@forestadmin/agent 1.0.3 → 1.1.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/routes/access/chart.js +3 -3
- package/dist/routes/access/count-related.js +3 -3
- package/dist/routes/access/count.js +3 -3
- package/dist/routes/access/csv-related.js +4 -4
- package/dist/routes/access/csv.js +4 -4
- package/dist/routes/access/get.js +3 -3
- package/dist/routes/access/list-related.js +3 -3
- package/dist/routes/access/list.js +3 -3
- package/dist/routes/modification/action.d.ts +1 -1
- package/dist/routes/modification/action.js +24 -7
- package/dist/routes/modification/associate-related.js +3 -3
- package/dist/routes/modification/create.js +4 -4
- package/dist/routes/modification/delete.js +3 -3
- package/dist/routes/modification/dissociate-delete-related.js +3 -3
- package/dist/routes/modification/update-field.js +3 -3
- package/dist/routes/modification/update-relation.js +5 -5
- package/dist/routes/modification/update.js +3 -3
- package/dist/routes/security/scope-invalidation.js +2 -2
- package/dist/services/authorization/authorization.d.ts +31 -0
- package/dist/services/authorization/authorization.js +107 -0
- package/dist/services/authorization/index.d.ts +4 -0
- package/dist/services/authorization/index.js +11 -0
- package/dist/services/authorization/types.d.ts +26 -0
- package/dist/services/authorization/types.js +3 -0
- package/dist/services/index.d.ts +2 -2
- package/dist/services/index.js +8 -6
- package/dist/types.d.ts +2 -0
- package/dist/types.js +1 -1
- package/dist/utils/forest-http-api.d.ts +0 -28
- package/dist/utils/forest-http-api.js +1 -81
- package/dist/utils/options-validator.js +14 -6
- package/package.json +4 -4
- package/dist/services/permissions.d.ts +0 -19
- package/dist/services/permissions.js +0 -85
|
@@ -22,7 +22,7 @@ class Chart extends collection_route_1.default {
|
|
|
22
22
|
router.post(`/stats/${this.collection.name}`, this.handleChart.bind(this));
|
|
23
23
|
}
|
|
24
24
|
async handleChart(context) {
|
|
25
|
-
await this.services.
|
|
25
|
+
await this.services.authorization.assertCanRetrieveChart(context);
|
|
26
26
|
context.response.body = {
|
|
27
27
|
data: {
|
|
28
28
|
id: (0, uuid_1.v1)(),
|
|
@@ -148,7 +148,7 @@ class Chart extends collection_route_1.default {
|
|
|
148
148
|
return rows.length ? rows[0].value : 0;
|
|
149
149
|
}
|
|
150
150
|
async getFilter(context) {
|
|
151
|
-
const scope = await this.services.
|
|
151
|
+
const scope = await this.services.authorization.getScope(this.collection, context);
|
|
152
152
|
return context_filter_factory_1.default.build(this.collection, context, scope);
|
|
153
153
|
}
|
|
154
154
|
}
|
|
@@ -159,4 +159,4 @@ Chart.formats = {
|
|
|
159
159
|
Month: 'MMM yy',
|
|
160
160
|
Year: 'yyyy',
|
|
161
161
|
};
|
|
162
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
162
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhcnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL2FjY2Vzcy9jaGFydC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHdFQVN5QztBQUV6QyxpQ0FBaUM7QUFDakMsK0JBQW9DO0FBR3BDLDJFQUFrRDtBQUNsRCxnR0FBc0U7QUFDdEUsNEVBQXlEO0FBRXpELElBQUssU0FNSjtBQU5ELFdBQUssU0FBUztJQUNaLDRCQUFlLENBQUE7SUFDZixvQ0FBdUIsQ0FBQTtJQUN2Qix3QkFBVyxDQUFBO0lBQ1gsMEJBQWEsQ0FBQTtJQUNiLHdDQUEyQixDQUFBO0FBQzdCLENBQUMsRUFOSSxTQUFTLEtBQVQsU0FBUyxRQU1iO0FBRUQsTUFBcUIsS0FBTSxTQUFRLDBCQUFlO0lBUWhELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDN0UsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBZ0I7UUFDaEMsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVsRSxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRztZQUN0QixJQUFJLEVBQUU7Z0JBQ0osRUFBRSxFQUFFLElBQUEsU0FBTSxHQUFFO2dCQUNaLElBQUksRUFBRSxPQUFPO2dCQUNiLFVBQVUsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUU7YUFDckQ7U0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLEtBQUssQ0FBQyxTQUFTLENBQUMsT0FBZ0I7UUFDdEMsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFFakMsUUFBUSxJQUFJLENBQUMsSUFBSSxFQUFFO1lBQ2pCLEtBQUssU0FBUyxDQUFDLEtBQUs7Z0JBQ2xCLE9BQU8sSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUN0QyxLQUFLLFNBQVMsQ0FBQyxXQUFXO2dCQUN4QixPQUFPLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUM1QyxLQUFLLFNBQVMsQ0FBQyxTQUFTO2dCQUN0QixPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUMxQyxLQUFLLFNBQVMsQ0FBQyxHQUFHO2dCQUNoQixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDcEMsS0FBSyxTQUFTLENBQUMsSUFBSTtnQkFDakIsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3JDO2dCQUNFLE1BQU0sSUFBSSxvQ0FBZSxDQUFDLHVCQUF1QixJQUFJLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQztTQUNsRTtJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsY0FBYyxDQUMxQixPQUFnQjtRQUVoQixNQUFNLE1BQU0sR0FBRyxzQkFBaUIsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEQsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3BELE1BQU0sTUFBTSxHQUFHO1lBQ2IsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFDO1lBQzdELGFBQWEsRUFBRSxTQUFTO1NBQ3pCLENBQUM7UUFFRixNQUFNLGVBQWUsR0FDbEIsYUFBYSxDQUFDLGFBQXFDLEVBQUUsVUFBVSxLQUFLLEtBQUssQ0FBQztRQUM3RSxNQUFNLGlCQUFpQixHQUFHLGFBQWEsQ0FBQyxhQUFhLEVBQUUsUUFBUSxDQUM3RCxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FDakMsQ0FBQztRQUVGLElBQUksaUJBQWlCLElBQUksQ0FBQyxlQUFlLEVBQUU7WUFDekMsTUFBTSxDQUFDLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQzVDLE9BQU8sRUFDUCxrQ0FBYSxDQUFDLHVCQUF1QixDQUFDLGFBQWEsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLENBQ3RFLENBQUM7U0FDSDtRQUVELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsa0JBQWtCLENBQUMsT0FBZ0I7UUFDL0MsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUM7SUFDcEYsQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBZ0I7UUFDekMsTUFBTSxFQUNKLGNBQWMsRUFBRSxZQUFZLEVBQzVCLFNBQVMsRUFDVCxlQUFlLEVBQUUsY0FBYyxHQUNoQyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDO1FBRXpCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQzFDLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFDdEMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUM3QixJQUFJLGdDQUFXLENBQUM7WUFDZCxTQUFTLEVBQUUsU0FBUztZQUNwQixLQUFLLEVBQUUsY0FBYztZQUNyQixNQUFNLEVBQUUsQ0FBQyxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUUsQ0FBQztTQUNsQyxDQUFDLENBQ0gsQ0FBQztRQUVGLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDdEIsR0FBRyxFQUFFLEdBQUcsQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFXO1lBQ3RDLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBZTtTQUMzQixDQUFDLENBQUMsQ0FBQztJQUNOLENBQUM7SUFFTyxLQUFLLENBQUMsYUFBYSxDQUFDLE9BQWdCO1FBQzFDLE1BQU0sRUFDSixTQUFTLEVBQ1QsZUFBZSxFQUFFLGNBQWMsRUFDL0IsbUJBQW1CLEVBQUUsZ0JBQWdCLEVBQ3JDLFVBQVUsRUFBRSxTQUFTLEdBQ3RCLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFFekIsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FDMUMsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUN0QyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQzdCLElBQUksZ0NBQVcsQ0FBQztZQUNkLFNBQVMsRUFBRSxTQUFTO1lBQ3BCLEtBQUssRUFBRSxjQUFjO1lBQ3JCLE1BQU0sRUFBRSxDQUFDLEVBQUUsS0FBSyxFQUFFLGdCQUFnQixFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsQ0FBQztTQUM1RCxDQUFDLENBQ0gsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEVBQUUsQ0FBQztRQUNsQixJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFO1lBQ2pCLE1BQU0sQ0FBQyxnQkFBUSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFXLENBQUMsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxHQUFHLE1BQU0sQ0FDbEYsR0FBRyxDQUFDLEtBQUssQ0FDVixDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQUM7UUFFSCxNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUNyRixNQUFNLElBQUksR0FBRyxnQkFBUSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRXZELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztRQUN0QixNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRXhDLEtBQ0UsSUFBSSxPQUFPLEdBQUcsZ0JBQVEsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQ3hDLE9BQU8sSUFBSSxJQUFJLEVBQ2YsT0FBTyxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQzFDO1lBQ0EsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN2QyxNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQy9DLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLEVBQUUsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1NBQy9DO1FBRUQsT0FBTyxVQUFVLENBQUM7SUFDcEIsQ0FBQztJQUVPLEtBQUssQ0FBQyxvQkFBb0IsQ0FDaEMsT0FBZ0I7UUFFaEIsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDakMsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBbUIsQ0FBQztRQUV2RixJQUFJLFVBQWtCLENBQUM7UUFDdkIsSUFBSSxNQUFjLENBQUM7UUFDbkIsSUFBSSxXQUF3QixDQUFDO1FBRTdCLElBQUksS0FBSyxFQUFFLElBQUksS0FBSyxXQUFXLEVBQUU7WUFDL0IsTUFBTSxPQUFPLEdBQUcsb0NBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1lBRTdGLElBQUksT0FBTyxFQUFFO2dCQUNYLFVBQVUsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUM7Z0JBQ3JDLE1BQU0sR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDdkQsV0FBVyxHQUFHLElBQUksZ0NBQVcsQ0FBQztvQkFDNUIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO29CQUN6QixLQUFLLEVBQUUsSUFBSSxDQUFDLGVBQWU7b0JBQzNCLE1BQU0sRUFBRSxDQUFDLEVBQUUsS0FBSyxFQUFFLEdBQUcsT0FBTyxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDO2lCQUN0RCxDQUFDLENBQUM7YUFDSjtTQUNGO1FBRUQsSUFBSSxLQUFLLEVBQUUsSUFBSSxLQUFLLFlBQVksRUFBRTtZQUNoQyxNQUFNLE1BQU0sR0FBRyxvQ0FBZSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUM7WUFDMUYsTUFBTSxNQUFNLEdBQUcsb0NBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1lBRTFGLElBQUksTUFBTSxJQUFJLE1BQU0sRUFBRTtnQkFDcEIsVUFBVSxHQUFHLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQztnQkFDckMsTUFBTSxHQUFHLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUN0RCxXQUFXLEdBQUcsSUFBSSxnQ0FBVyxDQUFDO29CQUM1QixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7b0JBQ3pCLEtBQUssRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxHQUFHLE1BQU0sSUFBSSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUk7b0JBQ3hFLE1BQU0sRUFBRSxDQUFDLEVBQUUsS0FBSyxFQUFFLEdBQUcsTUFBTSxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDO2lCQUNyRCxDQUFDLENBQUM7YUFDSjtTQUNGO1FBRUQsSUFBSSxVQUFVLElBQUksTUFBTSxJQUFJLFdBQVcsRUFBRTtZQUN2QyxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVO2lCQUMvQixhQUFhLENBQUMsVUFBVSxDQUFDO2lCQUN6QixTQUFTLENBQUMsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1lBRTlGLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQ3RCLEdBQUcsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFXO2dCQUNyRCxLQUFLLEVBQUUsR0FBRyxDQUFDLEtBQWU7YUFDM0IsQ0FBQyxDQUFDLENBQUM7U0FDTDtRQUVELE1BQU0sSUFBSSxvQ0FBZSxDQUN2Qiw4RUFBOEUsQ0FDL0UsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQWdCLEVBQUUsTUFBYztRQUN6RCxNQUFNLEVBQUUsU0FBUyxFQUFFLGVBQWUsRUFBRSxjQUFjLEVBQUUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQztRQUM1RSxNQUFNLFdBQVcsR0FBRyxJQUFJLGdDQUFXLENBQUMsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDO1FBRXJGLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQzFDLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFDdEMsTUFBTSxFQUNOLFdBQVcsQ0FDWixDQUFDO1FBRUYsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBZ0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFTyxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQWdCO1FBQ3RDLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFbkYsT0FBTyxnQ0FBb0IsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDckUsQ0FBQzs7QUFwTkgsd0JBcU5DO0FBcE55QixhQUFPLEdBQWtDO0lBQy9ELEdBQUcsRUFBRSxZQUFZO0lBQ2pCLElBQUksRUFBRSxXQUFXO0lBQ2pCLEtBQUssRUFBRSxRQUFRO0lBQ2YsSUFBSSxFQUFFLE1BQU07Q0FDYixDQUFDIn0=
|
|
@@ -13,10 +13,10 @@ class CountRelatedRoute extends relation_route_1.default {
|
|
|
13
13
|
router.get(`/${this.collection.name}/:parentId/relationships/${this.relationName}/count`, this.handleCountRelated.bind(this));
|
|
14
14
|
}
|
|
15
15
|
async handleCountRelated(context) {
|
|
16
|
-
await this.services.
|
|
16
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
17
17
|
if (this.foreignCollection.schema.countable) {
|
|
18
18
|
const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
|
|
19
|
-
const scope = await this.services.
|
|
19
|
+
const scope = await this.services.authorization.getScope(this.foreignCollection, context);
|
|
20
20
|
const caller = query_string_1.default.parseCaller(context);
|
|
21
21
|
const filter = context_filter_factory_1.default.build(this.foreignCollection, context, scope);
|
|
22
22
|
const aggregationResult = await datasource_toolkit_1.CollectionUtils.aggregateRelation(this.collection, parentId, this.relationName, caller, filter, new datasource_toolkit_1.Aggregation({ operation: 'Count' }));
|
|
@@ -28,4 +28,4 @@ class CountRelatedRoute extends relation_route_1.default {
|
|
|
28
28
|
}
|
|
29
29
|
}
|
|
30
30
|
exports.default = CountRelatedRoute;
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
31
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY291bnQtcmVsYXRlZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9yb3V0ZXMvYWNjZXNzL2NvdW50LXJlbGF0ZWQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSx3RUFBK0U7QUFJL0UsZ0dBQXNFO0FBQ3RFLHdEQUFxQztBQUNyQyw0RUFBeUQ7QUFDekQsdUVBQThDO0FBRTlDLE1BQXFCLGlCQUFrQixTQUFRLHdCQUFhO0lBQzFELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQ1IsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksNEJBQTRCLElBQUksQ0FBQyxZQUFZLFFBQVEsRUFDN0UsSUFBSSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDbkMsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsa0JBQWtCLENBQUMsT0FBZ0I7UUFDOUMsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFakYsSUFBSSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRTtZQUMzQyxNQUFNLFFBQVEsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDbkYsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQzFGLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUN0RCxNQUFNLE1BQU0sR0FBRyxnQ0FBb0IsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLE9BQU8sRUFBRSxLQUFLLENBQUMsQ0FBQztZQUVsRixNQUFNLGlCQUFpQixHQUFHLE1BQU0sb0NBQWUsQ0FBQyxpQkFBaUIsQ0FDL0QsSUFBSSxDQUFDLFVBQVUsRUFDZixRQUFRLEVBQ1IsSUFBSSxDQUFDLFlBQVksRUFDakIsTUFBTSxFQUNOLE1BQU0sRUFDTixJQUFJLGdDQUFXLENBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FDeEMsQ0FBQztZQUVGLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLEVBQUUsS0FBSyxFQUFFLGlCQUFpQixFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxJQUFJLENBQUMsRUFBRSxDQUFDO1NBQ3ZFO2FBQU07WUFDTCxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxFQUFFLElBQUksRUFBRSxFQUFFLEtBQUssRUFBRSxhQUFhLEVBQUUsRUFBRSxDQUFDO1NBQzVEO0lBQ0gsQ0FBQztDQUNGO0FBL0JELG9DQStCQyJ9
|
|
@@ -12,9 +12,9 @@ class CountRoute extends collection_route_1.default {
|
|
|
12
12
|
router.get(`/${this.collection.name}/count`, this.handleCount.bind(this));
|
|
13
13
|
}
|
|
14
14
|
async handleCount(context) {
|
|
15
|
-
await this.services.
|
|
15
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
16
16
|
if (this.collection.schema.countable) {
|
|
17
|
-
const scope = await this.services.
