Unneeded filterQuery redefinition about feathers-objection HOT 20 CLOSED

@vonagam thanks for this. I've took the updated version of filterQuery method from feathers-sequelize and it looks like it was already fixed there. The fix is published in feathers-objection v2.0.1

from feathers-objection.

Hm... so you keep this method for convenience, to be comparable with feathers-sequelize in migration paths?

Because there is no need for convertOperators in feathers-objection right now otherwise.

from feathers-objection.

Right. Feathers Crow release dictates security guidelines that were already implemented in most of the well-known Feathers DB adapters, including feathers-sequelize. Some of the recent updates in feathers-objection were simply synced from feathers-sequelize. All these DB adapters, including feathers-objection, are using the same test-suite from feathers that was released recently to test the new filtering functionalities.

from feathers-objection.

Ok. Got it.

(Just to be clear: Ran tests. Removed filterQuery method, saw two failings. Fixed by reassignment of whitelist in options super(Object.assign({...}, options, {whitelist})) here. All tests are passing.)

from feathers-objection.

$like is in the whitelist operators list. it should not be added to the service options.

from feathers-objection.

Why not? options.whitelist is for additionalOperators in filterQuery. And it is its only usage. And $like is additional operator used in feathers-objection.

from feathers-objection.

$like is not unique to feathers-objection and is part of the operators that are allowed now by default in feathers-sequelize. It shouldn't be different in feathers-objection.

from feathers-objection.

In feathers-objection:
const filtered = super.filterQuery(params, { operators: this.whitelist })

In feathers-sequelize:
const filtered = super.filterQuery(params);

So currently they have different behaviours.

In feathers-objection all operators are allowed, and you can enable additional (like $eager, which is really a filter), but you can't disable $like operator for example.

In feathers-sequelize all operators are allowed by default, but if you pass whitelist option and it does not include $like then $like will not be allowed.

from feathers-objection.

Ok, you can simply remove filterQuery and fix test to match feathers-sequelize's behaviour by adding $like to this whitelist.

Otherwise this test will fall, because $like is used but not whitelisted.

from feathers-objection.

OK, thanks for that check.

from feathers-objection.

Sorry, no mistake, you can disable $like in feathers-sequelize and can't in feathers-objection.

from feathers-objection.

:) ok, releasing a patch

from feathers-objection.

removing filterQuery method

from feathers-objection.

It's a breaking change, though, if you want to match sequelize behaviour.

from feathers-objection.

right, so minor version.

from feathers-objection.

I mean, that if somebody used { "whitelist": [ "$eager" ] } and used $like in queries. (Like in current tests) And you change behaviour to sequelize's. Then their code will fail (Like tests was). And then they have to add $like towhitelist (Like what you need to fix tests if you match sequelize).

So it is major version change.

from feathers-objection.

OK. It'll be 3.0.0

from feathers-objection.

Here is if you remove all unneeded stuff.

from feathers-objection.

Cool. removed all that too.

from feathers-objection.

published as 3.0.0

from feathers-objection.