1,4 @@
-import { CommonConfig, DraxConfig, LimitError, NotFoundError, BadRequestError, CommonController } from "@drax/common-back";
+import { CommonConfig, DraxConfig, LimitError, NotFoundError, BadRequestError, CommonController, setNestedValue } from "@drax/common-back";
 import { join } from "path";
 import QueryFilterRegex from "../regexs/QueryFilterRegex.js";
 import CrudEventEmitter from "../events/CrudEventEmitter.js";
@@ -72,15 +72,26 @@ class AbstractFastifyController extends CommonController {
         }
     }
     assertTenant(item, rbac) {
-        if (this.tenantAssert) {
-            const itemTenantId = item[this.tenantField]?._id ? item[this.tenantField]._id.toString() : null;
-            rbac.assertTenantId(itemTenantId);
+        //Si tenantAssert esta habilitado y si ademas el usuario pertenece a un tenant
+        if (this.tenantAssert && rbac.hasTenant) {
+            //Si esta populado
+            if (item[this.tenantField]?._id) {
+                rbac.assertTenantId(item[this.tenantField]._id.toString()); //
+                //Si esta crudo
+            }
+            else if (item[this.tenantField]) {
+                rbac.assertTenantId(item[this.tenantField].toString());
+            }
         }
     }
     assertUser(item, rbac) {
         if (this.userAssert) {
-            const itemUserId = item[this.userField]?._id ? item[this.userField]._id.toString() : null;
-            rbac.assertUserId(itemUserId);
+            if (item[this.userField]?._id) {
+                rbac.assertUserId(item[this.userField]._id.toString());
+            }
+            else if (item[this.userField]) {
+                rbac.assertUserId(item[this.userField].toString());
+            }
         }
     }
     assertUserAndTenant(item, rbac) {
@@ -89,10 +100,10 @@ class AbstractFastifyController extends CommonController {
     }
     applyUserAndTenantSetters(payload, rbac) {
         if (this.tenantSetter && rbac.tenantId) {
-            payload[this.tenantField] = rbac.tenantId;
+            setNestedValue(payload, this.tenantField, rbac.tenantId);
         }
         if (this.userSetter && rbac.userId) {
-            payload[this.userField] = rbac.userId;
+            setNestedValue(payload, this.userField, rbac.userId);
         }
     }
     extractRequestData(request) {
@@ -212,17 +223,21 @@ class AbstractFastifyController extends CommonController {
             const id = request.params.id;
             const payload = request.body;
             let preItem = await this.service.findById(id);
+            if (!preItem) {
+                reply.statusCode = 404;
+                reply.send({ error: 'NOT_FOUND' });
+            }
             if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
-                if (!preItem) {
-                    reply.statusCode = 404;
-                    reply.send({ error: 'NOT_FOUND' });
-                }
+                //Si assertUser habilitado y si el usuario no tiene UpdateAll/All, solo puede modificar sus propios registros
                 this.assertUser(preItem, request.rbac);
             }
-            //Definido el tenant/user en el create no debe modificarse en un update
+            //Si assertTenant habilitado y si usuario tiene tenant, solo puede modificar registros de su tenant
+            this.assertTenant(preItem, request.rbac);
+            //Definido el tenant en create no debe modificarse en un update
             if (this.tenantSetter) {
                 delete payload[this.tenantField];
             }
+            //Definido el user en create no debe modificarse en un update
             if (this.userSetter) {
                 delete payload[this.userField];
             }
@@ -255,17 +270,21 @@ class AbstractFastifyController extends CommonController {
             const id = request.params.id;
             const payload = request.body;
             let preItem = await this.service.findById(id);
+            if (!preItem) {
+                reply.statusCode = 404;
+                reply.send({ error: 'NOT_FOUND' });
+            }
             if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
-                if (!preItem) {
-                    reply.statusCode = 404;
-                    reply.send({ error: 'NOT_FOUND' });
-                }
+                //Si assertUser habilitado y si el usuario no tiene UpdateAll/All, solo puede modificar sus propios registros
                 this.assertUser(preItem, request.rbac);
             }
-            //Definido el tenant/user en el create no debe modificarse en un update
+            //Si assertTenant habilitado y si usuario tiene tenant, solo puede modificar registros de su tenant
+            this.assertTenant(preItem, request.rbac);
+            //Definido el tenant en el create no debe modificarse en un update
             if (this.tenantSetter) {
                 delete payload[this.tenantField];
             }
+            //Definido el user en el create no debe modificarse en un update
             if (this.userSetter) {
                 delete payload[this.userField];
             }
@@ -404,10 +423,12 @@ class AbstractFastifyController extends CommonController {
             const limit = this.defaultLimit;
             const field = request.params.field;
             const value = request.params.value;
-            let items = await this.service.findBy(field, value, limit);
-            for (let item of items) {
-                this.assertUserAndTenant(item, request.rbac);
-            }
+            let filters = [];
+            this.applyUserAndTenantFilters(filters, request.rbac);
+            let items = await this.service.findBy(field, value, limit, filters);
+            // for (let item of items) {
+            //     this.assertUserAndTenant(item, request.rbac)
+            // }
             return items;
         }
         catch (e) {
@@ -423,8 +444,10 @@ class AbstractFastifyController extends CommonController {
             }
             const field = request.params.field;
             const value = request.params.value;
-            let item = await this.service.findOneBy(field, value);
-            this.assertUserAndTenant(item, request.rbac);
+            let filters = [];
+            this.applyUserAndTenantFilters(filters, request.rbac);
+            let item = await this.service.findOneBy(field, value, filters);
+            // this.assertUserAndTenant(item, request.rbac);
             return item;
         }
         catch (e) {