|
|
17
|
+
const scope = await this.services.authorization.getScope(this.collection, context);
|
|
18
18
|
const caller = query_string_1.default.parseCaller(context);
|
|
19
19
|
const filter = context_filter_factory_1.default.build(this.collection, context, scope);
|
|
20
20
|
const aggregation = new datasource_toolkit_1.Aggregation({ operation: 'Count' });
|
|
@@ -28,4 +28,4 @@ class CountRoute extends collection_route_1.default {
|
|
|
28
28
|
}
|
|
29
29
|
}
|
|
30
30
|
exports.default = CountRoute;
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
31
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY291bnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL2FjY2Vzcy9jb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHdFQUE4RDtBQUk5RCwyRUFBa0Q7QUFDbEQsZ0dBQXNFO0FBQ3RFLDRFQUF5RDtBQUV6RCxNQUFxQixVQUFXLFNBQVEsMEJBQWU7SUFDckQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxRQUFRLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBRU0sS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFnQjtRQUN2QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRTtZQUNwQyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ25GLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUN0RCxNQUFNLE1BQU0sR0FBRyxnQ0FBb0IsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFFM0UsTUFBTSxXQUFXLEdBQUcsSUFBSSxnQ0FBVyxDQUFDLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDNUQsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDdkYsTUFBTSxLQUFLLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxLQUFLLElBQUksQ0FBQyxDQUFDO1lBRWpELE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLEVBQUUsS0FBSyxFQUFFLENBQUM7U0FDbkM7YUFBTTtZQUNMLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLEVBQUUsSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLGFBQWEsRUFBRSxFQUFFLENBQUM7U0FDNUQ7SUFDSCxDQUFDO0NBQ0Y7QUF0QkQsNkJBc0JDIn0=
|
|
@@ -16,12 +16,12 @@ class CsvRelatedRoute extends relation_route_1.default {
|
|
|
16
16
|
router.get(`/${this.collection.name}/:parentId/relationships/${this.relationName}.csv`, this.handleRelatedCsv.bind(this));
|
|
17
17
|
}
|
|
18
18
|
async handleRelatedCsv(context) {
|
|
19
|
-
await this.services.
|
|
20
|
-
await this.services.
|
|
19
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
20
|
+
await this.services.authorization.assertCanExport(context, this.collection.name);
|
|
21
21
|
const { header } = context.request.query;
|
|
22
22
|
csv_route_context_1.default.buildResponse(context);
|
|
23
23
|
const projection = query_string_1.default.parseProjection(this.foreignCollection, context);
|
|
24
|
-
const scope = await this.services.
|
|
24
|
+
const scope = await this.services.authorization.getScope(this.foreignCollection, context);
|
|
25
25
|
const caller = query_string_1.default.parseCaller(context);
|
|
26
26
|
const filter = context_filter_factory_1.default.buildPaginated(this.foreignCollection, context, scope);
|
|
27
27
|
const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
|
|
@@ -30,4 +30,4 @@ class CsvRelatedRoute extends relation_route_1.default {
|
|
|
30
30
|
}
|
|
31
31
|
}
|
|
32
32
|
exports.default = CsvRelatedRoute;
|
|
33
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
33
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3N2LXJlbGF0ZWQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL2FjY2Vzcy9jc3YtcmVsYXRlZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHdFQUt5QztBQUV6QyxtQ0FBa0M7QUFHbEMsZ0dBQXNFO0FBQ3RFLDhFQUFxRDtBQUNyRCxzRkFBNEQ7QUFDNUQsd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUN6RCx1RUFBOEM7QUFFOUMsTUFBcUIsZUFBZ0IsU0FBUSx3QkFBYTtJQUN4RCxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLENBQUMsR0FBRyxDQUNSLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLDRCQUE0QixJQUFJLENBQUMsWUFBWSxNQUFNLEVBQzNFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQ2pDLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE9BQWdCO1FBQ3JDLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2pGLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRWpGLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQStCLENBQUM7UUFDbkUsMkJBQWUsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFdkMsTUFBTSxVQUFVLEdBQUcsc0JBQWlCLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUN0RixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUYsTUFBTSxNQUFNLEdBQUcsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RELE1BQU0sTUFBTSxHQUFHLGdDQUFvQixDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNGLE1BQU0sUUFBUSxHQUFHLFlBQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUVuRixNQUFNLEdBQUcsR0FBRyx1QkFBWSxDQUFDLFFBQVEsQ0FDL0IsTUFBTSxFQUNOLFVBQVUsRUFDVixNQUFNLEVBQ04sTUFBTSxFQUNOLElBQUksQ0FBQyxpQkFBaUIsRUFDdEIsS0FBSyxFQUFFLEdBQVcsRUFBRSxHQUFvQixFQUFFLElBQWdCLEVBQUUsRUFBRSxDQUM1RCxvQ0FBZSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsWUFBWSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQzdGLENBQUM7UUFDRixPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxpQkFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM3QyxDQUFDO0NBQ0Y7QUFoQ0Qsa0NBZ0NDIn0=
|
|
@@ -14,12 +14,12 @@ class CsvRoute extends collection_route_1.default {
|
|
|
14
14
|
router.get(`/${this.collection.name}.csv`, this.handleCsv.bind(this));
|
|
15
15
|
}
|
|
16
16
|
async handleCsv(context) {
|
|
17
|
-
await this.services.
|
|
18
|
-
await this.services.
|
|
17
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
18
|
+
await this.services.authorization.assertCanExport(context, this.collection.name);
|
|
19
19
|
const { header } = context.request.query;
|
|
20
20
|
csv_route_context_1.default.buildResponse(context);
|
|
21
21
|
const projection = query_string_1.default.parseProjection(this.collection, context);
|
|
22
|
-
const scope = await this.services.
|
|
22
|
+
const scope = await this.services.authorization.getScope(this.collection, context);
|
|
23
23
|
const caller = query_string_1.default.parseCaller(context);
|
|
24
24
|
const filter = context_filter_factory_1.default.buildPaginated(this.collection, context, scope);
|
|
25
25
|
const list = this.collection.list.bind(this.collection);
|
|
@@ -28,4 +28,4 @@ class CsvRoute extends collection_route_1.default {
|
|
|
28
28
|
}
|
|
29
29
|
}
|
|
30
30
|
exports.default = CsvRoute;
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
31
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3N2LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9hY2Nlc3MvY3N2LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBR0EsbUNBQWtDO0FBRWxDLDJFQUFrRDtBQUNsRCxnR0FBc0U7QUFDdEUsOEVBQXFEO0FBQ3JELHNGQUE0RDtBQUM1RCw0RUFBeUQ7QUFFekQsTUFBcUIsUUFBUyxTQUFRLDBCQUFlO0lBQ25ELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVELEtBQUssQ0FBQyxTQUFTLENBQUMsT0FBZ0I7UUFDOUIsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDakYsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFakYsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBK0IsQ0FBQztRQUNuRSwyQkFBZSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUV2QyxNQUFNLFVBQVUsR0FBRyxzQkFBaUIsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUMvRSxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ25GLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxnQ0FBb0IsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFcEYsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUN4RCxNQUFNLEdBQUcsR0FBRyx1QkFBWSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUM3RixPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxpQkFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM3QyxDQUFDO0NBQ0Y7QUFyQkQsMkJBcUJDIn0=
|
|
@@ -13,10 +13,10 @@ class GetRoute extends collection_route_1.default {
|
|
|
13
13
|
router.get(`/${this.collection.name}/:id`, this.handleGet.bind(this));
|
|
14
14
|
}
|
|
15
15
|
async handleGet(context) {
|
|
16
|
-
await this.services.
|
|
16
|
+
await this.services.authorization.assertCanRead(context, this.collection.name);
|
|
17
17
|
const id = id_1.default.unpackId(this.collection.schema, context.params.id);
|
|
18
18
|
const filter = new datasource_toolkit_1.PaginatedFilter({
|
|
19
|
-
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [id]), await this.services.
