971 rest api bug sentry on filter parameters (#12088)
- fix missing createBy injection in api createOne and createMany endpoints - add a command to fix null default value for createdBySource in production entities - tested on `1747159401197/` dump extract of production db without issue
This commit is contained in:
martmull
@ -8,7 +8,7 @@ import { RestApiBaseHandler } from 'src/engine/api/rest/core/interfaces/rest-api
|
||||
@Injectable()
|
||||
export class RestApiCreateManyHandler extends RestApiBaseHandler {
|
||||
async handle(request: Request) {
|
||||
const { objectMetadataNamePlural, objectMetadata, repository } =
|
||||
const { objectMetadata, repository } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const body = request.body;
|
||||
@ -45,7 +45,14 @@ export class RestApiCreateManyHandler extends RestApiBaseHandler {
|
||||
overriddenRecordsToCreate.push(overriddenBody);
|
||||
}
|
||||
|
||||
const createdRecords = await repository.save(overriddenRecordsToCreate);
|
||||
const recordsToCreate =
|
||||
await this.createdByFromAuthContextService.injectCreatedBy(
|
||||
overriddenRecordsToCreate,
|
||||
objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
this.getAuthContextFromRequest(request),
|
||||
);
|
||||
|
||||
const createdRecords = await repository.save(recordsToCreate);
|
||||
|
||||
this.apiEventEmitterService.emitCreateEvents(
|
||||
createdRecords,
|
||||
@ -68,7 +75,7 @@ export class RestApiCreateManyHandler extends RestApiBaseHandler {
|
||||
|
||||
return this.formatResult({
|
||||
operation: 'create',
|
||||
objectNamePlural: objectMetadataNamePlural,
|
||||
objectNamePlural: objectMetadata.objectMetadataMapItem.namePlural,
|
||||
data: records,
|
||||
});
|
||||
}
|
||||
|
||||
@ -8,7 +8,7 @@ import { RestApiBaseHandler } from 'src/engine/api/rest/core/interfaces/rest-api
|
||||
@Injectable()
|
||||
export class RestApiCreateOneHandler extends RestApiBaseHandler {
|
||||
async handle(request: Request) {
|
||||
const { objectMetadataNameSingular, objectMetadata, repository } =
|
||||
const { objectMetadata, repository } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const overriddenBody = await this.recordInputTransformerService.process({
|
||||
@ -28,7 +28,14 @@ export class RestApiCreateOneHandler extends RestApiBaseHandler {
|
||||
throw new BadRequestException('Record already exists');
|
||||
}
|
||||
|
||||
const createdRecord = await repository.save(overriddenBody);
|
||||
const [recordToCreate] =
|
||||
await this.createdByFromAuthContextService.injectCreatedBy(
|
||||
[overriddenBody],
|
||||
objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
this.getAuthContextFromRequest(request),
|
||||
);
|
||||
|
||||
const createdRecord = await repository.save(recordToCreate);
|
||||
|
||||
this.apiEventEmitterService.emitCreateEvents(
|
||||
[createdRecord],
|
||||
@ -51,7 +58,7 @@ export class RestApiCreateOneHandler extends RestApiBaseHandler {
|
||||
|
||||
return this.formatResult({
|
||||
operation: 'create',
|
||||
objectNameSingular: objectMetadataNameSingular,
|
||||
objectNameSingular: objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
data: record,
|
||||
});
|
||||
}
|
||||
|
||||
@ -15,7 +15,7 @@ export class RestApiDeleteOneHandler extends RestApiBaseHandler {
|
||||
throw new BadRequestException('Record ID not found');
|
||||
}
|
||||
|
||||
const { objectMetadataNameSingular, objectMetadata, repository } =
|
||||
const { objectMetadata, repository } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
const recordToDelete = await repository.findOneOrFail({
|
||||
where: { id: recordId },
|
||||
@ -31,7 +31,7 @@ export class RestApiDeleteOneHandler extends RestApiBaseHandler {
|
||||
|
||||
return this.formatResult({
|
||||
operation: 'delete',
|
||||
objectNameSingular: objectMetadataNameSingular,
|
||||
objectNameSingular: objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
