Fixes data filtering error when pagination is enabled

In the 'authorizeAfter' function, an incorrect definition of the data format when calling the 'feathersUtils.getItemsIsArray' function resulted in the 'isArray' variable being incorrectly set to 'false', which resulted in the 'getOrFind' variable being incorrectly set to 'get'. As a result, it affected incorrect data filtering when the user requests data using the 'find' method with pagination enabled and a restriction on allowed fields. Fix fratzinger#95
Servaker · Nov 13, 2023 · 9869743 · 9869743
1 parent 94541cc
commit 9869743
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/src/hooks/authorize/authorize.hook.after.ts b/src/hooks/authorize/authorize.hook.after.ts
@@ -38,7 +38,7 @@ export const authorizeAfter = async <H extends HookContext = HookContext>(
   }
 
   // eslint-disable-next-line prefer-const
-  let { isArray, items } = getItemsIsArray(context, { from: "result" });
+  let { isArray, items } = getItemsIsArray(context, { from: "automatic" });
   if (!items.length) {
     return context;
   }

diff --git a/test/hooks/authorize/authorize.general.test.ts b/test/hooks/authorize/authorize.general.test.ts
@@ -896,5 +896,53 @@ describe("authorize.general.test.ts", function () {
       });
       await Promise.all(promises);
     });
+
+    it("after - passes multi with 'pagination' with 'find' rule", async function () {
+      const expectedResult = {
+        "total": 1,
+        "limit": 10,
+        "skip": 0,
+        "data": [{ id: 1, userId: 1, test: true }]
+      };
+      const makeContext = (method, type) => {
+        return {
+          service: {},
+          path: "tests",
+          method,
+          type,
+          result: _cloneDeep(expectedResult),
+          id: null,
+          params: {
+            ability: defineAbility(
+              (can) => {
+                can(["find", "create", "patch", "remove"], "all");
+              },
+              { resolveAction }
+            ),
+            query: {},
+          },
+        } as unknown as HookContext;
+      };
+
+      const types = ["after"];
+      const methods = ["find"];
+      const promises: Promise<any>[] = [];
+      types.forEach((type) => {
+        methods.forEach((method) => {
+          const context = makeContext(method, type);
+          const promise = authorize({ availableFields: undefined })(
+            context
+          ).then(({ result }) => {
+            assert.deepStrictEqual(
+              result,
+              expectedResult,
+              `returns complete object for '${type}:${method}'`
+            );
+          });
+          promises.push(promise);
+        });
+      });
+      await Promise.all(promises);
+    });
   });
 });