From 9129ca08a724f4e0c9e6a69b8bea9c0fb7b0f1b9 Mon Sep 17 00:00:00 2001 From: Adrien de Peretti Date: Tue, 25 Jul 2023 16:37:44 +0200 Subject: [PATCH] fix(medusa): Allowed properties expand (#4600) What: The expand allowed properties should allow all the segments whereas the allowed fields should be specific --- .changeset/early-windows-drum.md | 5 + .../api/__tests__/store/orders.js | 104 +++++++++--------- .../api/__tests__/store/products.js | 27 +++-- .../src/api/middlewares/transform-query.ts | 5 +- .../admin/orders/__tests__/get-order.js | 2 +- .../src/api/routes/admin/orders/get-order.ts | 2 +- .../admin/products/__tests__/get-product.js | 12 +- 7 files changed, 86 insertions(+), 71 deletions(-) create mode 100644 .changeset/early-windows-drum.md diff --git a/.changeset/early-windows-drum.md b/.changeset/early-windows-drum.md new file mode 100644 index 0000000000..c6a2ff87d4 --- /dev/null +++ b/.changeset/early-windows-drum.md @@ -0,0 +1,5 @@ +--- +"@medusajs/medusa": patch +--- + +fix(medusa): Clean response data should takes the full path of sub relations diff --git a/integration-tests/api/__tests__/store/orders.js b/integration-tests/api/__tests__/store/orders.js index f85a892bc4..fac7c5f199 100644 --- a/integration-tests/api/__tests__/store/orders.js +++ b/integration-tests/api/__tests__/store/orders.js @@ -215,33 +215,36 @@ describe("/store/carts", () => { "/store/orders?display_id=111&email=test@email.com&fields=status,email" ) - expect(Object.keys(response.data.order)).toEqual([ - // fields - "status", - "email", + expect(Object.keys(response.data.order)).toHaveLength(20) + expect(Object.keys(response.data.order)).toEqual( + expect.arrayContaining([ + // fields + "status", + "email", - // relations - "shipping_address", - "fulfillments", - "items", - "shipping_methods", - "discounts", - "customer", - "payments", - "region", + // relations + "shipping_address", + "fulfillments", + "items", + "shipping_methods", + "discounts", + "customer", + "payments", + "region", - // totals - "shipping_total", - "discount_total", - "tax_total", - "refunded_total", - "total", - "subtotal", - "paid_total", - "refundable_amount", - "gift_card_total", - "gift_card_tax_total", - ]) + // totals + "shipping_total", + "discount_total", + "tax_total", + "refunded_total", + "total", + "subtotal", + "paid_total", + "refundable_amount", + "gift_card_total", + "gift_card_tax_total", + ]) + ) }) it("get order response contains only fields defined with `fields` param", async () => { @@ -249,32 +252,35 @@ describe("/store/carts", () => { const response = await api.get("/store/orders/order_test?fields=status") - expect(Object.keys(response.data.order)).toEqual([ - // fields - "status", + expect(Object.keys(response.data.order)).toHaveLength(19) + expect(Object.keys(response.data.order)).toEqual( + expect.arrayContaining([ + // fields + "status", - // default relations - "shipping_address", - "fulfillments", - "items", - "shipping_methods", - "discounts", - "customer", - "payments", - "region", + // default relations + "shipping_address", + "fulfillments", + "items", + "shipping_methods", + "discounts", + "customer", + "payments", + "region", - // totals - "shipping_total", - "discount_total", - "tax_total", - "refunded_total", - "total", - "subtotal", - "paid_total", - "refundable_amount", - "gift_card_total", - "gift_card_tax_total", - ]) + // totals + "shipping_total", + "discount_total", + "tax_total", + "refunded_total", + "total", + "subtotal", + "paid_total", + "refundable_amount", + "gift_card_total", + "gift_card_tax_total", + ]) + ) }) it("get order response contains only fields defined with `fields` and `expand` param", async () => { diff --git a/integration-tests/api/__tests__/store/products.js b/integration-tests/api/__tests__/store/products.js index 4ec812200d..ac4dcbc362 100644 --- a/integration-tests/api/__tests__/store/products.js +++ b/integration-tests/api/__tests__/store/products.js @@ -212,18 +212,21 @@ describe("/store/products", () => { expect(response.status).toEqual(200) - expect(Object.keys(response.data.products[0])).toEqual([ - // fields - "handle", - // relations - "variants", - "options", - "images", - "tags", - "collection", - "type", - "profiles", - ]) + expect(Object.keys(response.data.products[0])).toHaveLength(8) + expect(Object.keys(response.data.products[0])).toEqual( + expect.arrayContaining([ + // fields + "handle", + // relations + "variants", + "options", + "images", + "tags", + "collection", + "type", + "profiles", + ]) + ) }) it("returns a list of ordered products by id ASC and filtered with free text search", async () => { diff --git a/packages/medusa/src/api/middlewares/transform-query.ts b/packages/medusa/src/api/middlewares/transform-query.ts index b074368cf0..58b2b520e3 100644 --- a/packages/medusa/src/api/middlewares/transform-query.ts +++ b/packages/medusa/src/api/middlewares/transform-query.ts @@ -11,6 +11,7 @@ import { BaseEntity } from "../../interfaces" import { FindConfig, QueryConfig, RequestQueryFields } from "../../types/common" import { omit } from "lodash" import { removeUndefinedProperties } from "../../utils" +import { buildSelects, objectToStringPath } from "@medusajs/utils" /** * Middleware that transform the query input for the admin end points @@ -151,7 +152,7 @@ function getStoreAllowedProperties( ? [...(validated.expand?.split(",") || []), ...includeKeys] : queryConfig?.allowedRelations || [] - allowed.push(...fields, ...expand) + allowed.push(...fields, ...objectToStringPath(buildSelects(expand))) return allowed } @@ -180,7 +181,7 @@ function getAllowedProperties( ? [...(validated.expand?.split(",") || []), ...includeKeys] : queryConfig?.defaultRelations || [] - allowed.push(...fields, ...expand) + allowed.push(...fields, ...objectToStringPath(buildSelects(expand))) return allowed as string[] } diff --git a/packages/medusa/src/api/routes/admin/orders/__tests__/get-order.js b/packages/medusa/src/api/routes/admin/orders/__tests__/get-order.js index e9f1c0b33f..e200f3ef6c 100644 --- a/packages/medusa/src/api/routes/admin/orders/__tests__/get-order.js +++ b/packages/medusa/src/api/routes/admin/orders/__tests__/get-order.js @@ -50,7 +50,7 @@ describe("GET /admin/orders", () => { } ), // TODO [MEDUSA_FF_SALES_CHANNELS]: Remove when sales channel flag is removed entirely - relations: [...defaultAdminOrdersRelations, "sales_channel"], + relations: [...defaultAdminOrdersRelations, "sales_channel"].sort(), }, { includes: undefined, diff --git a/packages/medusa/src/api/routes/admin/orders/get-order.ts b/packages/medusa/src/api/routes/admin/orders/get-order.ts index d39e7ac194..8b9854a896 100644 --- a/packages/medusa/src/api/routes/admin/orders/get-order.ts +++ b/packages/medusa/src/api/routes/admin/orders/get-order.ts @@ -72,7 +72,7 @@ export default async (req, res) => { order = cleanResponseData(order, req.allowedProperties) - res.json({ order: cleanResponseData(order, []) }) + res.json({ order: order }) } export class AdminGetOrdersOrderParams extends FindParams {} diff --git a/packages/medusa/src/api/routes/admin/products/__tests__/get-product.js b/packages/medusa/src/api/routes/admin/products/__tests__/get-product.js index edf018afba..9f22e5fdbb 100644 --- a/packages/medusa/src/api/routes/admin/products/__tests__/get-product.js +++ b/packages/medusa/src/api/routes/admin/products/__tests__/get-product.js @@ -56,16 +56,16 @@ describe("GET /admin/products/:id", () => { "metadata", ], relations: [ - "variants", - "variants.prices", - "variants.options", - "profiles", + "collection", "images", "options", + "profiles", + "sales_channels", "tags", "type", - "collection", - "sales_channels", + "variants", + "variants.options", + "variants.prices", ], } )