Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Merge pull request #5971 from cobbspur/fields

Browse source 
Remove unknown fields from fetch
This commit is contained in:
Hannah Wolfe 2015-10-21 18:29:59 +01:00
commit d666fba855
2 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/server/models/base/index.js
View file

@ -277,6 +277,11 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
// Run specific conversion of model query options to where options // Run specific conversion of model query options to where options
options = this.processOptions(itemCollection, options); options = this.processOptions(itemCollection, options);
// Ensure only valid fields/columns are added to query
if (options.columns) {
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
}
// Prefetch filter objects // Prefetch filter objects
return Promise.all(baseUtils.filtering.preFetch(filterObjects)).then(function doQuery() { return Promise.all(baseUtils.filtering.preFetch(filterObjects)).then(function doQuery() {
// If there are `where` conditionals specified, add those to the query. // If there are `where` conditionals specified, add those to the query.

37
core/test/integration/api/api_posts_spec.js
View file

@ -241,6 +241,43 @@ describe('Post API', function () {
done(); done();
}); });
}); });
it('with context.user can fetch a single field', function (done) {
PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'title'}).then(function (results) {
should.exist(results.posts);
results.posts[0].title.should.exist;
should.not.exist(results.posts[0].slug);
done();
}).catch(done);
});
it('with context.user can fetch multiple fields', function (done) {
PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'slug,published_at'}).then(function (results) {
should.exist(results.posts);
results.posts[0].published_at.should.exist;
results.posts[0].slug.should.exist;
should.not.exist(results.posts[0].title);
done();
}).catch(done);
});
it('with context.user can fetch a field and not return invalid field', function (done) {
PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'foo,title'}).then(function (results) {
var objectKeys;
should.exist(results.posts);
results.posts[0].title.should.exist;
should.not.exist(results.posts[0].foo);
objectKeys = _.keys(results.posts[0]);
objectKeys.length.should.eql(1);
done();
}).catch(done);
});
}); });
describe('Read', function () { describe('Read', function () {