Merge pull request #70 from StatelessStudio/v0.5.0

V0.5.0

Author: DrewImm

CHANGELOG.md

@@ -1,5 +1,16 @@
 # PointyApi Changelog
 
+## [0.5.0] Dec-31-2018
+
+Created `CanSearchRelation()` decorator and fixed relation search bugs
+
+### Additions
+- Created `CanSearchRelation()` ([Issue #68] Must be able to search by joined columns)
+
+### Fixes
+- [Issue #67] GET query fails on order by joined column
+- [Issue #66] GET query must query by bodyguard keys, unless user is admin
+
 ## [0.4.2] Dec-26-2018
 
 Fixed onlySelf() on GET

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "pointyapi",
-	"version": "0.4.2",
+	"version": "0.5.0",
 	"author": "stateless-studio",
 	"license": "MIT",
 	"scripts": {

package.json

@@ -141,6 +141,7 @@ const CanReadSymbol = Symbol('CanRead');
 const CanWriteSymbol = Symbol('CanWrite');
 const BodyguardKeySymbol = Symbol('BodyguardKey');
 const CanSearchSymbol = Symbol('CanSearch');
+const CanSearchRelationSymbol = Symbol('CanSearchRelation');
 
 export function isBodyguardKey(target: any, propertyKey: string) {
 	return Reflect.getMetadata(BodyguardKeySymbol, target, propertyKey);
@@ -158,6 +159,10 @@ export function getCanSearch(target: any, propertyKey: string) {
 	return Reflect.getMetadata(CanSearchSymbol, target, propertyKey);
 }
 
+export function getCanSearchRelation(target: any, propertyKey: string) {
+	return Reflect.getMetadata(CanSearchRelationSymbol, target, propertyKey);
+}
+
 export function BodyguardKey() {
 	return Reflect.metadata(BodyguardKeySymbol, true);
 }
@@ -198,13 +203,18 @@ export function CanSearch(who: string = '__anyone__') {
 	return Reflect.metadata(CanSearchSymbol, who);
 }
 
+export function CanSearchRelation(params: object) {
+	return Reflect.metadata(CanSearchRelationSymbol, params);
+}
+
 export { isAdmin } from './bodyguard/is-admin';
 export { isSelf } from './bodyguard/is-self';
 
 export { compareNestedBodyguards } from './bodyguard/compare-nested';
 export { compareIdToUser } from './bodyguard/compare-id-to-user';
 export { getBodyguardKeys } from './bodyguard/get-bodyguard-keys';
 export { getSearchableFields } from './bodyguard/get-searchable-fields';
+export { getSearchableRelations } from './bodyguard/get-searchable-relations';
 export { getReadableFields } from './bodyguard/get-readable-fields';
 
 export { responseFilter } from './bodyguard/response-filter';

src/bodyguard.ts

@@ -0,0 +1,26 @@
+import { getCanSearchRelation } from '../bodyguard';
+import { BaseModel } from '../models';
+
+/**
+ * Get an array of searchable fields for the object
+ * @param obj Object to receive keys for
+ * @param user User object to check for permissions
+ */
+export function getSearchableRelations(obj: BaseModel): string[] {
+	let searchableFields: string[] = [];
+
+	for (const member in obj) {
+		const canSearchRelation = getCanSearchRelation(obj, member);
+
+		if (canSearchRelation) {
+			const who = canSearchRelation.who;
+			const fields = canSearchRelation.fields.map((field) => {
+				return `${member}.${field}`;
+			});
+
+			searchableFields = searchableFields.concat(fields);
+		}
+	}
+
+	return searchableFields;
+}

src/bodyguard/get-searchable-relations.ts

@@ -1,13 +1,16 @@
 import { Request, Response, NextFunction } from 'express';
 import {
 	getSearchableFields,
+	getSearchableRelations,
 	getReadableFields,
 	getBodyguardKeys
 } from '../bodyguard';
 import { runHook } from '../run-hook';
+import { UserRole } from '../enums/user-role';
 
 function createSearchQuery(payloadType, obj: Object, objKey: string = 'obj') {
 	const searchableFields = getSearchableFields(payloadType);
+	const searchableRelations = getSearchableRelations(payloadType);
 	let queryString = '';
 	const queryParams = {};
 	const hasSearchable = searchableFields.length;
@@ -30,6 +33,15 @@ function createSearchQuery(payloadType, obj: Object, objKey: string = 'obj') {
 			queryParams['__search'] = `%${value}%`;
 		});
 
+		searchableRelations.forEach((field) => {
+			// Append searchable key to queryString
+			queryString += `${field} LIKE :__search OR `;
+
+			// Append parameter to queryParams (with wildcards)
+			const value = obj['__search'].replace(/[\s]+/, '%');
+			queryParams['__search'] = `%${value}%`;
+		});
+
 		queryString = queryString.replace(/ OR +$/, '');
 		queryString += ')';
 	}
@@ -211,7 +223,7 @@ export async function getQuery(
 		const orderByOrders = [];
 		if ('__orderBy' in request.query) {
 			for (const key in request.query.__orderBy) {
-				orderByKeys.push(objMnemonic + '.' + key);
+				orderByKeys.push(key);
 				orderByOrders.push(
 					request.query.__orderBy[key] === 'DESC' ? 'DESC' : 'ASC'
 				);
@@ -245,7 +257,8 @@ export async function getQuery(
 		}
 
