Open a3957273 opened 2 years ago
Our use case is in Mongoose, which allows you to set pre/post hooks on Database lookups (https://github.com/Automattic/mongoose/issues/11426). The intention is to do authorisation checks within Mongoose hooks in order to ensure users cannot see documents they are not supposed to even if app developers forget to do authorisation checks, as they're all done at the ORM level (https://github.com/gchq/Bailo/pull/37). We can already splice arrays to remove them from find()
lookups, but find()
return objects which we cannot set to undefined.
At the moment you can alter objects passed through
kareem
hooks, but you're unable to remove them / set them to undefined. Is there any chance it could be changed so that we could? One suggestion would be to allow the returned value from the hook to be an array which match the arguments returned.