search

fratzinger / feathers-casl

feathers.js + casl: hooks & channels
https://feathers-casl.netlify.app/
MIT License
40 stars 18 forks source link

using $exists in casl using createMongoAbility throws error (knex) #111

Closed jd1378 closed 8 months ago

jd1378 commented 8 months ago

This issue happens with knex adaptor

when defining an ability using createMongoAbility, the authorize hook does not take $exists into consideration. it took me a long time to understand that feathers-casl is responsible for handling this.

Expected behavior

handle $exists for the fields at hook level, not database, which makes it faster and universal.

Actual behavior

throws BadRequest: Invalid query parameter $exists which seems to be working with mongo db only.

edit: I have not confirmed that it works with mongodb, it's just a guess from what it seems

System configuration

{
  "@casl/ability": "6.7.0",
  "@feathersjs/*": "5.0.24",
  "feathers-casl": "2.1.1"
}

More Info

when basic check happens inside authorizeBefore it probably doesn't need to pass $exists to the query, as the $exists is for the incoming request, not the actual data (correct me if I'm wrong)

so we need to clean it up before it reaches the query I guess?

Possible workaround

Simply ignoring using $exists and create an inverted rule restricting the troublesome fields edit:it seems nothing can replace the $exists operator for making sure that a property is not set edit2: availableFields plays an important role in making this workaround work, which is fine but not ideal

jd1378 commented 8 months ago

I became aware of usePatchData and useUpdateData