nestjsx / crud

NestJs CRUD for RESTful APIs
https://github.com/nestjsx/crud/wiki
MIT License
4.04k stars 534 forks source link

Problems when trying to change CrudRequest options on the fly #563

Open ggirodda opened 4 years ago

ggirodda commented 4 years ago

Hello, first of all I would to thank you for your work, nestjsx/crud is really useful. I have some problem when trying to change request options on the fly. I need to force exclusion or modifying filter for a getMany request, depending on logged user. I know that I can do that using @CrudAuth, but the fields exclusion is done when user that makes the request is superadmin, to omit some personal informations from the whole user list. On the other hand, if the user is just an admin, he can get the list of the users attached to his structure, without omitting iinformations. And the superadmin can also show only the list of his own structure if he wants, and if he does there won't be omitted fields. I implement some function to edit request options based on user informations, but it doesn't work as expected

this is the overridden getMany function

  @Override()
  async getMany(
    @Query('getAll') getAll,
    @ParsedRequest() req: CrudRequest,
    @CurrentUser() currentUser: User,
  ) {
    if (isSuperAdmin(currentUser) && getAll === '1') {
      excludePersonalInformations(req);
    } else {
      getOnlyCurrentStructureUsers(req, currentUser);
    }

    return this.service.getMany(req);
  }

and those are the functions called from it

function getOnlyCurrentStructureUsers(
  req: CrudRequest,
  currentUser: User,
) {
  const filter = req.options.query.filter || {};
  const structureId = currentUser.structure.id;
  req.options.query.filter = {
    ...filter,
    'structure.id': structureId,
  };
}

function excludePersonalInformations(req: CrudRequest) {
  const exclude = req.options.query.exclude || [];
  req.options.query.exclude = [...exclude, 'email', 'firstName', 'lastName'];
}

the problem is that I don't get at all the desired result. I tried in different ways, but also the same result. I tried to debug the file typeorm-crud.service.ts on the package, but the query options were always good. When I log the query options I have what I want, but when I log the result of builder.getQueryAndParameters() the result of the query isn't the desired one. I didn't put the cache option on @Crud config, so is not a cache problem. I also tried to create my own getMany function on my UserService that extends TypeOrmCrudService, but I can't access the functions decidePaginationand createPageInfo from the abstract class extended byTypeOrmCrudService .

Do you know why II have this problem ? Is it a normal behavior ?

Thank you !

florent-pasquer-needone commented 4 years ago

Same for me

robinsummerhill commented 4 years ago

Not sure if this is related to the problems you are having, but I was trying something similar and seeing strange results.

I eventually worked out that req.options is a shared reference with the original crud config specified on your controllers with @Crud({ query: {} ... }). If you modify req.options.query then you are also modifying the original crud config on your controller and this will affect subsequent requests.

I ended up making a deep copy of req.options and modifying that, so leaving the original config untouched.

ggirodda commented 4 years ago

Yes, thank you for sharing. I also realized the problem of the shared object, so I decided to use and edit req.parsed instead of req.options, even if I think that it's not a great solution. I saw also that there's an internal pull request, that will give the possibility to do it using controller method decorators. https://github.com/nestjsx/crud/pull/430