npm - @teamkeel/functions-runtime - Versions diffs - 0.300.1 → 0.300.3 - Mend

@teamkeel/functions-runtime 0.300.1 → 0.300.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@teamkeel/functions-runtime",
-  "version": "0.300.1",
+  "version": "0.300.3",
   "description": "Internal package used by @teamkeel/sdk",
   "main": "src/index.js",
   "scripts": {

package/src/consts.js CHANGED Viewed

@@ -9,12 +9,4 @@ const PROTO_ACTION_TYPES = {
   WRITE: "OPERATION_TYPE_WRITE",
 };
-const PROTO_ACTION_TYPES_REQUEST_HANDLER = [
-  "OPERATION_TYPE_CREATE",
-  "OPERATION_TYPE_GET",
-  "OPERATION_TYPE_LIST",
-];
-module.exports.PROTO_ACTION_TYPES_REQUEST_HANDLER =
-  PROTO_ACTION_TYPES_REQUEST_HANDLER;
 module.exports.PROTO_ACTION_TYPES = PROTO_ACTION_TYPES;

package/src/handleRequest.js CHANGED Viewed

@@ -10,7 +10,7 @@ const {
   PermissionError,
   checkBuiltInPermissions,
 } = require("./permissions");
-const { PROTO_ACTION_TYPES_REQUEST_HANDLER } = require("./consts");
+const { PROTO_ACTION_TYPES } = require("./consts");
 const { errorToJSONRPCResponse, RuntimeErrors } = require("./errors");
@@ -72,19 +72,37 @@ async function handleRequest(request, config) {
           const relevantPermissions = permissions[request.method];
           const actionType = actionTypes[request.method];
-          // We only want to run permission checks at the handleRequest level for action types list, get and create
-          // Delete and update permission checks need to be baked into the model api because they require reading records to be deleted / updated from the database first in order to ascertain whether the records to be deleted or updated fulfil the permission
-          if (PROTO_ACTION_TYPES_REQUEST_HANDLER.includes(actionType)) {
-            // check will throw a PermissionError if a permission rule is invalid
-            await checkBuiltInPermissions({
-              rows: fnResult,
-              permissions: relevantPermissions,
-              db: transaction,
-              ctx,
-              functionName: request.method,
-            });
+          const peakInsideTransaction =
+            actionType === PROTO_ACTION_TYPES.CREATE;
+          let rowsForPermissions = [];
+          switch (actionType) {
+            case PROTO_ACTION_TYPES.LIST:
+              rowsForPermissions = fnResult;
+              break;
+            case PROTO_ACTION_TYPES.DELETE:
+              rowsForPermissions = [{ id: fnResult }];
+              break;
+            default:
+              rowsForPermissions = [fnResult];
+              break;
           }
+          // check will throw a PermissionError if a permission rule is invalid
+          await checkBuiltInPermissions({
+            rows: rowsForPermissions,
+            permissions: relevantPermissions,
+            // it is important that we pass db here as db represents the connection to the database
+            // *outside* of the current transaction. Given that any changes inside of a transaction
+            // are opaque to the outside, we can utilize this when running permission rules and then deciding to
+            // rollback any changes if they do not pass. However, for creates we need to be able to 'peak' inside the transaction to read the created record, as this won't exist outside of the transaction.
+            db: peakInsideTransaction ? transaction : db,
+            ctx,
+            functionName: request.method,
+          });
           // If the built in permission check above doesn't throw, then it means that the request is permitted and we can continue returning the return value from the custom function out of the transaction
           return fnResult;
       }

package/src/permissions.js CHANGED Viewed

@@ -57,11 +57,6 @@ const checkBuiltInPermissions = async ({
   db,
   functionName,
 }) => {
-  // rows can actually just be a single record too so we need to wrap it
-  if (!Array.isArray(rows)) {
-    rows = [rows];
-  }
   for (const permissionFn of permissions) {
     const result = await permissionFn(rows, ctx, db);

package/src/permissions.test.js CHANGED Viewed

@@ -117,26 +117,4 @@ describe("check", () => {
       })
     ).rejects.toThrow();
   });
-  test("with a single row", async () => {
-    const permissionRule1 = (records, ctx, db) => {
-      // Only allow names starting with Adam
-      return records.every((r) => r.name.startsWith("Adam"));
-    };
-    const rows = {
-      id: "123",
-      name: "Adam Bull",
-    };
-    await expect(
-      checkBuiltInPermissions({
-        rows,
-        ctx,
-        db,
-        functionName,
-        permissions: [permissionRule1],
-      })
-    ).resolves.ok;
-  });
 });