[pocketbase#943] exposed apis.EnrichRecord and apis.EnrichRecords

gitshot · Nov 17, 2022 · 39408f1 · 39408f1
1 parent 6e9cf98
commit 39408f1
Show file tree

Hide file tree

Showing 16 changed files with 295 additions and 210 deletions.
diff --git a/README.md b/README.md
@@ -131,7 +131,7 @@ PocketBase has a [roadmap](https://github.com/orgs/pocketbase/projects/2)
 and I try to work on issues in a specific order and PRs often come in out of nowhere and skew all initial planning.
 
 Don't get upset if I close your PR, even if it is well executed and tested. This doesn't mean that it will never be merged.
-Later we can always refer to it and/or take pieces of your implementation when the time to work on the issue come in (don't worry you'll be credited in the release notes).
+Later we can always refer to it and/or take pieces of your implementation when the time comes to work on the issue (don't worry you'll be credited in the release notes).
 
 _Please also note that PocketBase was initially created to serve as a new backend for my other open source project - [Presentator](https://presentator.io) (see [#183](https://github.com/presentator/presentator/issues/183)),
 so all feature requests will be first aligned with what we need for Presentator v3._
diff --git a/apis/realtime.go b/apis/realtime.go
@@ -251,16 +251,10 @@ func (api *realtimeApi) canAccessRecord(client subscriptions.Client, record *mod
 		}
 
 		// emulate request data
-		requestData := map[string]any{
-			"method": "GET",
-			"query":  map[string]any{},
-			"data":   map[string]any{},
-			"auth":   nil,
-		}
-		authRecord, _ := client.Get(ContextAuthRecordKey).(*models.Record)
-		if authRecord != nil {
-			requestData["auth"] = authRecord.PublicExport()
+		requestData := &models.FilterRequestData{
+			Method: "GET",
 		}
+		requestData.AuthRecord, _ = client.Get(ContextAuthRecordKey).(*models.Record)
 
 		resolver := resolvers.NewRecordFieldResolver(api.app.Dao(), record.Collection(), requestData, true)
 		expr, err := search.FilterData(*accessRule).BuildExpr(resolver)

diff --git a/apis/record_auth.go b/apis/record_auth.go
@@ -65,20 +65,19 @@ func (api *recordAuthApi) authResponse(c echo.Context, authRecord *models.Record
 	}
 
 	return api.app.OnRecordAuthRequest().Trigger(event, func(e *core.RecordAuthEvent) error {
-		admin, _ := e.HttpContext.Get(ContextAdminKey).(*models.Admin)
-
 		// allow always returning the email address of the authenticated account
 		e.Record.IgnoreEmailVisibility(true)
 
 		// expand record relations
 		expands := strings.Split(c.QueryParam(expandQueryParam), ",")
 		if len(expands) > 0 {
-			requestData := exportRequestData(e.HttpContext)
-			requestData["auth"] = e.Record.PublicExport()
+			requestData := GetRequestData(e.HttpContext)
+			requestData.Admin = nil
+			requestData.AuthRecord = e.Record
 			failed := api.app.Dao().ExpandRecord(
 				e.Record,
 				expands,
-				expandFetch(api.app.Dao(), admin != nil, requestData),
+				expandFetch(api.app.Dao(), requestData),
 			)
 			if len(failed) > 0 && api.app.IsDebug() {
 				log.Println("Failed to expand relations: ", failed)
@@ -204,8 +203,8 @@ func (api *recordAuthApi) authWithOAuth2(c echo.Context) error {
 
 	record, authData, submitErr := form.Submit(func(createForm *forms.RecordUpsert, authRecord *models.Record, authUser *auth.AuthUser) error {
 		return createForm.DrySubmit(func(txDao *daos.Dao) error {
-			requestData := exportRequestData(c)
-			requestData["data"] = form.CreateData
+			requestData := GetRequestData(c)
+			requestData.Data = form.CreateData
 
 			createRuleFunc := func(q *dbx.SelectQuery) error {
 				admin, _ := c.Get(ContextAdminKey).(*models.Admin)
@@ -422,7 +421,7 @@ func (api *recordAuthApi) listExternalAuths(c echo.Context) error {
 		ExternalAuths: externalAuths,
 	}
 
