forms-angular 0.12.0-beta.271 → 0.12.0-beta.272
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/data_form.js +9 -3
- package/package.json +1 -1
package/dist/server/data_form.js
CHANGED
|
@@ -989,12 +989,17 @@ class FormsAngular {
|
|
|
989
989
|
break;
|
|
990
990
|
case '$lookup':
|
|
991
991
|
case '$graphLookup':
|
|
992
|
+
let needFindFunc = true;
|
|
992
993
|
if (keys[0] === '$lookup') {
|
|
993
994
|
// For now at least, we only support simple $lookups with a single join field equality
|
|
994
995
|
let lookupProps = Object.keys(stage.$lookup);
|
|
995
996
|
if (lookupProps.length !== 4 || lookupProps.indexOf('from') === -1 || lookupProps.indexOf('localField') === -1 || lookupProps.indexOf('foreignField') === -1 || lookupProps.indexOf('as') === -1) {
|
|
996
997
|
throw new Error("No support for $lookup that isn't Equality Match with a Single Join Condition");
|
|
997
998
|
}
|
|
999
|
+
// If we are doing a lookup using an _id (so not fishing) we don't need to do the findFunc (see tkt #12399)
|
|
1000
|
+
if (stage.$lookup.foreignField === '_id') {
|
|
1001
|
+
needFindFunc = false;
|
|
1002
|
+
}
|
|
998
1003
|
}
|
|
999
1004
|
// hide any hiddenfields in the lookup collection
|
|
1000
1005
|
const collectionName = stage[keys[0]].from;
|
|
@@ -1014,8 +1019,8 @@ class FormsAngular {
|
|
|
1014
1019
|
});
|
|
1015
1020
|
retVal.push({ $project: hiddenFieldsObj });
|
|
1016
1021
|
}
|
|
1017
|
-
// Now we need to make sure that we restrict the lookup to documents we have access to
|
|
1018
|
-
if (resource.options.findFunc) {
|
|
1022
|
+
// Now we need to make sure that we restrict the lookup to documents we have access to (or can provide the _id of)
|
|
1023
|
+
if (needFindFunc && resource.options.findFunc) {
|
|
1019
1024
|
let allowNulls = false;
|
|
1020
1025
|
// If the next stage is an $unwind
|
|
1021
1026
|
let nextStageIsUnwind = false;
|
|
@@ -1411,7 +1416,8 @@ class FormsAngular {
|
|
|
1411
1416
|
}
|
|
1412
1417
|
;
|
|
1413
1418
|
doFindFunc(req, resource, cb) {
|
|
1414
|
-
|
|
1419
|
+
// filter out records the user has no access to unless we are just asking for list attributes
|
|
1420
|
+
if (resource.options.findFunc && req?.route?.path !== "/api/:resourceName/:id/list") {
|
|
1415
1421
|
resource.options.findFunc(req, cb);
|
|
1416
1422
|
}
|
|
1417
1423
|
else {
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"author": "Mark Chapman <support@forms-angular.org>",
|
|
4
4
|
"description": "A form builder that sits on top of Angular.js, Twitter Bootstrap, jQuery UI, Angular-UI, Express and Mongoose. Opinionated or what?",
|
|
5
5
|
"homepage": "http://forms-angular.org",
|
|
6
|
-
"version": "0.12.0-beta.
|
|
6
|
+
"version": "0.12.0-beta.272",
|
|
7
7
|
"engines": {
|
|
8
8
|
"node": ">=8.x",
|
|
9
9
|
"npm": ">=5.x"
|