New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(history): handle sanitization when fetching versions #20212
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
packages/core/content-manager/server/src/history/controllers/history-version.ts
Outdated
Show resolved
Hide resolved
packages/core/content-manager/server/src/history/services/history.ts
Outdated
Show resolved
Hide resolved
packages/core/content-manager/admin/src/history/components/VersionInputRenderer.tsx
Outdated
Show resolved
Hide resolved
packages/core/content-manager/admin/src/history/components/VersionInputRenderer.tsx
Outdated
Show resolved
Hide resolved
packages/core/content-manager/server/src/history/services/history.ts
Outdated
Show resolved
Hide resolved
packages/core/content-manager/server/src/history/services/history.ts
Outdated
Show resolved
Hide resolved
packages/core/content-manager/server/src/history/services/history.ts
Outdated
Show resolved
Hide resolved
I would rather not tie data population with sanitization if possible, and looking at this situation, would it be possible to keep the entry structure the same (without the results & meta object wrapping it) , and keeping a context of missing relations? |
I would be very interested in refactoring to find a better solution in an immediate follow up PR, but I was thinking of this PR as a patch to fix failing e2e tests currently on I also have this PR open that refactors history quite a bit: #20179 as well, so it might be nice to have that before making big changes here. wdyt? Would you prefer I handle the refactor now on this PR? |
sounds good to me to move this forward to fix the e2e 🥳 |
createdBy: version.createdBy | ||
? pick(['id', 'firstname', 'lastname', 'username', 'email'], version.createdBy) | ||
: undefined, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
arent the creator fields already inside the version data?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are omitting them as well 🤔 :
export const FIELDS_TO_IGNORE = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to omit it if we are readding it again here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@remidej do you remember why we omit this in data
and then return it here in the response?
packages/core/content-manager/server/src/history/controllers/history-version.ts
Outdated
Show resolved
Hide resolved
const relatedEntry = await strapi.db | ||
.query('plugin::upload.file') | ||
.findOne({ where: { id: entry.id } }); | ||
|
||
if (relatedEntry) { | ||
currentRelationData.results.push(relatedEntry); | ||
const sanitizedEntry = await permissionChecker.sanitizeOutput(relatedEntry); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder why you picked this in the end and not mainfield only population
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here for upload I don't think a mainField is available 🤔 but maybe it is. For the other instance with relations I did test it out but I think I abandoned it quite quickly when values weren't showing up as expected. I'll try it again real quick.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as you want I'm just curious, don't want to block you. And I doubt sanitization is needed on media assets
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, I might just merge this now then and circle back to the idea in another PR with some of the refactor ideas.
What does it do?
How to test?