-	return api.app.OnRecordListExternalAuths().Trigger(event, func(e *core.RecordListExternalAuthsEvent) error {
+	return api.app.OnRecordListExternalAuthsRequest().Trigger(event, func(e *core.RecordListExternalAuthsEvent) error {
 		return e.HttpContext.JSON(http.StatusOK, e.ExternalAuths)
 	})
 }

diff --git a/apis/record_auth_test.go b/apis/record_auth_test.go
@@ -886,7 +886,7 @@ func TestRecordAuthListExternalsAuths(t *testing.T) {
 			},
 			ExpectedStatus:  200,
 			ExpectedContent: []string{`[]`},
-			ExpectedEvents:  map[string]int{"OnRecordListExternalAuths": 1},
+			ExpectedEvents:  map[string]int{"OnRecordListExternalAuthsRequest": 1},
 		},
 		{
 			Name:   "admin + existing user id and 2 external auths",
@@ -902,7 +902,7 @@ func TestRecordAuthListExternalsAuths(t *testing.T) {
 				`"recordId":"4q1xlclmfloku33"`,
 				`"collectionId":"_pb_users_auth_"`,
 			},
-			ExpectedEvents: map[string]int{"OnRecordListExternalAuths": 1},
+			ExpectedEvents: map[string]int{"OnRecordListExternalAuthsRequest": 1},
 		},
 		{
 			Name:   "auth record + trying to list another user external auths",
@@ -933,7 +933,7 @@ func TestRecordAuthListExternalsAuths(t *testing.T) {
 			},
 			ExpectedStatus:  200,
 			ExpectedContent: []string{`[]`},
-			ExpectedEvents:  map[string]int{"OnRecordListExternalAuths": 1},
+			ExpectedEvents:  map[string]int{"OnRecordListExternalAuthsRequest": 1},
 		},
 		{
 			Name:   "authorized as user - owner with 2 external auths",
@@ -949,7 +949,7 @@ func TestRecordAuthListExternalsAuths(t *testing.T) {
 				`"recordId":"4q1xlclmfloku33"`,
 				`"collectionId":"_pb_users_auth_"`,
 			},
-			ExpectedEvents: map[string]int{"OnRecordListExternalAuths": 1},
+			ExpectedEvents: map[string]int{"OnRecordListExternalAuthsRequest": 1},
 		},
 	}
 

diff --git a/apis/record_crud.go b/apis/record_crud.go
@@ -46,31 +46,30 @@ func (api *recordApi) list(c echo.Context) error {
 		return NewNotFoundError("", "Missing collection context.")
 	}
 
-	admin, _ := c.Get(ContextAdminKey).(*models.Admin)
-	if admin == nil && collection.ListRule == nil {
-		// only admins can access if the rule is nil
-		return NewForbiddenError("Only admins can perform this action.", nil)
-	}
-
 	// forbid users and guests to query special filter/sort fields
 	if err := api.checkForForbiddenQueryFields(c); err != nil {
 		return err
 	}
 
-	requestData := exportRequestData(c)
+	requestData := GetRequestData(c)
+
+	if requestData.Admin == nil && collection.ListRule == nil {
+		// only admins can access if the rule is nil
+		return NewForbiddenError("Only admins can perform this action.", nil)
+	}
 
 	fieldsResolver := resolvers.NewRecordFieldResolver(
 		api.app.Dao(),
 		collection,
 		requestData,
 		// hidden fields are searchable only by admins
-		admin != nil,
+		requestData.Admin != nil,
 	)
 
 	searchProvider := search.NewProvider(fieldsResolver).
 		Query(api.app.Dao().RecordQuery(collection))
 
-	if admin == nil && collection.ListRule != nil {
+	if requestData.Admin == nil && collection.ListRule != nil {
 		searchProvider.AddFilter(search.FilterData(*collection.ListRule))
 	}
 
@@ -82,28 +81,6 @@ func (api *recordApi) list(c echo.Context) error {
 
 	records := models.NewRecordsFromNullStringMaps(collection, rawRecords)
 
-	// expand records relations
-	expands := strings.Split(c.QueryParam(expandQueryParam), ",")
-	if len(expands) > 0 {
-		failed := api.app.Dao().ExpandRecords(
-			records,
-			expands,
-			expandFetch(api.app.Dao(), admin != nil, requestData),
-		)
-		if len(failed) > 0 && api.app.IsDebug() {
-			log.Println("Failed to expand relations: ", failed)
-		}
-	}
-
-	if collection.IsAuth() {
-		err := autoIgnoreAuthRecordsEmailVisibility(
-			api.app.Dao(), records, admin != nil, requestData,
-		)
-		if err != nil && api.app.IsDebug() {
-			log.Println("IgnoreEmailVisibility failure:", err)
-		}
-	}
-
 	result.Items = records
 
 	event := &core.RecordsListEvent{
@@ -114,6 +91,10 @@ func (api *recordApi) list(c echo.Context) error {
 	}
 
 	return api.app.OnRecordsListRequest().Trigger(event, func(e *core.RecordsListEvent) error {
+		if err := EnrichRecords(e.HttpContext, api.app.Dao(), e.Records); err != nil && api.app.IsDebug() {
+			log.Println(err)
+		}
+
 		return e.HttpContext.JSON(http.StatusOK, e.Result)
 	})
 }
@@ -124,21 +105,20 @@ func (api *recordApi) view(c echo.Context) error {
 		return NewNotFoundError("", "Missing collection context.")
 	}
 
