forms-angular 0.12.0-beta.271 → 0.12.0-beta.273

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/server/data_form.js +24 -3
  2. package/package.json +1 -1
package/dist/server/data_form.js CHANGED
@@ -137,6 +137,21 @@ class FormsAngular {
137
137
  let date = that.extractTimestampFromMongoID(doc[aField.field]);
138
138
  cbm(null, date.toLocaleDateString() + ' ' + date.toLocaleTimeString());
139
139
  }
140
+ else if (!aField.params.params) {
141
+ throw new Error(`Missing idIsList params for resource ${resource.resourceName}: ${JSON.stringify(aField.params)}`);
142
+ }
143
+ else if (typeof doc[aField.params.params] === "function") {
144
+ const resultOrPromise = doc[aField.params.params]();
145
+ if (typeof resultOrPromise.then === "function") {
146
+ resultOrPromise.then((result) => cbm(null, result));
147
+ }
148
+ else {
149
+ cbm(null, resultOrPromise);
150
+ }
151
+ }
152
+ else {
153
+ throw new Error(`No support for idIsList params for resource ${resource.resourceName}: ${JSON.stringify(aField.params)}`);
154
+ }
140
155
  }
141
156
  else {
142
157
  cbm(null, doc[aField.field]);
@@ -989,12 +1004,17 @@ class FormsAngular {
989
1004
  break;
990
1005
  case '$lookup':
991
1006
  case '$graphLookup':
1007
+ let needFindFunc = true;
992
1008
  if (keys[0] === '$lookup') {
993
1009
  // For now at least, we only support simple $lookups with a single join field equality
994
1010
  let lookupProps = Object.keys(stage.$lookup);
995
1011
  if (lookupProps.length !== 4 || lookupProps.indexOf('from') === -1 || lookupProps.indexOf('localField') === -1 || lookupProps.indexOf('foreignField') === -1 || lookupProps.indexOf('as') === -1) {
996
1012
  throw new Error("No support for $lookup that isn't Equality Match with a Single Join Condition");
997
1013
  }
1014
+ // If we are doing a lookup using an _id (so not fishing) we don't need to do the findFunc (see tkt #12399)
1015
+ if (stage.$lookup.foreignField === '_id') {
1016
+ needFindFunc = false;
1017
+ }
998
1018
  }
999
1019
  // hide any hiddenfields in the lookup collection
1000
1020
  const collectionName = stage[keys[0]].from;
@@ -1014,8 +1034,8 @@ class FormsAngular {
1014
1034
  });
1015
1035
  retVal.push({ $project: hiddenFieldsObj });
1016
1036
  }
1017
- // Now we need to make sure that we restrict the lookup to documents we have access to
1018
- if (resource.options.findFunc) {
1037
+ // Now we need to make sure that we restrict the lookup to documents we have access to (or can provide the _id of)
1038
+ if (needFindFunc && resource.options.findFunc) {
1019
1039
  let allowNulls = false;
1020
1040
  // If the next stage is an $unwind
1021
1041
  let nextStageIsUnwind = false;
@@ -1411,7 +1431,8 @@ class FormsAngular {
1411
1431
  }
1412
1432
  ;
1413
1433
  doFindFunc(req, resource, cb) {
1414
- if (resource.options.findFunc) {
1434
+ // filter out records the user has no access to unless we are just asking for list attributes
1435
+ if (resource.options.findFunc && req?.route?.path !== "/api/:resourceName/:id/list") {
1415
1436
  resource.options.findFunc(req, cb);
1416
1437
  }
1417
1438
  else {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "author": "Mark Chapman <support@forms-angular.org>",
4
4
  "description": "A form builder that sits on top of Angular.js, Twitter Bootstrap, jQuery UI, Angular-UI, Express and Mongoose. Opinionated or what?",
5
5
  "homepage": "http://forms-angular.org",
6
- "version": "0.12.0-beta.271",
6
+ "version": "0.12.0-beta.273",
7
7
  "engines": {
8
8
  "node": ">=8.x",
9
9
  "npm": ">=5.x"