 		// Search
-		const { queryString, queryParams } = createSearchQuery(
+		// tslint:disable-next-line:prefer-const
+		let { queryString, queryParams } = createSearchQuery(
 			new request.payloadType(),
 			request.query
 		);
@@ -259,9 +272,29 @@ export async function getQuery(
 
 		// Join bodyguard keys, unless this is the User
 		if (request.payloadType !== request.userType) {
-			getBodyguardKeys(new request.payloadType()).forEach((key) => {
+			// Append to join array
+			const bodyguardKeys = getBodyguardKeys(new request.payloadType());
+
+			bodyguardKeys.forEach((key) => {
 				request.joinMembers.push(key);
 			});
+
+			// Append to where clause
+			if (
+				bodyguardKeys &&
+				request.user &&
+				request.user.role !== UserRole.Admin
+			) {
+				queryString += ` AND (`;
+				bodyguardKeys.forEach((key) => {
+					queryString += `${objMnemonic}.${key}=:bodyGuard${key} OR `;
+
+					queryParams['bodyGuard' + key] = request.user.id;
+				});
+
+				queryString = queryString.replace(/ OR +$/, '');
+				queryString += `)`;
+			}
 		}
 
 		// Create selection

src/middleware/get-query.ts

@@ -19,7 +19,9 @@ import {
 	OnlySelfCanWrite,
 	OnlyAdminCanWrite,
 	BodyguardKey,
-	CanSearch
+	CanSearch,
+	CanSearchRelation,
+	getSearchableFields
 } from '../../../../src/bodyguard';
 
 // Models
@@ -43,6 +45,10 @@ export class ChatMessage extends BaseModel {
 	@BodyguardKey()
 	@OnlySelfCanRead()
 	@OnlySelfCanWrite()
+	@CanSearchRelation({
+		who: '__self__',
+		fields: [ 'username', 'fname', 'lname' ]
+	})
 	public from: User = undefined;
 
 	// To User
@@ -54,6 +60,10 @@ export class ChatMessage extends BaseModel {
 	@BodyguardKey()
 	@OnlySelfCanRead()
 	@OnlySelfCanWrite()
+	@CanSearchRelation({
+		who: '__self__',
+		fields: [ 'username', 'fname', 'lname' ]
+	})
 	public to: User = undefined;
 
 	// Time created

test/examples/chat/models/chat-message.ts

@@ -324,4 +324,111 @@ describe('[Chat] Chat API Get', async () => {
 			})
 			.catch((error) => fail(JSON.stringify(error)));
 	});
+
+	it('can search by nested objects', async () => {
+		const user = await http
+			.post('/api/v1/user', {
+				fname: 'Nested',
+				lname: 'Tester',
+				username: 'nestedGet1',
+				password: 'password123',
+				email: '[email protected]'
+			})
+			.catch((error) =>
+				fail('Could not create base user: ' + JSON.stringify(error))
+			);
+
+		const token = await http
+			.post('/api/v1/auth', {
+				__user: 'nestedGet1',
+				password: 'password123'
+			})
+			.catch((error) =>
+				fail('Could not create User API Token' + JSON.stringify(error))
+			);
+
+		if (user && token) {
+			const chat = await http
+				.post(
+					'/api/v1/chat',
+					{
+						to: { id: user.body['id'] },
+						body: 'test'
+					},
+					[ 200 ],
+					token.body['token']
+				)
+				.catch((error) =>
+					fail(
+						'Could not create chat-message: ' +
+							JSON.stringify(error)
+					)
+				);
+
+			await http
+				.get(
+					'/api/v1/chat',
+					{
+						__search: 'nestedGet1'
+					},
+					[ 200 ],
+					token.body['token']
+				)
+				.then((result) => {
+					if (result.body instanceof Array) {
+						expect(result.body['length']).toEqual(1);
+						result.body.forEach((chatResult) => {
+							expect(chatResult.from.username).toEqual(
+								'nestedGet1'
+							);
+						});
+					}
+					else {
+						fail('Result is not an array.');
+					}
+				})
+				.catch((error) => fail(JSON.stringify(error)));
+		}
+		else {
+			fail('Could not create base user =and/or chat');
+		}
+	});
+
+	it('can sort by nested objects', async () => {
+		await http
+			.get(
+				'/api/v1/chat',
+				{
+					__search: '',
+					__orderBy: {
+						'from.username': 'DESC'
+					}
+				},
+				[ 200 ],
+				this.token.body.token
+			)
+			.then((result) => {
+				if (result.body instanceof Array) {
+					expect(result.body.length).toBeGreaterThanOrEqual(2);
+
+					let firstId;
+					let secondId;
+
+					result.body.forEach((chat, i) => {
+						if (i === 0) {
+							firstId = chat.from.id;
+						}
+						else if (i === 1) {
+							secondId = chat.from.id;
+						}
+					});
+
+					expect(firstId).toBeGreaterThan(secondId);
+				}
+				else {
+					fail('Result is not an array');
+				}
+			})
+			.catch((error) => fail(JSON.stringify(error)));
+	});
 });