package/dist/repository/AbstractMongoRepository.js

@@ -89,28 +89,32 @@ class AbstractMongoRepository {
             .exec();
         return item;
     }
-    async findByIds(ids) {
+    async findByIds(ids, filters = []) {
         ids.map(id => this.assertId(id));
+        const query = { _id: { $in: ids } };
+        MongooseQueryFilter.applyFilters(query, filters, this._model);
         const items = await this._model
-            .find({ _id: { $in: ids } })
+            .find(query)
             .populate(this._populateFields)
             .lean(this._lean)
             .exec();
         return items;
     }
-    async findOneBy(field, value) {
-        const filter = { [field]: value };
+    async findOneBy(field, value, filters = []) {
+        const query = { [field]: value };
+        MongooseQueryFilter.applyFilters(query, filters, this._model);
         const item = await this._model
-            .findOne(filter)
+            .findOne(query)
             .populate(this._populateFields)
             .lean(this._lean)
             .exec();
         return item;
     }
-    async findBy(field, value, limit = 0) {
-        const filter = { [field]: value };
+    async findBy(field, value, limit = 0, filters = []) {
+        const query = { [field]: value };
+        MongooseQueryFilter.applyFilters(query, filters, this._model);
         const items = await this._model
-            .find(filter)
+            .find(query)
             .limit(limit)
             .populate(this._populateFields)
             .lean(this._lean)

package/dist/repository/AbstractSqliteRepository.js

@@ -200,7 +200,7 @@ class AbstractSqliteRepository {
         }
         return items;
     }
-    async search(value, limit = 1000) {
+    async search(value, limit = 1000, filters = []) {
         let where = "";
         let params = [];
         if (value && this.searchFields.length > 0) {
@@ -225,19 +225,50 @@ class AbstractSqliteRepository {
         await this.decorate(item);
         return item;
     }
-    async findBy(field, value, limit = 0) {
-        const items = this.db.prepare(`SELECT *
-                                       FROM ${this.tableName}
-                                       WHERE ${field} = ? LIMIT ${limit}`).all(value);
+    async findByIds(ids, filters = []) {
+        const inPlaceholders = ids.map(() => '?').join(',');
+        let where = `WHERE ID IN(${inPlaceholders})`;
+        let params = [ids];
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters);
+            where = result.where;
+            params.push(...result.params);
+        }
+        const items = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where}`)
+            .all(params);
         for (const item of items) {
             await this.decorate(item);
         }
         return items;
     }
-    async findOneBy(field, value) {
-        const item = this.db.prepare(`SELECT *
-                                      FROM ${this.tableName}
-                                      WHERE ${field} = ?`).get(value);
+    async findBy(field, value, limit = 0, filters = []) {
+        let where = `WHERE ${field} = ?`;
+        let params = [value];
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters);
+            where = result.where;
+            params.push(...result.params);
+        }
+        const items = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where}  LIMIT ?`)
+            .all([...params, limit]);
+        for (const item of items) {
+            await this.decorate(item);
+        }
+        return items;
+    }
+    async findOneBy(field, value, filters = []) {
+        let where = `WHERE ${field} = ?`;
+        let params = [value];
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters);
+            where = result.where;
+            params.push(...result.params);
+        }
+        const item = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where} LIMIT 1`)
+            .get(params);
         await this.decorate(item);
         return item;
     }