-	admin, _ := c.Get(ContextAdminKey).(*models.Admin)
-	if admin == nil && collection.ViewRule == nil {
-		// only admins can access if the rule is nil
-		return NewForbiddenError("Only admins can perform this action.", nil)
-	}
-
 	recordId := c.PathParam("id")
 	if recordId == "" {
 		return NewNotFoundError("", nil)
 	}
 
-	requestData := exportRequestData(c)
+	requestData := GetRequestData(c)
+
+	if requestData.Admin == nil && collection.ViewRule == nil {
+		// only admins can access if the rule is nil
+		return NewForbiddenError("Only admins can perform this action.", nil)
+	}
 
 	ruleFunc := func(q *dbx.SelectQuery) error {
-		if admin == nil && collection.ViewRule != nil && *collection.ViewRule != "" {
+		if requestData.Admin == nil && collection.ViewRule != nil && *collection.ViewRule != "" {
 			resolver := resolvers.NewRecordFieldResolver(api.app.Dao(), collection, requestData, true)
 			expr, err := search.FilterData(*collection.ViewRule).BuildExpr(resolver)
 			if err != nil {
@@ -155,31 +135,16 @@ func (api *recordApi) view(c echo.Context) error {
 		return NewNotFoundError("", fetchErr)
 	}
 
-	// expand record relations
-	failed := api.app.Dao().ExpandRecord(
-		record,
-		strings.Split(c.QueryParam(expandQueryParam), ","),
-		expandFetch(api.app.Dao(), admin != nil, requestData),
-	)
-	if len(failed) > 0 && api.app.IsDebug() {
-		log.Println("Failed to expand relations: ", failed)
-	}
-
-	if collection.IsAuth() {
-		err := autoIgnoreAuthRecordsEmailVisibility(
-			api.app.Dao(), []*models.Record{record}, admin != nil, requestData,
-		)
-		if err != nil && api.app.IsDebug() {
-			log.Println("IgnoreEmailVisibility failure:", err)
-		}
-	}
-
 	event := &core.RecordViewEvent{
 		HttpContext: c,
 		Record:      record,
 	}
 
 	return api.app.OnRecordViewRequest().Trigger(event, func(e *core.RecordViewEvent) error {
+		if err := EnrichRecord(e.HttpContext, api.app.Dao(), e.Record); err != nil && api.app.IsDebug() {
+			log.Println(err)
+		}
+
 		return e.HttpContext.JSON(http.StatusOK, e.Record)
 	})
 }
@@ -190,18 +155,17 @@ func (api *recordApi) create(c echo.Context) error {
 		return NewNotFoundError("", "Missing collection context.")
 	}
 
-	admin, _ := c.Get(ContextAdminKey).(*models.Admin)
-	if admin == nil && collection.CreateRule == nil {
+	requestData := GetRequestData(c)
+
+	if requestData.Admin == nil && collection.CreateRule == nil {
 		// only admins can access if the rule is nil
 		return NewForbiddenError("Only admins can perform this action.", nil)
 	}
 
-	requestData := exportRequestData(c)
-
-	hasFullManageAccess := admin != nil
+	hasFullManageAccess := requestData.Admin != nil
 
 	// temporary save the record and check it against the create rule
-	if admin == nil && collection.CreateRule != nil {
+	if requestData.Admin == nil && collection.CreateRule != nil {
 		createRuleFunc := func(q *dbx.SelectQuery) error {
 			if *collection.CreateRule == "" {
 				return nil // no create rule to resolve
@@ -260,23 +224,8 @@ func (api *recordApi) create(c echo.Context) error {
 					return NewBadRequestError("Failed to create record.", err)
 				}
 
-				// expand record relations
-				failed := api.app.Dao().ExpandRecord(
-					e.Record,
-					strings.Split(e.HttpContext.QueryParam(expandQueryParam), ","),
-					expandFetch(api.app.Dao(), admin != nil, requestData),
-				)
-				if len(failed) > 0 && api.app.IsDebug() {
-					log.Println("Failed to expand relations: ", failed)
-				}
-
-				if collection.IsAuth() {
-					err := autoIgnoreAuthRecordsEmailVisibility(
-						api.app.Dao(), []*models.Record{e.Record}, admin != nil, requestData,
-					)
-					if err != nil && api.app.IsDebug() {
-						log.Println("IgnoreEmailVisibility failure:", err)
-					}
+				if err := EnrichRecord(e.HttpContext, api.app.Dao(), e.Record); err != nil && api.app.IsDebug() {
+					log.Println(err)
 				}
 
 				return e.HttpContext.JSON(http.StatusOK, e.Record)
@@ -297,21 +246,20 @@ func (api *recordApi) update(c echo.Context) error {
 		return NewNotFoundError("", "Missing collection context.")
 	}
 
