fix(smart-actions): skip scope validation for smart action on smart c…

…ollection (#819)
ForestAdmin · Oct 25, 2021 · 6b97e19 · 6b97e19
1 parent b6d7319
commit 6b97e19
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/src/middlewares/permissions.js b/src/middlewares/permissions.js
@@ -107,14 +107,20 @@ class PermissionMiddlewareCreator {
   _ensureRecordIdsInScope() {
     return async (request, response, next) => {
       try {
+        const { primaryKeys, isVirtual } = Schemas.schemas[this.collectionName];
+
+        // Smart collections does not have the scope feature
+        if (isVirtual) {
+          return next();
+        }
+
         // if performing a `selectAll` let the `getIdsFromRequest` handle the scopes
         const attributes = PermissionMiddlewareCreator._getRequestAttributes(request);
         if (attributes.allRecords) {
           return next();
         }
 
         // Otherwise, check that all records are within scope.
-        const { primaryKeys } = Schemas.schemas[this.collectionName];
         const filters = JSON.stringify(primaryKeys.length === 1
           ? { field: primaryKeys[0], operator: 'in', value: attributes.ids }
           : {

diff --git a/test/middlewares/permissions.unit.test.js b/test/middlewares/permissions.unit.test.js
@@ -369,6 +369,32 @@ describe('middlewares > permissions', () => {
         expect(next).not.toHaveBeenCalled();
       });
     });
+
+    describe('with a smart collection', () => {
+      it('should call next() since no scope can be configured', async () => {
+        expect.assertions(2);
+
+        Schemas.schemas = {
+          users: {
+            name: 'users',
+            idField: 'id',
+            primaryKeys: ['id'],
+            isVirtual: true,
+          },
+        };
+
+        const request = buildRequest({ ...defaultAttributes, ids: ['1'] });
+        const next = jest.fn();
+
+        const dependencies = getDependencies();
+        const permissionMiddlewareCreator = createPermissionMiddlewareCreator('users', dependencies);
+        const middleware = permissionMiddlewareCreator._ensureRecordIdsInScope();
+        await middleware(request, defaultResponse, next);
+
+        expect(next).toHaveBeenCalledTimes(1);
+        expect(next).toHaveBeenCalledWith();
+      });
+    });
   });
 
   describe('smartAction', () => {