From bde1cbcc9d99b2eb6f48904b26cddaad5e886c6c Mon Sep 17 00:00:00 2001 From: wangsijie Date: Sat, 7 Jan 2023 12:13:13 +0800 Subject: [PATCH] fix(core): prevent empty array to be used by sql in (#2844) --- packages/core/src/libraries/resource.test.ts | 5 ----- packages/core/src/libraries/resource.ts | 2 +- packages/core/src/queries/roles.ts | 12 +++++++----- packages/core/src/queries/scope.ts | 12 +++++++----- packages/core/src/queries/user.ts | 4 ---- 5 files changed, 15 insertions(+), 20 deletions(-) diff --git a/packages/core/src/libraries/resource.test.ts b/packages/core/src/libraries/resource.test.ts index 80fe5bd29..a42ca75a3 100644 --- a/packages/core/src/libraries/resource.test.ts +++ b/packages/core/src/libraries/resource.test.ts @@ -41,9 +41,4 @@ describe('attachScopesToResources', () => { }, ]); }); - - it('should return empty array for empty array input', async () => { - await expect(attachScopesToResources([])).resolves.toEqual([]); - expect(findScopesByResourceIds).not.toHaveBeenCalled(); - }); }); diff --git a/packages/core/src/libraries/resource.ts b/packages/core/src/libraries/resource.ts index 0123fd654..cf54bd397 100644 --- a/packages/core/src/libraries/resource.ts +++ b/packages/core/src/libraries/resource.ts @@ -6,7 +6,7 @@ export const attachScopesToResources = async ( resources: readonly Resource[] ): Promise => { const resourceIds = resources.map(({ id }) => id); - const scopes = resourceIds.length > 0 ? await findScopesByResourceIds(resourceIds) : []; + const scopes = await findScopesByResourceIds(resourceIds); return resources.map((resource) => ({ ...resource, diff --git a/packages/core/src/queries/roles.ts b/packages/core/src/queries/roles.ts index 559fe64c0..cfd69d7c3 100644 --- a/packages/core/src/queries/roles.ts +++ b/packages/core/src/queries/roles.ts @@ -27,11 +27,13 @@ export const findRolesByRoleIds = async (roleIds: string[]) => : []; export const findRolesByRoleNames = async (roleNames: string[]) => - envSet.pool.any(sql` - select ${sql.join(Object.values(fields), sql`, `)} - from ${table} - where ${fields.name} in (${sql.join(roleNames, sql`, `)}) - `); + roleNames.length > 0 + ? envSet.pool.any(sql` + select ${sql.join(Object.values(fields), sql`, `)} + from ${table} + where ${fields.name} in (${sql.join(roleNames, sql`, `)}) + `) + : []; export const findRoleByRoleName = async (roleName: string, excludeRoleId?: string) => envSet.pool.maybeOne(sql` diff --git a/packages/core/src/queries/scope.ts b/packages/core/src/queries/scope.ts index 707e63aa6..c57bf4174 100644 --- a/packages/core/src/queries/scope.ts +++ b/packages/core/src/queries/scope.ts @@ -20,11 +20,13 @@ export const findScopesByResourceId = async (resourceId: string) => `); export const findScopesByResourceIds = async (resourceIds: string[]) => - envSet.pool.any(sql` - select ${sql.join(Object.values(fields), sql`, `)} - from ${table} - where ${fields.resourceId} in (${sql.join(resourceIds, sql`, `)}) - `); + resourceIds.length > 0 + ? envSet.pool.any(sql` + select ${sql.join(Object.values(fields), sql`, `)} + from ${table} + where ${fields.resourceId} in (${sql.join(resourceIds, sql`, `)}) + `) + : []; export const findScopesByIds = async (scopeIds: string[]) => scopeIds.length > 0 diff --git a/packages/core/src/queries/user.ts b/packages/core/src/queries/user.ts index 9845d04ef..b162bee34 100644 --- a/packages/core/src/queries/user.ts +++ b/packages/core/src/queries/user.ts @@ -225,9 +225,5 @@ export const findUsersByRoleName = async (roleName: string) => { const usersRoles = await findUsersRolesByRoleId(role.id); - if (usersRoles.length === 0) { - return []; - } - return findUsersByIds(usersRoles.map(({ userId }) => userId)); };