data: {
|
||||
id: recordToDelete.id,
|
||||
},
|
||||
|
||||
@ -18,12 +18,8 @@ export class RestApiFindDuplicatesHandler extends RestApiBaseHandler {
|
||||
async handle(request: Request) {
|
||||
this.validate(request);
|
||||
|
||||
const {
|
||||
objectMetadataNameSingular,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
} = await this.getRepositoryAndMetadataOrFail(request);
|
||||
const { repository, objectMetadata, objectMetadataItemWithFieldsMaps } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const existingRecordsQueryBuilder = repository.createQueryBuilder(
|
||||
objectMetadataItemWithFieldsMaps.nameSingular,
|
||||
@ -69,14 +65,14 @@ export class RestApiFindDuplicatesHandler extends RestApiBaseHandler {
|
||||
request,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
extraFilters: duplicateCondition,
|
||||
});
|
||||
|
||||
const paginatedResult = this.formatPaginatedDuplicatesResult({
|
||||
finalRecords: records,
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataNameSingular:
|
||||
objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
isForwardPagination,
|
||||
hasMoreRecords,
|
||||
totalCount,
|
||||
|
||||
@ -7,13 +7,8 @@ import { RestApiBaseHandler } from 'src/engine/api/rest/core/interfaces/rest-api
|
||||
@Injectable()
|
||||
export class RestApiFindManyHandler extends RestApiBaseHandler {
|
||||
async handle(request: Request) {
|
||||
const {
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataNamePlural,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
} = await this.getRepositoryAndMetadataOrFail(request);
|
||||
const { repository, objectMetadata, objectMetadataItemWithFieldsMaps } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const {
|
||||
records,
|
||||
@ -26,13 +21,12 @@ export class RestApiFindManyHandler extends RestApiBaseHandler {
|
||||
request,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
});
|
||||
|
||||
return this.formatPaginatedResult({
|
||||
finalRecords: records,
|
||||
objectMetadataNamePlural,
|
||||
objectMetadataNamePlural: objectMetadata.objectMetadataMapItem.namePlural,
|
||||
isForwardPagination,
|
||||
hasMoreRecords,
|
||||
totalCount,
|
||||
|
||||
@ -18,19 +18,14 @@ export class RestApiFindOneHandler extends RestApiBaseHandler {
|
||||
);
|
||||
}
|
||||
|
||||
const {
|
||||
objectMetadataNameSingular,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
} = await this.getRepositoryAndMetadataOrFail(request);
|
||||
const { repository, objectMetadata, objectMetadataItemWithFieldsMaps } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const { records } = await this.findRecords({
|
||||
request,
|
||||
recordId,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
});
|
||||
|
||||
@ -42,7 +37,7 @@ export class RestApiFindOneHandler extends RestApiBaseHandler {
|
||||
|
||||
return this.formatResult({
|
||||
operation: 'findOne',
|
||||
objectNameSingular: objectMetadataNameSingular,
|
||||
objectNameSingular: objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
data: record,
|
||||
});
|
||||
}
|
||||
|
||||
@ -16,7 +16,7 @@ export class RestApiUpdateOneHandler extends RestApiBaseHandler {
|
||||
throw new BadRequestException('Record ID not found');
|
||||
}
|
||||
|
||||
const { objectMetadataNameSingular, objectMetadata, repository } =
|
||||
const { objectMetadata, repository } =
|
||||
await this.getRepositoryAndMetadataOrFail(request);
|
||||
|
||||
const recordToUpdate = await repository.findOneOrFail({
|
||||
@ -56,7 +56,7 @@ export class RestApiUpdateOneHandler extends RestApiBaseHandler {
|
||||
|
||||
return this.formatResult({
|
||||
operation: 'update',
|
||||
objectNameSingular: objectMetadataNameSingular,
|
||||
objectNameSingular: objectMetadata.objectMetadataMapItem.nameSingular,
|
||||
data: record,
|
||||
});
|
||||
}
|
||||
|
||||
@ -32,6 +32,7 @@ import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.
