11

I upgraded my feathersjs version from 2.x.x to 3.9.0 Now I have a problem with hooks (after)

this is my query:

app.service('duties').patch(id, { $set: { status: 0 }}, {});

I have below code in my hook after:

var query = { "duties._id": result._id }

hook.app.service('parents').patch(null, { $set: { "duties.$.status": 0 } }, { query });

With previously version this was work fine, now I receive an error in console:

error: MethodNotAllowed: Can not patch multiple entries

How can I resolve my problem?

SeaDog
  • 645
  • 1
  • 9
  • 32

2 Answers2

23

In order to improve out-of-the-box security, creating, removing and modifying multiple entries has been disabled by default and has to be enabled using the multi option (and secured explicitly). The migration instructions can be found at crow.docs.feathersjs.com/migrating.html#database-adapters:

const service = require('feathers-<database>');

// Allow multi create, patch and remove
service({
  multi: true
});

// Only allow create with an array
service({
  multi: [ 'create' ]
});

// Only allow multi patch and remove (with `id` set to `null`)
service({
  multi: [ 'patch', 'remove' ]
});

Keep in mind that when enabling multiple remove or patch requests the allowed query must be restricted (e.g. based on the authenticated user id), otherwise it could be possible to delete or patch every record in the database.

Daff
  • 43,734
  • 9
  • 106
  • 120
  • 1
    Where should this go? Is there a file that already has a set of configurations that I can add {multi:true} to? I tried adding it in the model config section and the service.js file in src/services/my_service, but neither worked. If I'm trying on the chat example, where should I put this? – Brandon Keith Biggs Apr 23 '19 at 11:36
  • 1
    It's `options` in the `src/services//.service.js` file. – Daff Apr 23 '19 at 15:43
  • What do you mean by "and secured explicitly"? You mean sanitizing, type-checking, and updating the hooks to process arrays rather than single items? Is there a way to easily convert from a single entry to multiple entry hooks? I don't remember needing to build hooks to process multiple entries before the update. Is it possible to go back to that old functionality, especially for create? – Brandon Keith Biggs Apr 23 '19 at 20:38
  • If it worked in your app before you can just enable it again. The problem was mostly with `remove` and `patch`. If you don't limit the query in a multi remove it can e.g. be possible to remove everything. – Daff Apr 24 '19 at 02:02
  • @Daff is this not a Feathers Crow change? i.e. > v4. Only I just hit this when installing v3.3.1 from npm. Am I misunderstanding the link between the npm versions and feathers versions? The Buzzard changelog details v3.3.1 but I can't see mention of this change: https://github.com/feathersjs/feathers/blob/buzzard/packages/feathers/CHANGELOG.md – GuyC May 09 '19 at 05:26
  • The database adapter versions are not related to the main Feathers version. This is a change that has been made in major versions of the db adapters. More details can be found at https://blog.feathersjs.com/feathers-2019-new-years-news-f478d5f2c8cd – Daff May 10 '19 at 02:13
  • @Daff can you please hint me on how to restrict a query using a specific field name? – intumwa Jul 05 '19 at 07:36
  • It has not been easy to come across but I have mimicked this code to get what I wanted. The code is here https://stackoverflow.com/questions/48595255/structure-restricttoowner-restricttoroles-in-feathersjs – intumwa Jul 06 '19 at 08:17
  • feathers knex still does not have this feature. – Seph Reed Aug 28 '19 at 20:18
  • The latest version (v6.0.2) or later does. – Daff Aug 29 '19 at 04:57
4

It can be corrected/enabled (e.g for patch) here

\\ @Src/services/[name]/[name].service.js

.
.
.
module.exports = function(app) {
Const options = {
  Model: createModel(app),
  Paginate: app.get('paginate'),
  multi: ['patch']
};

.
.
.
},
Ebena107
  • 93
  • 10