|
|
19
|
+
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [id]), await this.services.authorization.getScope(this.collection, context)),
|
|
20
20
|
});
|
|
21
21
|
const records = await this.collection.list(query_string_1.default.parseCaller(context), filter, datasource_toolkit_1.ProjectionFactory.all(this.collection));
|
|
22
22
|
if (!records.length) {
|
|
@@ -26,4 +26,4 @@ class GetRoute extends collection_route_1.default {
|
|
|
26
26
|
}
|
|
27
27
|
}
|
|
28
28
|
exports.default = GetRoute;
|
|
29
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
29
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9hY2Nlc3MvZ2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBSXlDO0FBSXpDLHVDQUF1QztBQUN2QywyRUFBa0Q7QUFDbEQsd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUV6RCxNQUFxQixRQUFTLFNBQVEsMEJBQWU7SUFDbkQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxNQUFNLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUN4RSxDQUFDO0lBRU0sS0FBSyxDQUFDLFNBQVMsQ0FBQyxPQUFnQjtRQUNyQyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvRSxNQUFNLEVBQUUsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdkUsTUFBTSxNQUFNLEdBQUcsSUFBSSxvQ0FBZSxDQUFDO1lBQ2pDLGFBQWEsRUFBRSx5Q0FBb0IsQ0FBQyxTQUFTLENBQzNDLHlDQUFvQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQzNELE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLENBQ3JFO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FDeEMsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUN0QyxNQUFNLEVBQ04sc0NBQWlCLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FDdkMsQ0FBQztRQUVGLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFO1lBQ25CLE9BQU8sQ0FBQyxLQUFLLENBQUMsZ0JBQVEsQ0FBQyxRQUFRLEVBQUUsd0JBQXdCLENBQUMsQ0FBQztTQUM1RDtRQUVELE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQzFGLENBQUM7Q0FDRjtBQTVCRCwyQkE0QkMifQ==
|
|
@@ -13,13 +13,13 @@ class ListRelatedRoute extends relation_route_1.default {
|
|
|
13
13
|
router.get(`/${this.collection.name}/:parentId/relationships/${this.relationName}`, this.handleListRelated.bind(this));
|
|
14
14
|
}
|
|
15
15
|
async handleListRelated(context) {
|
|
16
|
-
await this.services.
|
|
16
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
17
17
|
const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
|
|
18
|
-
const scope = await this.services.
|
|
18
|
+
const scope = await this.services.authorization.getScope(this.foreignCollection, context);
|
|
19
19
|
const paginatedFilter = context_filter_factory_1.default.buildPaginated(this.foreignCollection, context, scope);
|
|
20
20
|
const records = await datasource_toolkit_1.CollectionUtils.listRelation(this.collection, parentId, this.relationName, query_string_1.default.parseCaller(context), paginatedFilter, query_string_1.default.parseProjectionWithPks(this.foreignCollection, context));
|
|
21
21
|
context.response.body = this.services.serializer.serializeWithSearchMetadata(this.foreignCollection, records, paginatedFilter.search);
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
exports.default = ListRelatedRoute;
|
|
25
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
25
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlzdC1yZWxhdGVkLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9hY2Nlc3MvbGlzdC1yZWxhdGVkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBQWtFO0FBSWxFLGdHQUFzRTtBQUN0RSx3REFBcUM7QUFDckMsNEVBQXlEO0FBQ3pELHVFQUE4QztBQUU5QyxNQUFxQixnQkFBaUIsU0FBUSx3QkFBYTtJQUN6RCxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLENBQUMsR0FBRyxDQUNSLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLDRCQUE0QixJQUFJLENBQUMsWUFBWSxFQUFFLEVBQ3ZFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQ2xDLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQWdCO1FBQzdDLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRWpGLE1BQU0sUUFBUSxHQUFHLFlBQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNuRixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUYsTUFBTSxlQUFlLEdBQUcsZ0NBQW9CLENBQUMsY0FBYyxDQUN6RCxJQUFJLENBQUMsaUJBQWlCLEVBQ3RCLE9BQU8sRUFDUCxLQUFLLENBQ04sQ0FBQztRQUVGLE1BQU0sT0FBTyxHQUFHLE1BQU0sb0NBQWUsQ0FBQyxZQUFZLENBQ2hELElBQUksQ0FBQyxVQUFVLEVBQ2YsUUFBUSxFQUNSLElBQUksQ0FBQyxZQUFZLEVBQ2pCLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFDdEMsZUFBZSxFQUNmLHNCQUFpQixDQUFDLHNCQUFzQixDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxPQUFPLENBQUMsQ0FDMUUsQ0FBQztRQUVGLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLDJCQUEyQixDQUMxRSxJQUFJLENBQUMsaUJBQWlCLEVBQ3RCLE9BQU8sRUFDUCxlQUFlLENBQUMsTUFBTSxDQUN2QixDQUFDO0lBQ0osQ0FBQztDQUNGO0FBbENELG1DQWtDQyJ9
|
|
@@ -11,12 +11,12 @@ class ListRoute extends collection_route_1.default {
|
|
|
11
11
|
router.get(`/${this.collection.name}`, this.handleList.bind(this));
|
|
12
12
|
}
|
|
13
13
|
async handleList(context) {
|
|
14
|
-
await this.services.
|
|
15
|
-
const scope = await this.services.
|
|
14
|
+
await this.services.authorization.assertCanBrowse(context, this.collection.name);
|
|
15
|
+
const scope = await this.services.authorization.getScope(this.collection, context);
|
|
16
16
|
const paginatedFilter = context_filter_factory_1.default.buildPaginated(this.collection, context, scope);
|
|
17
17
|
const records = await this.collection.list(query_string_1.default.parseCaller(context), paginatedFilter, query_string_1.default.parseProjectionWithPks(this.collection, context));
|
|
18
18
|
context.response.body = this.services.serializer.serializeWithSearchMetadata(this.collection, records, paginatedFilter.search);
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
21
|
exports.default = ListRoute;
|
|
22
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
22
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9yb3V0ZXMvYWNjZXNzL2xpc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFHQSwyRUFBa0Q7QUFDbEQsZ0dBQXNFO0FBQ3RFLDRFQUF5RDtBQUV6RCxNQUFxQixTQUFVLFNBQVEsMEJBQWU7SUFDcEQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRU0sS0FBSyxDQUFDLFVBQVUsQ0FBQyxPQUFnQjtRQUN0QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ25GLE1BQU0sZUFBZSxHQUFHLGdDQUFvQixDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUU3RixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUN4QyxzQkFBaUIsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLEVBQ3RDLGVBQWUsRUFDZixzQkFBaUIsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUNuRSxDQUFDO1FBRUYsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsMkJBQTJCLENBQzFFLElBQUksQ0FBQyxVQUFVLEVBQ2YsT0FBTyxFQUNQLGVBQWUsQ0FBQyxNQUFNLENBQ3ZCLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF2QkQsNEJBdUJDIn0=
|
|
@@ -10,7 +10,7 @@ export default class ActionRoute extends CollectionRoute {
|
|
|
10
10
|
setupRoutes(router: Router): void;
|
|
11
11
|
private handleExecute;
|
|
12
12
|
private handleHook;
|
|
13
|
-
private
|
|
13
|
+
private middlewareCustomActionApprovalRequestData;
|
|
14
14
|
private getRecordSelection;
|
|
15
15
|
}
|
|
16
16
|
//# sourceMappingURL=action.d.ts.map
|
|
@@ -20,12 +20,11 @@ class ActionRoute extends collection_route_1.default {
|
|
|
20
20
|
setupRoutes(router) {
|
|
21
21
|
const actionIndex = Object.keys(this.collection.schema.actions).indexOf(this.actionName);
|
|
22
22
|
const path = `/_actions/${this.collection.name}/${actionIndex}`;
|
|
23
|
-
router.post(`${path}/:slug`, this.handleExecute.bind(this));
|
|
23
|
+
router.post(`${path}/:slug`, this.middlewareCustomActionApprovalRequestData.bind(this), this.handleExecute.bind(this));
|
|
24
24
|
router.post(`${path}/:slug/hooks/load`, this.handleHook.bind(this));
|
|
25
25
|
router.post(`${path}/:slug/hooks/change`, this.handleHook.bind(this));
|
|
26
26
|
}
|
|
27
27
|
async handleExecute(context) {
|
|
28
|
-
await this.checkPermissions(context);
|
|
29
28
|
const { dataSource } = this.collection;
|
|
30
29
|
const caller = query_string_1.default.parseCaller(context);
|
|
31
30
|
const filter = await this.getRecordSelection(context);
|
|
@@ -66,7 +65,7 @@ class ActionRoute extends collection_route_1.default {
|
|
|
66
65
|
}
|
|
67
66
|
}
|
|
68
67
|
async handleHook(context) {
|
|
69
|
-
await this.
