@opengis/fastify-table 1.1.62 → 1.1.64

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.1.62",
+  "version": "1.1.64",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/server/routes/crud/controllers/deleteCrud.js

@@ -18,7 +18,7 @@ export default async function deleteCrud(req) {
   const { table: del, id } = hookData || tokenData || (config.auth?.disable ? req.params : {});
   const { actions = [] } = await getAccess({ table: del, id, user }) || {};
 
-  if (!actions.includes('del') && !config?.local) {
+  if (!actions.includes('del') && !config?.local && !tokenData) {
     return { message: 'access restricted', status: 403 };
   }
   const loadTemplate = await getTemplate('table', del);

package/server/routes/crud/controllers/insert.js

@@ -6,6 +6,7 @@ export default async function insert(req) {
   const {
     user, params = {}, body = {},
   } = req || {};
+  if (!user) return { message: 'access restricted', status: 403 };
   const hookData = await applyHook('preInsert', { table: params?.table, user });
   if (hookData?.message && hookData?.status) {
     return { message: hookData?.message, status: hookData?.status };
@@ -18,7 +19,7 @@ export default async function insert(req) {
 
   const { actions = [] } = await getAccess({ table: add, user }) || {};
 
-  if (!actions.includes('add') && !config?.local) {
+  if (!actions.includes('add') && !config?.local && !tokenData) {
     return { message: 'access restricted', status: 403 };
   }
 

package/server/routes/crud/controllers/table.js

@@ -38,7 +38,7 @@ export default async function tableAPI(req) {
     user,
   }) || {};
 
-  if (!actions.includes('edit') && !config?.local) {
+  if (!actions.includes('edit') && !config?.local && !tokenData) {
     return { message: 'access restricted', status: 403 };
   }
 
@@ -73,12 +73,11 @@ export default async function tableAPI(req) {
     }));
   }
   if (user.uid) {
-    const [token] = setToken({
-      ids: [JSON.stringify({ id, table, form: loadTable.form })],
+    data.token = tokenData?.table ? params.table : setToken({
+      ids: [JSON.stringify({ id, table: tableName, form: loadTable.form })],
       uid: user.uid,
       array: 1,
-    });
-    data.token = token;
+    })[0];
   }
   const res = await applyHook('afterTable', {
     table: tableName, payload: [data], user,

package/server/routes/crud/controllers/update.js

@@ -5,6 +5,7 @@ import config from '../../../../config.js';
 
 export default async function update(req) {
   const { user, params = {}, body = {} } = req;
+  if (!user) return { message: 'access restricted', status: 403 };
   const hookData = await applyHook('preUpdate', {
     table: params?.table, id: params?.id, user,
   });
@@ -20,7 +21,7 @@ export default async function update(req) {
 
   const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
 
-  if (!actions.includes('edit') && !config?.local) {
+  if (!actions.includes('edit') && !config?.local && !tokenData) {
     return { message: 'access restricted', status: 403 };
   }
 
@@ -33,7 +34,7 @@ export default async function update(req) {
   }
 
   const loadTemplate = await getTemplate('table', edit);
-  const { table } = loadTemplate || hookData || params || {};
+  const { table } = loadTemplate || hookData || tokenData || params || {};
 
   const uid = user?.uid;
 
@@ -56,7 +57,7 @@ export default async function update(req) {
   });
 
   // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
+  const extraKeys = formData ? Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length) : [];
   if (extraKeys?.length) {
     res.extra = {};
     await Promise.all(extraKeys?.map(async (key) => {