package/dist/services/AbstractService.js

@@ -110,9 +110,12 @@ class AbstractService {
     }
     async updatePartial(id, data) {
         data = await this.validateInputUpdatePartial(data);
+        if (this.transformUpdatePartial) {
+            data = await this.transformUpdatePartial(data);
+        }
         let item = await this._repository.updatePartial(id, data);
-        if (this.onUpdated) {
-            await this.onUpdated(item);
+        if (this.onUpdatedPartial) {
+            await this.onUpdatedPartial(item);
         }
         item = await this.validateOutput(item);
         return item;
@@ -155,9 +158,9 @@ class AbstractService {
             throw e;
         }
     }
-    async findOneBy(field, value) {
+    async findOneBy(field, value, filters = []) {
         try {
-            let item = await this._repository.findOneBy(field, value);
+            let item = await this._repository.findOneBy(field, value, filters);
             if (item && this.transformRead) {
                 item = await this.transformRead(item);
             }
@@ -211,9 +214,9 @@ class AbstractService {
             throw e;
         }
     }
-    async findBy(field, value, limit = 1000) {
+    async findBy(field, value, limit = 1000, filters = []) {
         try {
-            let items = await this._repository.findBy(field, value, limit);
+            let items = await this._repository.findBy(field, value, limit, filters);
             if (this.transformRead) {
                 items = await Promise.all(items.map(item => this.transformRead(item)));
             }

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "2.11.0",
+  "version": "3.0.0",
   "description": "Crud utils across modules",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -22,10 +22,10 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^2.11.0",
-    "@drax/common-share": "^2.0.0",
-    "@drax/identity-share": "^2.0.0",
-    "@drax/media-back": "^2.11.0",
+    "@drax/common-back": "^3.0.0",
+    "@drax/common-share": "^3.0.0",
+    "@drax/identity-share": "^3.0.0",
+    "@drax/media-back": "^3.0.0",
     "@graphql-tools/load-files": "^7.0.0",
     "@graphql-tools/merge": "^9.0.4",
     "mongoose": "^8.23.0",
@@ -44,7 +44,8 @@
     "nodemon": "^3.1.0",
     "ts-node": "^10.9.2",
     "tsc-alias": "^1.8.10",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.3",
+    "vitest": "^3.2.4"
   },
-  "gitHead": "8919d31d4d9512e48ac461b0876dc85a5849daea"
+  "gitHead": "63ae718b24ea25ae80b1a9a5dfb84a3abbb95199"
 }

package/src/controllers/AbstractFastifyController.ts

@@ -5,7 +5,7 @@ import {
     LimitError,
     NotFoundError,
     BadRequestError,
-    CommonController
+    CommonController, setNestedValue
 } from "@drax/common-back";
 import {IRbac} from "@drax/identity-share";
 import type {FastifyReply, FastifyRequest} from "fastify";
@@ -150,17 +150,28 @@ class AbstractFastifyController<T, C, U> extends CommonController {
     }
 
     protected assertTenant(item: T, rbac: IRbac) {
-        if (this.tenantAssert) {
-            const itemTenantId = item[this.tenantField]?._id ? item[this.tenantField]._id.toString() : null
-            rbac.assertTenantId(itemTenantId)
+
+        //Si tenantAssert esta habilitado y si ademas el usuario pertenece a un tenant
+        if (this.tenantAssert && rbac.hasTenant) {
+
+            //Si esta populado
+            if(item[this.tenantField]?._id){
+                rbac.assertTenantId(item[this.tenantField]._id.toString())//
+            //Si esta crudo
+            }else if(item[this.tenantField]){
+                rbac.assertTenantId(item[this.tenantField].toString())
+            }
         }
     }
 
     protected assertUser(item: T, rbac: IRbac) {
 
         if (this.userAssert) {
-            const itemUserId = item[this.userField]?._id ? item[this.userField]._id.toString() : null
-            rbac.assertUserId(itemUserId)
+            if(item[this.userField]?._id){
+                rbac.assertUserId(item[this.userField]._id.toString())
+            }else if(item[this.userField]){
+                rbac.assertUserId(item[this.userField].toString())
+            }
         }
     }
 