|
||||
import { formatResult as formatGetManyData } from 'src/engine/twenty-orm/utils/format-result.util';
|
||||
import { encodeCursor } from 'src/engine/api/graphql/graphql-query-runner/utils/cursors.util';
|
||||
import { computeCursorArgFilter } from 'src/engine/api/utils/compute-cursor-arg-filter.utils';
|
||||
import { CreatedByFromAuthContextService } from 'src/engine/core-modules/actor/services/created-by-from-auth-context.service';
|
||||
|
||||
export interface PageInfo {
|
||||
hasNextPage?: boolean;
|
||||
@ -78,6 +79,8 @@ export abstract class RestApiBaseHandler {
|
||||
protected readonly workspacePermissionsCacheService: WorkspacePermissionsCacheService;
|
||||
@Inject()
|
||||
protected readonly apiEventEmitterService: ApiEventEmitterService;
|
||||
@Inject()
|
||||
protected readonly createdByFromAuthContextService: CreatedByFromAuthContextService;
|
||||
|
||||
protected abstract handle(
|
||||
request: Request,
|
||||
@ -136,8 +139,6 @@ export abstract class RestApiBaseHandler {
|
||||
);
|
||||
|
||||
return {
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataNamePlural: objectMetadata.objectMetadataMapItem.namePlural,
|
||||
objectMetadata,
|
||||
repository,
|
||||
dataSource,
|
||||
@ -279,7 +280,6 @@ export abstract class RestApiBaseHandler {
|
||||
recordId,
|
||||
repository,
|
||||
objectMetadata,
|
||||
objectMetadataNameSingular,
|
||||
objectMetadataItemWithFieldsMaps,
|
||||
extraFilters,
|
||||
}: {
|
||||
@ -290,12 +290,14 @@ export abstract class RestApiBaseHandler {
|
||||
objectMetadataMaps: ObjectMetadataMaps;
|
||||
objectMetadataMapItem: ObjectMetadataItemWithFieldMaps;
|
||||
};
|
||||
objectMetadataNameSingular: string;
|
||||
objectMetadataItemWithFieldsMaps:
|
||||
| ObjectMetadataItemWithFieldMaps
|
||||
| undefined;
|
||||
extraFilters?: Partial<ObjectRecordFilter>;
|
||||
}) {
|
||||
const objectMetadataNameSingular =
|
||||
objectMetadata.objectMetadataMapItem.nameSingular;
|
||||
|
||||
const qb = repository.createQueryBuilder(objectMetadataNameSingular);
|
||||
|
||||
const inputs = this.getVariablesFactory.create(
|
||||
|
||||
@ -19,6 +19,7 @@ import { ApiEventEmitterService } from 'src/engine/api/graphql/graphql-query-run
|
||||
import { AuthModule } from 'src/engine/core-modules/auth/auth.module';
|
||||
import { RestApiCreateManyHandler } from 'src/engine/api/rest/core/handlers/rest-api-create-many.handler';
|
||||
import { RestApiFindDuplicatesHandler } from 'src/engine/api/rest/core/handlers/rest-api-find-duplicates.handler';
|
||||
import { ActorModule } from 'src/engine/core-modules/actor/actor.module';
|
||||
|
||||
const restApiCoreResolvers = [
|
||||
RestApiDeleteOneHandler,
|
||||
@ -39,6 +40,7 @@ const restApiCoreResolvers = [
|
||||
TwentyORMModule,
|
||||
RecordTransformerModule,
|
||||
WorkspacePermissionsCacheModule,
|
||||
ActorModule,
|
||||
],
|
||||
controllers: [RestApiCoreController],
|
||||
providers: [
|
||||
|
||||
Reference in New Issue
Block a user