github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-23 00:48:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Respect permissions in item count

Browse Source 
Fixes #4422
This commit is contained in:
rijkvanzanten
2021-03-12 14:53:41 -05:00
parent 4283c39fed
commit 909d184778
1 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
api/src/services/meta.ts
View File

@@ -3,6 +3,8 @@ import database from '../database';
import { AbstractServiceOptions, Accountability, SchemaOverview } from '../types';
import { Knex } from 'knex';
import { applyFilter, applySearch } from '../utils/apply-query';
import { ForbiddenException } from '../exceptions';
import { parseFilter } from '../utils/parse-filter';
export class MetaService {
knex: Knex;
@@ -34,15 +36,48 @@ export class MetaService {
}
async totalCount(collection: string) {
const records = await this.knex(collection).count('*', { as: 'count' });
return Number(records[0].count);
const dbQuery = this.knex(collection).count('*', { as: 'count' }).first();
if (this.accountability?.admin !== true) {
const permissionsRecord = this.schema.permissions.find((permission) => {
return permission.action === 'read' && permission.collection === collection;
});
if (!permissionsRecord) throw new ForbiddenException();
const permissions = parseFilter(permissionsRecord.permissions, this.accountability);
applyFilter(this.schema, dbQuery, permissions, collection);
}
const result = await dbQuery;
return Number(result?.count ?? 0);
}
async filterCount(collection: string, query: Query) {
const dbQuery = this.knex(collection).count('*', { as: 'count' });
if (query.filter) {
applyFilter(this.schema, dbQuery, query.filter, collection);
let filter = query.filter || {};
if (this.accountability?.admin !== true) {
const permissionsRecord = this.schema.permissions.find((permission) => {
return permission.action === 'read' && permission.collection === collection;
});
if (!permissionsRecord) throw new ForbiddenException();
const permissions = parseFilter(permissionsRecord.permissions, this.accountability);
if (Object.keys(filter).length > 0) {
filter = { _and: [permissions, filter] };
} else {
filter = permissions;
}
}
if (Object.keys(filter).length > 0) {
applyFilter(this.schema, dbQuery, filter, collection);
}
if (query.search) {