|
|
68
|
+
await this.services.authorization.assertCanRequestCustomActionParameters(context, this.actionName, this.collection.name);
|
|
70
69
|
const { dataSource } = this.collection;
|
|
71
70
|
const forestFields = context.request.body?.data?.attributes?.fields;
|
|
72
71
|
const data = forestFields
|
|
@@ -79,15 +78,33 @@ class ActionRoute extends collection_route_1.default {
|
|
|
79
78
|
fields: fields.map(field => generator_actions_1.default.buildFieldSchema(this.collection.dataSource, field)),
|
|
80
79
|
};
|
|
81
80
|
}
|
|
82
|
-
async
|
|
83
|
-
|
|
81
|
+
async middlewareCustomActionApprovalRequestData(context, next) {
|
|
82
|
+
const requestBody = context.request.body;
|
|
83
|
+
if (requestBody?.data?.attributes?.signed_approval_request) {
|
|
84
|
+
const signedParameters = this.services.authorization.verifySignedActionParameters(requestBody.data.attributes.signed_approval_request);
|
|
85
|
+
await this.services.authorization.assertCanApproveCustomAction({
|
|
86
|
+
context,
|
|
87
|
+
customActionName: this.actionName,
|
|
88
|
+
collectionName: this.collection.name,
|
|
89
|
+
requesterId: signedParameters?.data?.attributes?.requester_id,
|
|
90
|
+
});
|
|
91
|
+
context.request.body = signedParameters;
|
|
92
|
+
}
|
|
93
|
+
else {
|
|
94
|
+
await this.services.authorization.assertCanTriggerCustomAction({
|
|
95
|
+
context,
|
|
96
|
+
customActionName: this.actionName,
|
|
97
|
+
collectionName: this.collection.name,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
return next();
|
|
84
101
|
}
|
|
85
102
|
async getRecordSelection(context) {
|
|
86
103
|
const selectionIds = body_parser_1.default.parseSelectionIds(this.collection.schema, context);
|
|
87
104
|
let selectedIds = datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, selectionIds.ids);
|
|
88
105
|
if (selectionIds.areExcluded)
|
|
89
106
|
selectedIds = selectedIds.inverse();
|
|
90
|
-
const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(selectedIds, query_string_1.default.parseConditionTree(this.collection, context), await this.services.
|
|
107
|
+
const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(selectedIds, query_string_1.default.parseConditionTree(this.collection, context), await this.services.authorization.getScope(this.collection, context));
|
|
91
108
|
const caller = query_string_1.default.parseCaller(context);
|
|
92
109
|
const filter = context_filter_factory_1.default.build(this.collection, context, null, { conditionTree });
|
|
93
110
|
const attributes = context.request?.body?.data?.attributes;
|
|
@@ -101,4 +118,4 @@ class ActionRoute extends collection_route_1.default {
|
|
|
101
118
|
}
|
|
102
119
|
}
|
|
103
120
|
exports.default = ActionRoute;
|
|
104
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
121
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWN0aW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vYWN0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBS3lDO0FBSXpDLHVDQUFpRTtBQU1qRSwwRUFBaUQ7QUFDakQsMkVBQWtEO0FBQ2xELGdHQUFzRTtBQUN0RSw0RkFBMkU7QUFDM0Usd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUN6RCxvR0FBaUY7QUFFakYsTUFBcUIsV0FBWSxTQUFRLDBCQUFlO0lBR3RELFlBQ0UsUUFBdUMsRUFDdkMsT0FBaUMsRUFDakMsVUFBc0IsRUFDdEIsY0FBc0IsRUFDdEIsVUFBa0I7UUFFbEIsS0FBSyxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLGNBQWMsQ0FBQyxDQUFDO1FBQ3JELElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDO0lBQy9CLENBQUM7SUFFRCxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDekYsTUFBTSxJQUFJLEdBQUcsYUFBYSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUVoRSxNQUFNLENBQUMsSUFBSSxDQUNULEdBQUcsSUFBSSxRQUFRLEVBQ2YsSUFBSSxDQUFDLHlDQUF5QyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFDekQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQzlCLENBQUM7UUFDRixNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsSUFBSSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQ3BFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLHFCQUFxQixFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQUMsT0FBZ0I7UUFDMUMsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFDdkMsTUFBTSxNQUFNLEdBQUcsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RELE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDO1FBRTVELDhGQUE4RjtRQUM5RiwyRkFBMkY7UUFDM0YsTUFBTSxVQUFVLEdBQUcsdUJBQW9CLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDcEUsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFMUYsZ0VBQWdFO1FBQ2hFLE1BQU0sSUFBSSxHQUFHLHVCQUFvQixDQUFDLFlBQVksQ0FBQyxVQUFVLEVBQUUsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzVFLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBRXBGLElBQUksTUFBTSxFQUFFLElBQUksS0FBSyxPQUFPLEVBQUU7WUFDNUIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsZ0JBQVEsQ0FBQyxVQUFVLENBQUM7WUFDOUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUcsRUFBRSxLQUFLLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO1NBQ3RFO2FBQU0sSUFBSSxNQUFNLEVBQUUsSUFBSSxLQUFLLFNBQVMsRUFBRTtZQUNyQyxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRztnQkFDdEIsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPO2dCQUN2QixJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUk7Z0JBQ2pCLE9BQU8sRUFBRSxFQUFFLGFBQWEsRUFBRSxDQUFDLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFO2FBQ3BELENBQUM7U0FDSDthQUFNLElBQUksTUFBTSxFQUFFLElBQUksS0FBSyxTQUFTLEVBQUU7WUFDckMsTUFBTSxFQUFFLEdBQUcsRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLE1BQU0sQ0FBQztZQUM5QyxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxFQUFFLE9BQU8sRUFBRSxFQUFFLEdBQUcsRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxFQUFFLENBQUM7U0FDckU7YUFBTSxJQUFJLE1BQU0sRUFBRSxJQUFJLEtBQUssVUFBVSxFQUFFO1lBQ3RDLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLEVBQUUsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUNyRDthQUFNLElBQUksTUFBTSxFQUFFLElBQUksS0FBSyxNQUFNLEVBQUU7WUFDbEMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLCtCQUErQixFQUFFLHFCQUFxQixDQUFDLENBQUM7WUFDN0UsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQztZQUN4QyxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDO1NBQ3ZDO2FBQU07WUFDTCxNQUFNLElBQUksS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7U0FDOUM7SUFDSCxDQUFDO0lBRU8sS0FBSyxDQUFDLFVBQVUsQ0FBQyxPQUFnQjtRQUN2QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLHNDQUFzQyxDQUN0RSxPQUFPLEVBQ1AsSUFBSSxDQUFDLFVBQVUsRUFDZixJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FDckIsQ0FBQztRQUVGLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQ3ZDLE1BQU0sWUFBWSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsTUFBTSxDQUFDO1FBQ3BFLE1BQU0sSUFBSSxHQUFHLFlBQVk7WUFDdkIsQ0FBQyxDQUFDLHVCQUFvQixDQUFDLHNCQUFzQixDQUFDLFVBQVUsRUFBRSxZQUFZLENBQUM7WUFDdkUsQ0FBQyxDQUFDLElBQUksQ0FBQztRQUVULE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVwRixPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRztZQUN0QixNQUFNLEVBQUUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUN6QiwyQkFBc0IsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FDM0U7U0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxPQUFnQixFQUFFLElBQVU7UUFDbEYsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFzQyxDQUFDO1FBRTNFLElBQUksV0FBVyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsdUJBQXVCLEVBQUU7WUFDMUQsTUFBTSxnQkFBZ0IsR0FDcEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsNEJBQTRCLENBQ3RELFdBQVcsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLHVCQUF1QixDQUNwRCxDQUFDO1lBQ0osTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyw0QkFBNEIsQ0FBQztnQkFDN0QsT0FBTztnQkFDUCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsVUFBVTtnQkFDakMsY0FBYyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSTtnQkFDcEMsV0FBVyxFQUFFLGdCQUFnQixFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsWUFBWTthQUM5RCxDQUFDLENBQUM7WUFDSCxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksR0FBRyxnQkFBZ0IsQ0FBQztTQUN6QzthQUFNO1lBQ0wsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyw0QkFBNEIsQ0FBQztnQkFDN0QsT0FBTztnQkFDUCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsVUFBVTtnQkFDakMsY0FBYyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSTthQUNyQyxDQUFDLENBQUM7U0FDSjtRQUVELE9BQU8sSUFBSSxFQUFFLENBQUM7SUFDaEIsQ0FBQztJQUVPLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxPQUFnQjtRQUMvQyxNQUFNLFlBQVksR0FBRyxxQkFBVSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ25GLElBQUksV0FBVyxHQUFHLHlDQUFvQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDMUYsSUFBSSxZQUFZLENBQUMsV0FBVztZQUFFLFdBQVcsR0FBRyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbEUsTUFBTSxhQUFhLEdBQUcseUNBQW9CLENBQUMsU0FBUyxDQUNsRCxXQUFXLEVBQ1gsc0JBQWlCLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsRUFDOUQsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FDckUsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxnQ0FBb0IsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUM3RixNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsT0FBTyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDO1FBRTNELElBQUksVUFBVSxFQUFFLHVCQUF1QixFQUFFO1lBQ3ZDLE1BQU0sUUFBUSxHQUFHLFVBQVUsRUFBRSx1QkFBdUIsQ0FBQztZQUNyRCxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO1lBQzFGLE1BQU0sUUFBUSxHQUFHLFlBQU8sQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxFQUFFLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO1lBRTVGLE9BQU8sa0NBQWEsQ0FBQyxpQkFBaUIsQ0FBQyxnQkFBZ0IsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztTQUM5RjtRQUVELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7Q0FDRjtBQTdJRCw4QkE2SUMifQ==
|
|
@@ -14,10 +14,10 @@ class AssociateRelatedRoute extends relation_route_1.default {
|
|
|
14
14
|
router.post(`/${this.collection.name}/:parentId/relationships/${this.relationName}`, this.handleAssociateRelatedRoute.bind(this));
|
|
15
15
|
}
|
|
16
16
|
async handleAssociateRelatedRoute(context) {
|
|
17
|
-
await this.services.