-	admin, _ := c.Get(ContextAdminKey).(*models.Admin)
-	if admin == nil && collection.UpdateRule == nil {
-		// only admins can access if the rule is nil
-		return NewForbiddenError("Only admins can perform this action.", nil)
-	}
-
 	recordId := c.PathParam("id")
 	if recordId == "" {
 		return NewNotFoundError("", nil)
 	}
 
-	requestData := exportRequestData(c)
+	requestData := GetRequestData(c)
+
+	if requestData.Admin == nil && collection.UpdateRule == nil {
+		// only admins can access if the rule is nil
+		return NewForbiddenError("Only admins can perform this action.", nil)
+	}
 
 	ruleFunc := func(q *dbx.SelectQuery) error {
-		if admin == nil && collection.UpdateRule != nil && *collection.UpdateRule != "" {
+		if requestData.Admin == nil && collection.UpdateRule != nil && *collection.UpdateRule != "" {
 			resolver := resolvers.NewRecordFieldResolver(api.app.Dao(), collection, requestData, true)
 			expr, err := search.FilterData(*collection.UpdateRule).BuildExpr(resolver)
 			if err != nil {
@@ -330,7 +278,7 @@ func (api *recordApi) update(c echo.Context) error {
 	}
 
 	form := forms.NewRecordUpsert(api.app, record)
-	form.SetFullManageAccess(admin != nil || hasAuthManageAccess(api.app.Dao(), record, requestData))
+	form.SetFullManageAccess(requestData.Admin != nil || hasAuthManageAccess(api.app.Dao(), record, requestData))
 
 	// load request
 	if err := form.LoadRequest(c.Request(), ""); err != nil {
@@ -350,23 +298,8 @@ func (api *recordApi) update(c echo.Context) error {
 					return NewBadRequestError("Failed to update record.", err)
 				}
 
-				// expand record relations
-				failed := api.app.Dao().ExpandRecord(
-					e.Record,
-					strings.Split(e.HttpContext.QueryParam(expandQueryParam), ","),
-					expandFetch(api.app.Dao(), admin != nil, requestData),
-				)
-				if len(failed) > 0 && api.app.IsDebug() {
-					log.Println("Failed to expand relations: ", failed)
-				}
-
-				if collection.IsAuth() {
-					err := autoIgnoreAuthRecordsEmailVisibility(
-						api.app.Dao(), []*models.Record{e.Record}, admin != nil, requestData,
-					)
-					if err != nil && api.app.IsDebug() {
-						log.Println("IgnoreEmailVisibility failure:", err)
-					}
+				if err := EnrichRecord(e.HttpContext, api.app.Dao(), e.Record); err != nil && api.app.IsDebug() {
+					log.Println(err)
 				}
 
 				return e.HttpContext.JSON(http.StatusOK, e.Record)
@@ -387,21 +320,20 @@ func (api *recordApi) delete(c echo.Context) error {
 		return NewNotFoundError("", "Missing collection context.")
 	}
 
-	admin, _ := c.Get(ContextAdminKey).(*models.Admin)
-	if admin == nil && collection.DeleteRule == nil {
-		// only admins can access if the rule is nil
-		return NewForbiddenError("Only admins can perform this action.", nil)
-	}
-
 	recordId := c.PathParam("id")
 	if recordId == "" {
 		return NewNotFoundError("", nil)
 	}
 
-	requestData := exportRequestData(c)
+	requestData := GetRequestData(c)
+
+	if requestData.Admin == nil && collection.DeleteRule == nil {
+		// only admins can access if the rule is nil
+		return NewForbiddenError("Only admins can perform this action.", nil)
+	}
 
 	ruleFunc := func(q *dbx.SelectQuery) error {
-		if admin == nil && collection.DeleteRule != nil && *collection.DeleteRule != "" {
+		if requestData.Admin == nil && collection.DeleteRule != nil && *collection.DeleteRule != "" {
 			resolver := resolvers.NewRecordFieldResolver(api.app.Dao(), collection, requestData, true)
 			expr, err := search.FilterData(*collection.DeleteRule).BuildExpr(resolver)
 			if err != nil {