sails-permissions
sails-permissions copied to clipboard
trailsjs
criteria incompatible with the "limit" parameter
Hi,
I set a permission with a criteria:
{ user: "toto", model: "post", action: "read", criteria: { where: { appId: app.id } } }
So my user "toto" can read all posts with appId = a certain id. Imagine I have a lot of posts in my database, and only 1 (the last one), with this specific id. My user "toto" wants to make this call:
GET /post?limit=1
The result should by my only post with the specific id.
BUT, the way sails permission is bound to res.ok, the limit parameter will be used in the blueprint "find" fonction:
var query = Model.find()
.where( actionUtil.parseCriteria(req) )
.limit( actionUtil.parseLimit(req) )
.skip( actionUtil.parseSkip(req) )
.sort( actionUtil.parseSort(req) );
// TODO: .populateEach(req.options);
query = actionUtil.populateEach(query, req);
query.exec(function found(err, matchingRecords) { ...
So, only the 1st post in my database will be in matchingRecords. And then, sails permissions will parse this post and see the id is not good for toto, and will filter it. As a result, I will get a 404, no post.
This is not the expected behavior.
It seems that this issue is actually related to mine https://github.com/tjwebb/sails-permissions/issues/174
I tried to hack something and I still believe it's early for any PR, as I'd like @tjwebb to give it a look and point me to the right direction (I might not be seeing the whole picture when it comes to different conditions).
Here https://github.com/igorteton/sails-permissions/commit/ca66e03ce12180100c16ae727eec191327d06792 is the fix which worked for me in https://github.com/tjwebb/sails-permissions/issues/174 and I am pretty sure it will fix @sylvainlap's as well
@igorteton The fix didn't work for me...@sylvainlap did you ever manage to figure out what the issue was?
