0

Situation

In a project I have this code to select data from a table. Please note, it is working, I only don't get the result I expect.

serviceSurveyQuestions.find({
    query: {
        survey_id: this.survey_id,
        user_id: this.$store.state.auth.user.id, //TODO move this to the hook!!
        //todo make satus also not equal new
        $or: [
            { status_id: process.env.mfp.statusSurveyQuestionStarted },
            { status_id: process.env.mfp.statusSurveyQuestionPlanned }
        ],
        $sort: {
            survey_question_question: 1
        },
        $limit: 150,
        $select: [
            'survey_question_question',
            'survey_question_at',
            'survey_question_answer',
            'survey_question_details',
            'survey_question_source_id',
            'survey_question_source_answer_id',
            'survey_question_source_user_id',
            'survey_question_step',
            'survey_question_dep_step',
            'id'
        ]
    }
}).then(page => {
    this.listSurveyQuestions = page;
});

When I see what would be in one item of listSurveyQuestion I will see this:

{ 
    "survey_question_question": "PEN 10 Scope vaststellen",
    "survey_question_at": "2017-06-23T06:46:10.038Z",
    "survey_question_answer": "",
    "survey_question_details": "tester done",
    "survey_question_source_id": 83499707,
    "survey_question_source_answer_id": 74864,
    "survey_question_source_user_id": 83488216,
    "survey_question_step": 10,
    "survey_question_dep_step": null,
    "id": 4651,
    "source_user": { 
        "user_id": 1005
    }, 
    "status": {
        "status": "Planned" 
    }, 
    "language": { 
        "language": "Dutch" 
    , 
    "source": {
        "source": "MexonInControl - Pob - Dev (local)"
    }, 
    "survey_question": [{ 
        "answer_type_id": 1014,
        "answer_en": null,
        "answer_nl": null,
        "answer_explanation_en": null,
        "answer_explanation_nl": null,
        "survey_question_next_id": 4652
    } ]
}

I know the result is comming from the configuration in my get and find hook of the service being called.

Expected Result

What I expect to happen is that the data returned is only the columns defined in the $SELECT. If I leave this as is, it will work but I'm getting to much data from the database which can be seen later as a security breach. Not with this example, but with other tables it will.

** Question **

So what do I need to change to have this functioning as expected. You could adapt the return of the service, but then I can't use the same service in other situations for the columns aren't available. Or can you pass an option to the service which will result in if (parameter = view 1) then return view 1 and so on.

** Solving **

Remark 1: So I just see the 'cause' is a bit different. The configured hooks returns more columns from the question table which are not shown. So my guess here is that if you don't configure the includes in the find query, it will pass all includes. I need to check that and if this is the case, see if there is a option to not select the 'includes' as well.

Edgar Koster
  • 479
  • 1
  • 5
  • 18

1 Answers1

0

Assuming that the hook you are referring to is setting hook.params.sequelize similar to this answer you will have to check if you included properties are also set in the $select query with something like this:

// GET /my-service?include=1
function (hook) {
  const include = [];
  const select = hook.params.query.$select;

  // Go through all properties that are added via includes
  ['includeProp1', 'includeProp2'].forEach(propertyName => {
    // If no $select or the include property is part of the $select
    if(!select || select.indexOf(propertyName) !== -1) {
      include.push({ model: ModelForIncludeProp1 });
    }
  });

  hook.params.sequelize = { include };

  return Promise.resolve(hook);
}
Daff
  • 43,734
  • 9
  • 106
  • 120