@@ -170,12 +181,13 @@ class AbstractFastifyController<T, C, U> extends CommonController {
     }
 
     protected applyUserAndTenantSetters(payload: any, rbac: any) {
+
         if (this.tenantSetter && rbac.tenantId) {
-            payload[this.tenantField] = rbac.tenantId
+            setNestedValue(payload, this.tenantField, rbac.tenantId)
         }
 
         if (this.userSetter && rbac.userId) {
-            payload[this.userField] = rbac.userId
+            setNestedValue(payload, this.userField, rbac.userId)
         }
     }
 
@@ -309,21 +321,24 @@ class AbstractFastifyController<T, C, U> extends CommonController {
 
             let preItem = await this.service.findById(id)
 
-            if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
-
-                if (!preItem) {
-                    reply.statusCode = 404
-                    reply.send({error: 'NOT_FOUND'})
-                }
+            if (!preItem) {
+                reply.statusCode = 404
+                reply.send({error: 'NOT_FOUND'})
+            }
 
+            if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
+                //Si assertUser habilitado y si el usuario no tiene UpdateAll/All, solo puede modificar sus propios registros
                 this.assertUser(preItem, request.rbac)
             }
+            //Si assertTenant habilitado y si usuario tiene tenant, solo puede modificar registros de su tenant
+            this.assertTenant(preItem, request.rbac)
 
-            //Definido el tenant/user en el create no debe modificarse en un update
+            //Definido el tenant en create no debe modificarse en un update
             if(this.tenantSetter) {
                 delete payload[this.tenantField]
             }
 
+            //Definido el user en create no debe modificarse en un update
             if(this.userSetter){
                 delete payload[this.userField]
             }
@@ -365,21 +380,25 @@ class AbstractFastifyController<T, C, U> extends CommonController {
 
             let preItem = await this.service.findById(id)
 
-            if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
-
-                if (!preItem) {
-                    reply.statusCode = 404
-                    reply.send({error: 'NOT_FOUND'})
-                }
+            if (!preItem) {
+                reply.statusCode = 404
+                reply.send({error: 'NOT_FOUND'})
+            }
 
+            if (!request.rbac.hasSomePermission([this.permission.All, this.permission.UpdateAll])) {
+                //Si assertUser habilitado y si el usuario no tiene UpdateAll/All, solo puede modificar sus propios registros
                 this.assertUser(preItem, request.rbac)
             }
 
-            //Definido el tenant/user en el create no debe modificarse en un update
+            //Si assertTenant habilitado y si usuario tiene tenant, solo puede modificar registros de su tenant
+            this.assertTenant(preItem, request.rbac)
+
+            //Definido el tenant en el create no debe modificarse en un update
             if(this.tenantSetter) {
                 delete payload[this.tenantField]
             }
 
+            //Definido el user en el create no debe modificarse en un update
             if(this.userSetter){
                 delete payload[this.userField]
             }
@@ -552,11 +571,15 @@ class AbstractFastifyController<T, C, U> extends CommonController {
             const limit = this.defaultLimit
             const field = request.params.field
             const value = request.params.value
-            let items = await this.service.findBy(field, value, limit)
 
-            for (let item of items) {
-                this.assertUserAndTenant(item, request.rbac)
-            }
+            let filters = []
+            this.applyUserAndTenantFilters(filters, request.rbac);
+
+            let items = await this.service.findBy(field, value, limit, filters)
+
+            // for (let item of items) {
+            //     this.assertUserAndTenant(item, request.rbac)
+            // }
 
             return items
         } catch (e) {
@@ -574,8 +597,13 @@ class AbstractFastifyController<T, C, U> extends CommonController {
 
             const field = request.params.field
             const value = request.params.value
-            let item = await this.service.findOneBy(field, value)
-            this.assertUserAndTenant(item, request.rbac);
+
+            let filters = []
+            this.applyUserAndTenantFilters(filters, request.rbac);
+
+            let item = await this.service.findOneBy(field, value, filters)
+
+            // this.assertUserAndTenant(item, request.rbac);
 
             return item
         } catch (e) {

package/src/repository/AbstractMongoRepository.ts

@@ -122,12 +122,16 @@ class AbstractMongoRepository<T, C, U> implements IDraxCrud<T, C, U> {
         return item as T;
     }
 
-    async findByIds(ids: Array<string>): Promise<T[]> {
+    async findByIds(ids: Array<string>, filters: IDraxFieldFilter[] = []): Promise<T[]> {
 
         ids.map(id => this.assertId(id))
 
