criteria incompatible with the "limit" parameter

Question

criteria incompatible with the "limit" parameter

Opened this issue 9 years ago · 5 comments

Hi,

I set a permission with a criteria:

{ user: "toto", model: "post", action: "read", criteria: { where: { appId: app.id } } }

So my user "toto" can read all posts with appId = a certain id.
Imagine I have a lot of posts in my database, and only 1 (the last one), with this specific id. My user "toto" wants to make this call:

GET /post?limit=1

The result should by my only post with the specific id.

BUT, the way sails permission is bound to res.ok, the limit parameter will be used in the blueprint "find" fonction:

var query = Model.find()
  .where( actionUtil.parseCriteria(req) )
  .limit( actionUtil.parseLimit(req) )
  .skip( actionUtil.parseSkip(req) )
  .sort( actionUtil.parseSort(req) );
  // TODO: .populateEach(req.options);
  query = actionUtil.populateEach(query, req);
  query.exec(function found(err, matchingRecords) { ...

So, only the 1st post in my database will be in matchingRecords. And then, sails permissions will parse this post and see the id is not good for toto, and will filter it. As a result, I will get a 404, no post.

This is not the expected behavior.

sylvainlap commented 9 years ago

bump!

armellarcier commented 9 years ago

+1

Answer 1 · 2015-10-28T21:10:50.000Z

It seems that this issue is actually related to mine #174

I tried to hack something and I still believe it's early for any PR, as I'd like @tjwebb to give it a look and point me to the right direction (I might not be seeing the whole picture when it comes to different conditions).

Here igorteton@ca66e03 is the fix which worked for me in #174 and I am pretty sure it will fix @sylvainlap's as well

Answer 2 · 2015-12-09T14:45:40.000Z

@igorteton The fix didn't work for me...@sylvainlap did you ever manage to figure out what the issue was?

Answer 3 · 2015-12-20T15:28:18.000Z

any news about that ?