|
|
17
|
+
await this.services.authorization.assertCanEdit(context, this.collection.name);
|
|
18
18
|
const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
|
|
19
19
|
const targetedRelationId = id_1.default.unpackId(this.foreignCollection.schema, context.request.body?.data[0].id);
|
|
20
|
-
const scope = await this.services.
|
|
20
|
+
const scope = await this.services.authorization.getScope(this.foreignCollection, context);
|
|
21
21
|
const relation = datasource_toolkit_1.SchemaUtils.getToManyRelation(this.collection.schema, this.relationName);
|
|
22
22
|
const caller = query_string_1.default.parseCaller(context);
|
|
23
23
|
if (relation.type === 'OneToMany') {
|
|
@@ -48,4 +48,4 @@ class AssociateRelatedRoute extends relation_route_1.default {
|
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
exports.default = AssociateRelatedRoute;
|
|
51
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
51
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzb2NpYXRlLXJlbGF0ZWQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL21vZGlmaWNhdGlvbi9hc3NvY2lhdGUtcmVsYXRlZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHdFQVV5QztBQUl6Qyx1Q0FBdUM7QUFDdkMsZ0dBQXNFO0FBQ3RFLHdEQUFxQztBQUNyQyw0RUFBeUQ7QUFDekQsdUVBQThDO0FBRTlDLE1BQXFCLHFCQUFzQixTQUFRLHdCQUFhO0lBQzlELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQ1QsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksNEJBQTRCLElBQUksQ0FBQyxZQUFZLEVBQUUsRUFDdkUsSUFBSSxDQUFDLDJCQUEyQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDNUMsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsMkJBQTJCLENBQUMsT0FBZ0I7UUFDdkQsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDL0UsTUFBTSxRQUFRLEdBQUcsWUFBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ25GLE1BQU0sa0JBQWtCLEdBQUcsWUFBTyxDQUFDLFFBQVEsQ0FDekMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFDN0IsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDakMsQ0FBQztRQUNGLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUMxRixNQUFNLFFBQVEsR0FBRyxnQ0FBVyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUMxRixNQUFNLE1BQU0sR0FBRyxzQkFBaUIsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFdEQsSUFBSSxRQUFRLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFBRTtZQUNqQyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsa0JBQWtCLEVBQUUsT0FBTyxDQUFDLENBQUM7U0FDL0Y7YUFBTTtZQUNMLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLGtCQUFrQixDQUFDLENBQUM7U0FDaEY7UUFFRCxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxnQkFBUSxDQUFDLFNBQVMsQ0FBQztJQUMvQyxDQUFDO0lBRUQsS0FBSyxDQUFDLGtCQUFrQixDQUN0QixNQUFjLEVBQ2QsS0FBb0IsRUFDcEIsUUFBeUIsRUFDekIsUUFBcUIsRUFDckIsa0JBQStCLEVBQy9CLE9BQWdCO1FBRWhCLE1BQU0sQ0FBQyxFQUFFLENBQUMsR0FBRyxnQ0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdkUsSUFBSSxLQUFLLEdBQUcsTUFBTSxvQ0FBZSxDQUFDLFFBQVEsQ0FDeEMsSUFBSSxDQUFDLGlCQUFpQixFQUN0QixNQUFNLEVBQ04sa0JBQWtCLEVBQ2xCLEVBQUUsQ0FDSCxDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQUcsZ0NBQW9CLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRTtZQUN6RSxhQUFhLEVBQUUseUNBQW9CLENBQUMsU0FBUyxDQUMzQyxJQUFJLHNDQUFpQixDQUFDLEVBQUUsRUFBRSxPQUFPLEVBQUUsS0FBSyxDQUFDLEVBQ3pDLEtBQUssQ0FDTjtTQUNGLENBQUMsQ0FBQztRQUNILEtBQUssR0FBRyxNQUFNLG9DQUFlLENBQUMsUUFBUSxDQUNwQyxJQUFJLENBQUMsVUFBVSxFQUNmLE1BQU0sRUFDTixRQUFRLEVBQ1IsUUFBUSxDQUFDLGVBQWUsQ0FDekIsQ0FBQztRQUNGLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLEVBQUUsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRUQsS0FBSyxDQUFDLG1CQUFtQixDQUN2QixNQUFjLEVBQ2QsUUFBMEIsRUFDMUIsUUFBcUIsRUFDckIsa0JBQStCO1FBRS9CLElBQUksQ0FBQyxFQUFFLENBQUMsR0FBRyxnQ0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDckUsTUFBTSxPQUFPLEdBQUcsTUFBTSxvQ0FBZSxDQUFDLFFBQVEsQ0FDNUMsSUFBSSxDQUFDLGlCQUFpQixFQUN0QixNQUFNLEVBQ04sa0JBQWtCLEVBQ2xCLEVBQUUsQ0FDSCxDQUFDO1FBQ0YsQ0FBQyxFQUFFLENBQUMsR0FBRyxnQ0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzFELE1BQU0sTUFBTSxHQUFHLE1BQU0sb0NBQWUsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3JGLE1BQU0sTUFBTSxHQUFHLEVBQUUsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBRWhGLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDcEYsTUFBTSxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUNuRCxDQUFDO0NBQ0Y7QUE5RUQsd0NBOEVDIn0=
|
|
@@ -11,7 +11,7 @@ class CreateRoute extends collection_route_1.default {
|
|
|
11
11
|
router.post(`/${this.collection.name}`, this.handleCreate.bind(this));
|
|
12
12
|
}
|
|
13
13
|
async handleCreate(context) {
|
|
14
|
-
await this.services.
|
|
14
|
+
await this.services.authorization.assertCanAdd(context, this.collection.name);
|
|
15
15
|
const { serializer } = this.services;
|
|
16
16
|
const rawRecord = serializer.deserialize(this.collection, context.request.body);
|
|
17
17
|
const [record, relations] = await this.makeRecord(context, rawRecord);
|
|
@@ -53,8 +53,8 @@ class CreateRoute extends collection_route_1.default {
|
|
|
53
53
|
return;
|
|
54
54
|
// Permissions
|
|
55
55
|
const foreignCollection = this.dataSource.getCollection(relation.foreignCollection);
|
|
56
|
-
const scope = await this.services.
|
|
57
|
-
await this.services.
|
|
56
|
+
const scope = await this.services.authorization.getScope(foreignCollection, context);
|
|
57
|
+
await this.services.authorization.assertCanEdit(context, this.collection.name);
|
|
58
58
|
// Load the value that will be used as originKey (=== parentId[0] most of the time)
|
|
59
59
|
const originValue = record[relation.originKeyTarget];
|
|
60
60
|
// Break old relation (may update zero or one records).