+        const query: any = {_id: {$in: ids}}
+
+        MongooseQueryFilter.applyFilters(query, filters, this._model)
+
         const items = await this._model
-            .find({_id: {$in: ids}})
+            .find(query)
             .populate(this._populateFields)
             .lean(this._lean)
             .exec()
@@ -136,11 +140,13 @@ class AbstractMongoRepository<T, C, U> implements IDraxCrud<T, C, U> {
         return items as T[]
     }
 
-    async findOneBy(field: string, value: any): Promise<T | null> {
-        const filter: any = {[field]: value}
+    async findOneBy(field: string, value: any, filters: IDraxFieldFilter[] = []): Promise<T | null> {
+        const query: any = {[field]: value}
+
+        MongooseQueryFilter.applyFilters(query, filters, this._model)
 
         const item = await this._model
-            .findOne(filter)
+            .findOne(query)
             .populate(this._populateFields)
             .lean(this._lean)
             .exec()
@@ -149,10 +155,13 @@ class AbstractMongoRepository<T, C, U> implements IDraxCrud<T, C, U> {
         return item as T
     }
 
-    async findBy(field: string, value: any, limit: number = 0): Promise<T[]> {
-        const filter: any = {[field]: value}
+    async findBy(field: string, value: any, limit: number = 0, filters: IDraxFieldFilter[] = []): Promise<T[]> {
+        const query: any = {[field]: value}
+
+        MongooseQueryFilter.applyFilters(query, filters, this._model)
+
         const items = await this._model
-            .find(filter)
+            .find(query)
             .limit(limit)
             .populate(this._populateFields)
             .lean(this._lean)

package/src/repository/AbstractSqliteRepository.ts

@@ -1,6 +1,6 @@
 import sqlite from "better-sqlite3";
 import type {
-    IDraxCrud,
+    IDraxCrud, IDraxFieldFilter,
     IDraxFindOptions,
     IDraxGroupByOptions,
     IDraxPaginateOptions,
@@ -299,7 +299,7 @@ class AbstractSqliteRepository<T, C, U> implements IDraxCrud<T, C, U> {
         return items
     }
 
-    async search(value: any, limit: number = 1000): Promise<T[]> {
+    async search(value: any, limit: number = 1000, filters: IDraxFieldFilter[] = []): Promise<T[]> {
 
         let where = ""
         let params: any[] = []
@@ -334,22 +334,73 @@ class AbstractSqliteRepository<T, C, U> implements IDraxCrud<T, C, U> {
         return item
     }
 
-    async findBy(field: string, value: any, limit: number = 0): Promise<T[] | null> {
-        const items = this.db.prepare(`SELECT *
-                                       FROM ${this.tableName}
-                                       WHERE ${field} = ? LIMIT ${limit}`).all(value);
+    async findByIds(ids: string[], filters: IDraxFieldFilter[] = []): Promise<T[] | null> {
+
+        const inPlaceholders = ids.map(() => '?').join(',')
+
+        let where = `WHERE ID IN(${inPlaceholders})`
+        let params: any[] = [ids]
+
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters)
+            where = result.where
+            params.push(...result.params)
+        }
+
+        const items = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where}`)
+            .all(params) as T[]
+
         for (const item of items) {
             await this.decorate(item)
         }
+
         return items
+
     }
 
-    async findOneBy(field: string, value: any): Promise<T | null> {
-        const item = this.db.prepare(`SELECT *
-                                      FROM ${this.tableName}
-                                      WHERE ${field} = ?`).get(value);
+    async findBy(field: string, value: any, limit: number = 0, filters: IDraxFieldFilter[] = []): Promise<T[] | null> {
+
+        let where = `WHERE ${field} = ?`
+        let params: any[] = [value]
+
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters)
+            where = result.where
+            params.push(...result.params)
+        }
+
+        const items = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where}  LIMIT ?`)
+            .all([...params, limit]) as T[]
+
+        for (const item of items) {
+            await this.decorate(item)
+        }
+
+        return items
+
+    }
+
+    async findOneBy(field: string, value: any, filters: IDraxFieldFilter[] = []): Promise<T | null> {
+
+        let where = `WHERE ${field} = ?`
+        let params: any[] = [value]
+
+        if (filters.length > 0) {
+            const result = SqlQueryFilter.applyFilters(where, filters)
+            where = result.where
+            params.push(...result.params)
+        }
+
+        const item = this.db
+            .prepare(`SELECT * FROM ${this.tableName} ${where} LIMIT 1`)
+            .get(params) as T
+
         await this.decorate(item)
+
         return item
+
     }
 
     async findOne({