New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scoping data fetching (relations) #277
Comments
Update: |
Hi @mihaa1 , First of all - you can check the user roles anywhere using remult.isAllowed('admin') etc... https://github.com/noam-honig/trempim/blob/master/src/app/events/tasks.ts#L145-L165 As for storing data you have several options.
backendPrefilter: () =>{
const ids = (await repo(Something).find()).map(x=>x.id)
return {id:ids}
} |
@noam-honig thanks. I'll have to check the context approach.
This way I get the user's data (role, other stuff for scoping data), and don't trigger the User model entity methods. |
Why? What is the advantage
…On Sat, Oct 28, 2023 at 16:01 mihaa1 ***@***.***> wrote:
@noam-honig <https://github.com/noam-honig> thanks. I'll have to check
the context approach.
In the meantime - I added a raw sql query to get the user on each request
in getUser()
const sql = await SqlDatabase.getDb();
const command = sql.createCommand();
const res = await command.execute(
`
SELECT * FROM users
WHERE email='${req.user?.email}'
`
);
This way I get the user's data (role, other stuff for scoping data), and
don't trigger the User model entity methods.
—
Reply to this email directly, view it on GitHub
<#277 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD65PU6LKCFFMOB2WYLJVNLYBT6Z5AVCNFSM6AAAAAA6NQBJX2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBTHAYDGOJUGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@noam-honig if ur asking why I'm not using the context option - I still don't know how to yet (I need to move fast here on some development :) |
You code is at risk of sql injection, with an invalid email. Also - I'm not sure what you're getting in the result . I think this can be solved by extending the UserInfo interface, at best - or by using repo to select the user as a less favorible option. If you want, reach out to me tomorrow on discord and if I can, we can look at it together and I'll be happy to help |
Hello,
My setup uses authorizer to manage user auth while app user data is saved in the main db (the 1 remult sees - postgres), in the users table (created from User model).
For each request - I authenticate the request using a token - at this point - we are still in express-mw land. I then attach the user to the request obj so that getUser() can extract it (as specified in the tutorials).
I'm trying to get the user inside getUser() for all additional data like this:
But this causes some issues, specifically when combining with backendPrefilter() on entities. I'm guessing because of the async/await.
Example of backendFilter:
What/where would be the best place to extract to user data?
The text was updated successfully, but these errors were encountered: