diff --git a/.changeset/breezy-months-change.md b/.changeset/breezy-months-change.md new file mode 100644 index 0000000000..b672f86219 --- /dev/null +++ b/.changeset/breezy-months-change.md @@ -0,0 +1,5 @@ +--- +"@medusajs/medusa": patch +--- + +fix(medusa): Fix get-query-config backward compatiblity diff --git a/packages/medusa/src/api/middlewares/__tests__/transform-query.spec.ts b/packages/medusa/src/api/middlewares/__tests__/transform-query.spec.ts index 6031076427..c866448bc8 100644 --- a/packages/medusa/src/api/middlewares/__tests__/transform-query.spec.ts +++ b/packages/medusa/src/api/middlewares/__tests__/transform-query.spec.ts @@ -382,6 +382,57 @@ describe("transformQuery", () => { ], }) ) + + ////////////////////////////// + + mockRequest = { + query: { + fields: "store.name", + }, + } as unknown as Request + + queryConfig = { + defaultFields: [ + "id", + "created_at", + "deleted_at", + "metadata.id", + "metadata.parent.id", + "metadata.children.id", + "metadata.product.id", + ], + allowedFields: [ + "id", + "created_at", + "updated_at", + "deleted_at", + "metadata.id", + "metadata.parent.id", + "metadata.children.id", + "metadata.product.id", + "product", + "product.variants", + "store.name", + ], + allowedRelations: ["metadata", "product"], + isList: true, + } + + middleware = transformQuery(extendedFindParamsMixin(), queryConfig) + + await middleware(mockRequest, mockResponse, nextFunction) + + expect(mockRequest.listConfig).toEqual( + expect.objectContaining({ + select: ["store.name", "created_at", "id"], + relations: ["store"], + }) + ) + expect(mockRequest.remoteQueryConfig).toEqual( + expect.objectContaining({ + fields: ["store.name", "created_at", "id"], + }) + ) }) it("should throw when attempting to transform the input if disallowed fields are requested", async () => { @@ -491,6 +542,52 @@ describe("transformQuery", () => { ////////////////////////////// + mockRequest = { + query: { + expand: "store", + }, + } as unknown as Request + + queryConfig = { + defaultFields: [ + "id", + "created_at", + "deleted_at", + "metadata.id", + "metadata.parent.id", + "metadata.children.id", + "metadata.product.id", + ], + allowedFields: [ + "id", + "created_at", + "updated_at", + "deleted_at", + "metadata.id", + "metadata.parent.id", + "metadata.children.id", + "metadata.product.id", + "product", + "product.variants", + "store.name", + ], + allowedRelations: ["metadata", "product"], + isList: true, + } + + middleware = transformQuery(extendedFindParamsMixin(), queryConfig) + + await middleware(mockRequest, mockResponse, nextFunction) + + expect(nextFunction).toHaveBeenCalledWith( + new MedusaError( + MedusaError.Types.INVALID_DATA, + `Requested fields [store] are not valid` + ) + ) + + ////////////////////////////// + mockRequest = { query: { fields: "*product", diff --git a/packages/medusa/src/utils/get-query-config.ts b/packages/medusa/src/utils/get-query-config.ts index 4f1e298f37..7d4cea51a3 100644 --- a/packages/medusa/src/utils/get-query-config.ts +++ b/packages/medusa/src/utils/get-query-config.ts @@ -24,6 +24,7 @@ export function prepareListQuery< T extends RequestQueryFields, TEntity extends BaseEntity >(validated: T, queryConfig: QueryConfig = {}) { + // TODO: this function will be simplified a lot once we drop support for the old api const { order, fields, limit = 50, expand, offset = 0 } = validated let { allowed = [], @@ -126,11 +127,11 @@ export function prepareListQuery< ) } + // TODO: maintain backward compatibility, remove in the future const { select, relations } = stringToSelectRelationObject( Array.from(allFields) ) - // TODO: maintain backward compatibility, remove in the future let allRelations = new Set([ ...relations, ...defaultRelations, @@ -141,21 +142,22 @@ export function prepareListQuery< allRelations = new Set(expand.split(",").filter(Boolean)) } - const allAllowedRelations = new Set([ - ...Array.from(allAllowedFields), - ...allowedRelations, - ]) - const notAllowedRelations = !allowedRelations.length - ? new Set() - : getSetDifference(allRelations, allAllowedRelations) + if (allowedRelations.length && expand) { + const allAllowedRelations = new Set([...allowedRelations]) - if (allRelations.size && notAllowedRelations.size) { - throw new MedusaError( - MedusaError.Types.INVALID_DATA, - `Requested fields [${Array.from(notAllowedRelations).join( - ", " - )}] are not valid` + const notAllowedRelations = getSetDifference( + allRelations, + allAllowedRelations ) + + if (allRelations.size && notAllowedRelations.size) { + throw new MedusaError( + MedusaError.Types.INVALID_DATA, + `Requested fields [${Array.from(notAllowedRelations).join( + ", " + )}] are not valid` + ) + } } // End of expand compatibility