|
|
@@ -80,4 +80,4 @@ class CreateRoute extends collection_route_1.default {
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
exports.default = CreateRoute;
|
|
83
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
83
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JlYXRlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vY3JlYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBV3lDO0FBSXpDLDJFQUFrRDtBQUNsRCw0RUFBeUQ7QUFFekQsTUFBcUIsV0FBWSxTQUFRLDBCQUFlO0lBQ3RELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVNLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBZ0I7UUFDeEMsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFOUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsVUFBVSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFaEYsTUFBTSxDQUFDLE1BQU0sRUFBRSxTQUFTLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ3RFLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFM0QsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUVoRSxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxVQUFVLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFBRSxHQUFHLFNBQVMsRUFBRSxHQUFHLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDaEcsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVLENBQ3RCLE9BQWdCLEVBQ2hCLE1BQWtCO1FBRWxCLE1BQU0sS0FBSyxHQUFlLEVBQUUsQ0FBQztRQUM3QixNQUFNLFNBQVMsR0FBK0IsRUFBRSxDQUFDO1FBRWpELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFO1lBQ25FLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUVwRCxJQUFJLE1BQU0sRUFBRSxJQUFJLEtBQUssVUFBVSxJQUFJLE1BQU0sRUFBRSxJQUFJLEtBQUssV0FBVyxFQUFFO2dCQUMvRCxTQUFTLENBQUMsS0FBSyxDQUFDLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxLQUFvQixDQUFDLENBQUM7YUFDeEU7WUFFRCxJQUFJLE1BQU0sRUFBRSxJQUFJLEtBQUssV0FBVyxFQUFFO2dCQUNoQyxLQUFLLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUN0RCxPQUFPLEVBQ1AsS0FBSyxFQUNMLEtBQW9CLENBQ3JCLENBQUM7YUFDSDtZQUVELElBQUksTUFBTSxFQUFFLElBQUksS0FBSyxRQUFRLEVBQUU7Z0JBQzdCLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxLQUFLLENBQUM7YUFDdEI7UUFDSCxDQUFDLENBQUMsQ0FBQztRQUVILE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUU1QixPQUFPLENBQUMsS0FBSyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQzVCLENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQWdCLEVBQUUsS0FBaUI7UUFDNUQsTUFBTSxNQUFNLEdBQUcsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXRELElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxNQUFNLEVBQUU7WUFDN0Isb0NBQWUsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztTQUNsRDtRQUVELE1BQU0sQ0FBQyxNQUFNLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7UUFFL0QsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVPLEtBQUssQ0FBQyxxQkFBcUIsQ0FDakMsT0FBZ0IsRUFDaEIsTUFBa0IsRUFDbEIsU0FBcUM7UUFFckMsTUFBTSxNQUFNLEdBQUcsc0JBQWlCLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXRELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsRUFBRSxFQUFFO1lBQ3ZFLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN0RCxJQUFJLFFBQVEsQ0FBQyxJQUFJLEtBQUssVUFBVTtnQkFBRSxPQUFPO1lBRXpDLGNBQWM7WUFDZCxNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1lBQ3BGLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ3JGLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRS9FLG1GQUFtRjtZQUNuRixNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBRXJELHVEQUF1RDtZQUN2RCxNQUFNLFVBQVUsR0FBRyxJQUFJLHNDQUFpQixDQUFDLFFBQVEsQ0FBQyxTQUFTLEVBQUUsT0FBTyxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ25GLE1BQU0saUJBQWlCLENBQUMsTUFBTSxDQUM1QixNQUFNLEVBQ04sSUFBSSwyQkFBTSxDQUFDLEVBQUUsYUFBYSxFQUFFLHlDQUFvQixDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQyxFQUNoRixFQUFFLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxFQUFFLElBQUksRUFBRSxDQUMvQixDQUFDO1lBRUYsd0RBQXdEO1lBQ3hELE1BQU0sVUFBVSxHQUFHLHlDQUFvQixDQUFDLFlBQVksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBQ3pGLE1BQU0saUJBQWlCLENBQUMsTUFBTSxDQUM1QixNQUFNLEVBQ04sSUFBSSwyQkFBTSxDQUFDLEVBQUUsYUFBYSxFQUFFLHlDQUFvQixDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQyxFQUNoRixFQUFFLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxFQUFFLFdBQVcsRUFBRSxDQUN0QyxDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQUM7UUFFSCxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVPLGlCQUFpQixDQUFDLEtBQWEsRUFBRSxFQUFlO1FBQ3RELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQW1CLENBQUM7UUFDdEUsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUNsRixNQUFNLE1BQU0sR0FBRyxnQ0FBVyxDQUFDLGNBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVwRSxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNsRixDQUFDO0lBRU8sS0FBSyxDQUFDLGtCQUFrQixDQUM5QixPQUFnQixFQUNoQixLQUFhLEVBQ2IsRUFBZTtRQUVmLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFvQixDQUFDO1FBQ3ZFLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFFbEYsT0FBTyxvQ0FBZSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQzFGLENBQUM7Q0FDRjtBQXpIRCw4QkF5SEMifQ==
|
|
@@ -16,7 +16,7 @@ class DeleteRoute extends collection_route_1.default {
|
|
|
16
16
|
router.delete(`/${this.collection.name}/:id`, this.handleDelete.bind(this));
|
|
17
17
|
}
|
|
18
18
|
async handleDelete(context) {
|
|
19
|
-
await this.services.
|
|
19
|
+
await this.services.authorization.assertCanDelete(context, this.collection.name);
|
|
20
20
|
const id = id_1.default.unpackId(this.collection.schema, context.params.id);
|
|
21
21
|
await this.deleteRecords(context, { ids: [id], areExcluded: false });
|
|
22
22
|
context.response.status = types_1.HttpCode.NoContent;
|
|
@@ -32,10 +32,10 @@ class DeleteRoute extends collection_route_1.default {
|
|
|
32
32
|
selectedIds = selectedIds.inverse();
|
|
33
33
|
const caller = query_string_1.default.parseCaller(context);
|
|
34
34
|
const filter = context_filter_factory_1.default.build(this.collection, context, null, {
|
|
35
|
-
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(query_string_1.default.parseConditionTree(this.collection, context), await this.services.
|
|
35
|
+
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(query_string_1.default.parseConditionTree(this.collection, context), await this.services.authorization.getScope(this.collection, context), selectedIds),
|
|
36
36
|
});
|
|
37
37
|
await this.collection.delete(caller, filter);
|
|
38
38
|
}
|
|
39
39
|
}
|
|
40
40
|
exports.default = DeleteRoute;
|
|
41
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
41
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVsZXRlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vZGVsZXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBQXVFO0FBSXZFLHVDQUFxRDtBQUNyRCwwRUFBaUQ7QUFDakQsMkVBQWtEO0FBQ2xELGdHQUFzRTtBQUN0RSx3REFBcUM7QUFDckMsNEVBQXlEO0FBRXpELE1BQXFCLFdBQVksU0FBUSwwQkFBZTtJQUN0RCxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDNUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxNQUFNLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRU0sS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFnQjtRQUN4QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRixNQUFNLEVBQUUsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdkUsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBRXJFLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLGdCQUFRLENBQUMsU0FBUyxDQUFDO0lBQy9DLENBQUM7SUFFTSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBZ0I7UUFDNUMsTUFBTSxZQUFZLEdBQUcscUJBQVUsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRixNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRWhELE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLGdCQUFRLENBQUMsU0FBUyxDQUFDO0lBQy9DLENBQUM7SUFFTyxLQUFLLENBQUMsYUFBYSxDQUFDLE9BQWdCLEVBQUUsWUFBMEI7UUFDdEUsSUFBSSxXQUFXLEdBQUcseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUMxRixJQUFJLFlBQVksQ0FBQyxXQUFXO1lBQUUsV0FBVyxHQUFHLFdBQVcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVsRSxNQUFNLE1BQU0sR0FBRyxzQkFBaUIsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEQsTUFBTSxNQUFNLEdBQUcsZ0NBQW9CLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtZQUN4RSxhQUFhLEVBQUUseUNBQW9CLENBQUMsU0FBUyxDQUMzQyxzQkFBaUIsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxFQUM5RCxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxFQUNwRSxXQUFXLENBQ1o7U0FDRixDQUFDLENBQUM7UUFFSCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztJQUMvQyxDQUFDO0NBQ0Y7QUFyQ0QsOEJBcUNDIn0=
|
|
@@ -15,7 +15,7 @@ class DissociateDeleteRelatedRoute extends relation_route_1.default {
|
|
|
15
15
|
router.delete(`/${this.collection.name}/:parentId/relationships/${this.relationName}`, this.handleDissociateDeleteRelatedRoute.bind(this));
|
|
16
16
|
}
|
|
17
17
|
async handleDissociateDeleteRelatedRoute(context) {
|
|
18
|
-
await this.services.
|
|
18
|
+
await this.services.authorization.assertCanDelete(context, this.collection.name);
|
|
19
19
|
// Parse route params
|
|
20
20
|
const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
|
|
21
21
|
const isDeleteMode = Boolean(context.request.query?.delete);
|
|
@@ -73,7 +73,7 @@ class DissociateDeleteRelatedRoute extends relation_route_1.default {
|
|
|
73
73
|
throw new datasource_toolkit_1.ValidationError('Expected no empty id list');
|
|
74
74
|
}
|
|
75
75
|
return context_filter_factory_1.default.build(this.foreignCollection, context, null, {
|
|
76
|
-
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(await this.services.
