sumba 2.32.1 → 2.32.3

package/extend/bajo/hook.js

@@ -21,7 +21,7 @@ async function clearCacheUser (id, result) {
 }
 
 async function applyModelGuard ({ model, q, teamIds, options }) {
-  const { set, orderBy } = this.app.lib._
+  const { set, orderBy, isEmpty, isArray } = this.app.lib._
   const { includes } = this.app.lib.aneka
   const { sanitizeByType } = this.app.dobo
   const { req } = options
@@ -39,13 +39,19 @@ async function applyModelGuard ({ model, q, teamIds, options }) {
   const rules = orderBy(guards.filter(filterFn), ['field'])
   for (const field of fields) {
     if (!model.getNonVirtualProperties(true).includes(field)) continue // or, should it throws exception instead?
+    const opValue = req.getSetting(`sumba:modelGuard.${field}`, {})
+    for (const op of ['in', 'nin']) {
+      if (!isEmpty(opValue[op]) && isArray(opValue[op])) results.push(set({}, field, set({}, '$' + op, opValue[op])))
+    }
     const prop = model.getProperty(field)
     const items = rules.filter(item => item.field === field)
     for (const item of items) {
-      const values = item.value.map(val => {
+      let values = item.value.map(val => {
         return sanitizeByType(val, prop.type, { strict: true, inputFormat: 'string', model: model.name })
       })
       const op = item.condition.toLowerCase()
+      if (['in', 'nin'].includes(op) && !isEmpty(opValue[op]) && isArray(opValue[op])) values = values.filter(val => opValue[op].includes(val))
+      if (isEmpty(values)) continue
       let value
       if (['in', 'nin'].includes(op)) value = set({}, '$' + op, values)
       else if (op === 'between') value = { $gte: values[0], $lte: values[1] }
@@ -86,7 +92,7 @@ async function rebuildFilter (model, filter = {}, options = {}) {
   const hasTeamId = model.hasProperty('teamId')
   const teams = get(req, 'user.teams', [])
   const teamIds = teams.map(team => team.id + '')
-  const aliases = teams.map(team => team.alias)
+  // const aliases = teams.map(team => team.alias)
   const q = { $and: [] }
 
   filter.query = filter.query ?? {}
@@ -99,10 +105,12 @@ async function rebuildFilter (model, filter = {}, options = {}) {
     return
   }
   if (hasSiteId) q.$and.push({ siteId: req.site.id + '' })
+  /*
   if (aliases.includes('administrator')) {
     filter.query = q
     return
   }
+  */
   if (isEmpty(req.user)) {
     if (q.$and.length === 0 && !allowEmpty) throw this.error('_emptyColumnQuery')
     filter.query = q
@@ -391,7 +399,6 @@ async function hook () {
     handler: async function (req, reply) {
       const { getHostname } = this.app.waibu
       req.site = await this.getSite(getHostname(req))
-      req.user = {}
     }
   }, {
     name: 'waibu:beforeStart',

package/extend/waibuMpa/route/access-token.js

@@ -4,7 +4,7 @@ const apiToken = {
     const { get } = this.app.lib._
     const uid = get(req, 'user.id')
     if (!uid) return ''
-    const rec = await this.app.dobo.getModel('SumbaUser').getRecord(req.user.id, { forceNoHidden: true, noCache: true })
+    const rec = await this.app.dobo.getModel('SumbaUser').getRecord(uid, { forceNoHidden: true, noCache: true })
     return (await this.createJwtFromUserRecord(rec)).token
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.32.1",
+  "version": "2.32.3",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -2,6 +2,14 @@
 
 ## 2026-06-12
 
+- [2.32.3] Bug fix in ```hook.js```
+
+## 2026-06-12
+
+- [2.32.2] Bug fix in ```preRequest``` hook
+
+## 2026-06-12
+
 - [2.32.0] Necessary updates to ```bajo@2.18.0``` specs
 - [2.32.0] Bug fix in ```_getGuards()```
 - [2.32.0] Bug fix in ```getAttribGuards()```