|
|
76
|
+
conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(await this.services.authorization.getScope(this.foreignCollection, context), query_string_1.default.parseConditionTree(this.foreignCollection, context), selectedIds),
|
|
77
77
|
});
|
|
78
78
|
}
|
|
79
79
|
/** Wrapper around the util to simplify the call */
|
|
@@ -86,4 +86,4 @@ class DissociateDeleteRelatedRoute extends relation_route_1.default {
|
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
exports.default = DissociateDeleteRelatedRoute;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlzc29jaWF0ZS1kZWxldGUtcmVsYXRlZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9yb3V0ZXMvbW9kaWZpY2F0aW9uL2Rpc3NvY2lhdGUtZGVsZXRlLXJlbGF0ZWQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSx3RUFVeUM7QUFJekMsdUNBQXVDO0FBQ3ZDLDBFQUFpRDtBQUNqRCxnR0FBc0U7QUFDdEUsd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUN6RCx1RUFBOEM7QUFFOUMsTUFBcUIsNEJBQTZCLFNBQVEsd0JBQWE7SUFDckUsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLE1BQU0sQ0FDWCxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSw0QkFBNEIsSUFBSSxDQUFDLFlBQVksRUFBRSxFQUN2RSxJQUFJLENBQUMsa0NBQWtDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUNuRCxDQUFDO0lBQ0osQ0FBQztJQUVNLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxPQUFnQjtRQUM5RCxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRixxQkFBcUI7UUFDckIsTUFBTSxRQUFRLEdBQUcsWUFBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ25GLE1BQU0sWUFBWSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM1RCxNQUFNLE1BQU0sR0FBRyxzQkFBaUIsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsb0JBQW9CLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFeEQsK0VBQStFO1FBQy9FLE1BQU0sUUFBUSxHQUFHLGdDQUFXLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRTFGLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUU7WUFDakMsTUFBTSxJQUFJLENBQUMsMkJBQTJCLENBQUMsTUFBTSxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1NBQzFGO2FBQU07WUFDTCxNQUFNLElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxNQUFNLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxZQUFZLEVBQUUsTUFBTSxDQUFDLENBQUM7U0FDM0Y7UUFFRCxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxnQkFBUSxDQUFDLFNBQVMsQ0FBQztJQUMvQyxDQUFDO0lBRU8sS0FBSyxDQUFDLDJCQUEyQixDQUN2QyxNQUFjLEVBQ2QsTUFBdUIsRUFDdkIsUUFBcUIsRUFDckIsWUFBcUIsRUFDckIsZ0JBQXdCO1FBRXhCLDBFQUEwRTtRQUMxRSxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsUUFBUSxFQUFFLGdCQUFnQixDQUFDLENBQUM7UUFFdkYsSUFBSSxZQUFZLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQztTQUM1RDthQUFNO1lBQ0wsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxhQUFhLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1NBQzFGO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyw0QkFBNEIsQ0FDeEMsTUFBYyxFQUNkLE1BQXdCLEVBQ3hCLFFBQXFCLEVBQ3JCLFlBQXFCLEVBQ3JCLGdCQUF3QjtRQUV4QixNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUU3RixJQUFJLFlBQVksRUFBRTtZQUNoQixvRUFBb0U7WUFDcEUsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3ZGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxRQUFRLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztZQUV2Rix5Q0FBeUM7WUFDekMsTUFBTSxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBRXRELGlDQUFpQztZQUNqQyw4RkFBOEY7WUFDOUYseURBQXlEO1lBQ3pELE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUM7U0FDNUQ7YUFBTTtZQUNMLDhDQUE4QztZQUM5QyxNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsUUFBUSxFQUFFLGdCQUFnQixDQUFDLENBQUM7WUFDdEYsTUFBTSxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLFlBQVksQ0FBQyxDQUFDO1NBQ3REO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxPQUFnQjtRQUNqRCxNQUFNLFlBQVksR0FBRyxxQkFBVSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUYsSUFBSSxXQUFXLEdBQUcseUNBQW9CLENBQUMsUUFBUSxDQUM3QyxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUM3QixZQUFZLENBQUMsR0FBRyxDQUNqQixDQUFDO1FBQ0YsSUFBSSxZQUFZLENBQUMsV0FBVztZQUFFLFdBQVcsR0FBRyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbEUsSUFBSSxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUFFO1lBQzlELE1BQU0sSUFBSSxvQ0FBZSxDQUFDLDJCQUEyQixDQUFDLENBQUM7U0FDeEQ7UUFFRCxPQUFPLGdDQUFvQixDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtZQUN2RSxhQUFhLEVBQUUseUNBQW9CLENBQUMsU0FBUyxDQUMzQyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsT0FBTyxDQUFDLEVBQzNFLHNCQUFpQixDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxPQUFPLENBQUMsRUFDckUsV0FBVyxDQUNaO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELG1EQUFtRDtJQUMzQyxpQkFBaUIsQ0FDdkIsTUFBYyxFQUNkLFFBQXFCLEVBQ3JCLGlCQUF5QjtRQUV6QixPQUFPLGtDQUFhLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxVQUFVLEVBQ2YsUUFBUSxFQUNSLElBQUksQ0FBQyxZQUFZLEVBQ2pCLE1BQU0sRUFDTixpQkFBaUIsQ0FDbEIsQ0FBQztJQUNKLENBQUM7SUFFRCxtREFBbUQ7SUFDM0MsaUJBQWlCLENBQ3ZCLE1BQWMsRUFDZCxRQUFxQixFQUNyQixpQkFBeUI7UUFFekIsT0FBTyxrQ0FBYSxDQUFDLGlCQUFpQixDQUNwQyxJQUFJLENBQUMsVUFBVSxFQUNmLFFBQVEsRUFDUixJQUFJLENBQUMsWUFBWSxFQUNqQixNQUFNLEVBQ04saUJBQWlCLENBQ2xCLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFoSUQsK0NBZ0lDIn0=
|
|
@@ -13,7 +13,7 @@ class UpdateField extends collection_route_1.default {
|
|
|
13
13
|
router.put(`/${this.collection.name}/:id/relationships/:field/:index(\\d+)`, this.handleUpdate.bind(this));
|
|
14
14
|
}
|
|
15
15
|
async handleUpdate(context) {
|
|
16
|
-
await this.services.
|
|
16
|
+
await this.services.authorization.assertCanEdit(context, this.collection.name);
|
|
17
17
|
const { field, index, id } = context.params;
|
|
18
18
|
const subRecord = context.request.body?.data?.attributes;
|
|
19
19
|
// Validate parameters
|
|
@@ -21,7 +21,7 @@ class UpdateField extends collection_route_1.default {
|
|
|
21
21
|
datasource_toolkit_1.FieldValidator.validate(this.collection, field, [{ [field]: [subRecord] }]);
|
|
22
22
|
// Create caller & filter
|
|
23
23
|
const unpackedId = id_1.default.unpackId(this.collection.schema, id);
|
|
24
|
-
const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [unpackedId]), await this.services.
|
|
24
|
+
const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [unpackedId]), await this.services.authorization.getScope(this.collection, context));
|
|
25
25
|
const caller = query_string_1.default.parseCaller(context);
|
|
26
26
|
const filter = new datasource_toolkit_1.Filter({ conditionTree });
|
|
27
27
|
// Load & check record
|
|
@@ -36,4 +36,4 @@ class UpdateField extends collection_route_1.default {
|
|
|
36
36
|
}
|
|
37
37
|
}
|
|
38
38
|
exports.default = UpdateField;
|
|
39
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
39
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXBkYXRlLWZpZWxkLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vdXBkYXRlLWZpZWxkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBTXlDO0FBSXpDLHVDQUF1QztBQUN2QywyRUFBa0Q7QUFDbEQsd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUV6RCxNQUFxQixXQUFZLFNBQVEsMEJBQWU7SUFDdEQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FDUixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSx3Q0FBd0MsRUFDaEUsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFnQjtRQUN4QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvRSxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDO1FBQzVDLE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxVQUFVLENBQUM7UUFFekQsc0JBQXNCO1FBQ3RCLDJGQUEyRjtRQUMzRixtQ0FBYyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBRTVFLHlCQUF5QjtRQUN6QixNQUFNLFVBQVUsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2hFLE1BQU0sYUFBYSxHQUFHLHlDQUFvQixDQUFDLFNBQVMsQ0FDbEQseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUMsVUFBVSxDQUFDLENBQUMsRUFDbkUsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FDckUsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLDJCQUFNLENBQUMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBRTdDLHNCQUFzQjtRQUN0QixNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLElBQUksK0JBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBRW5GLElBQUksS0FBSyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxNQUFNLEVBQUU7WUFDakMsTUFBTSxJQUFJLG9DQUFlLENBQUMsVUFBVSxLQUFLLGdCQUFnQixDQUFDLENBQUM7U0FDNUQ7UUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUcsU0FBUyxDQUFDO1FBRWpDLGdCQUFnQjtRQUNoQixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFekUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsZ0JBQVEsQ0FBQyxTQUFTLENBQUM7SUFDL0MsQ0FBQztDQUNGO0FBMUNELDhCQTBDQyJ9
|