Merge pull request #102 from icefoganalytics/issue-101/fix-scope-chai…

…ning-usage-in-controllers Fix Scope Chaining Usage In Controllers
icefoganalytics · May 23, 2024 · e1ccc9e · e1ccc9e
2 parents 9b3e8f3 + 6e6de26
commit e1ccc9e
Show file tree

Hide file tree

Showing 21 changed files with 772 additions and 117 deletions.
diff --git a/api/src/controllers/access-requests-controller.ts b/api/src/controllers/access-requests-controller.ts
@@ -4,6 +4,7 @@ import { isEmpty, isNil } from "lodash"
 import { AccessRequest, Dataset } from "@/models"
 import { TableSerializer } from "@/serializers/access-requests"
 import { CreateService } from "@/services/access-requests"
+import { BaseScopeOptions } from "@/policies/base-policy"
 import { AccessRequestsPolicy } from "@/policies"
 import { type AccessRequestForCreate } from "@/policies/access-requests-policy"
 
@@ -14,17 +15,16 @@ export class AccessRequestsController extends BaseController {
     const where = this.query.where as WhereOptions<AccessRequest>
     const filters = this.query.filters as Record<string, unknown>
 
-    const scopedAccessRequests = AccessRequestsPolicy.applyScope(AccessRequest, this.currentUser)
-
-    let filteredAccessRequests = scopedAccessRequests
+    const scopes: BaseScopeOptions[] = []
     if (!isEmpty(filters)) {
       Object.entries(filters).forEach(([key, value]) => {
-        filteredAccessRequests = filteredAccessRequests.scope({ method: [key, value] })
+        scopes.push({ method: [key, value] })
       })
     }
+    const scopedAccessRequests = AccessRequestsPolicy.applyScope(scopes, this.currentUser)
 
-    const totalCount = await filteredAccessRequests.count({ where })
-    const accessRequests = await filteredAccessRequests.findAll({
+    const totalCount = await scopedAccessRequests.count({ where })
+    const accessRequests = await scopedAccessRequests.findAll({
       where,
       include: [
         {

diff --git a/api/src/controllers/dataset-entries-controller.ts b/api/src/controllers/dataset-entries-controller.ts
@@ -4,6 +4,7 @@ import { createReadStream } from "fs"
 
 import { Dataset, DatasetEntry } from "@/models"
 import { DatasetEntriesPolicy } from "@/policies"
+import { BaseScopeOptions } from "@/policies/base-policy"
 import { CreateCsvService } from "@/services/dataset-entries"
 
 import BaseController from "@/controllers/base-controller"
@@ -13,20 +14,21 @@ import BaseController from "@/controllers/base-controller"
 export class DatasetEntriesController extends BaseController {
   async index() {
     const where = this.query.where as WhereOptions<DatasetEntry>
-    const searchToken = this.query.searchToken as string
+    const filters = this.query.filters as Record<string, unknown>
 
-    const scopedDatasetEntries = DatasetEntriesPolicy.applyScope(DatasetEntry, this.currentUser)
-
-    let filteredDatasetEntries = scopedDatasetEntries
-    if (!isEmpty(searchToken)) {
-      filteredDatasetEntries = scopedDatasetEntries.scope({ method: ["search", searchToken] })
+    const scopes: BaseScopeOptions[] = []
+    if (!isEmpty(filters)) {
+      Object.entries(filters).forEach(([key, value]) => {
+        scopes.push({ method: [key, value] })
+      })
     }
+    const scopedDatasetEntries = DatasetEntriesPolicy.applyScope(scopes, this.currentUser)
 
     if (this.format === "csv") {
-      return this.respondWithCsv(filteredDatasetEntries, where)
+      return this.respondWithCsv(scopedDatasetEntries, where)
     } else {
-      const totalCount = await filteredDatasetEntries.count({ where })
-      const datasetEntries = await filteredDatasetEntries.findAll({
+      const totalCount = await scopedDatasetEntries.count({ where })
+      const datasetEntries = await scopedDatasetEntries.findAll({
         where,
         limit: this.pagination.limit,
         offset: this.pagination.offset,

diff --git a/api/src/controllers/dataset-fields-controller.ts b/api/src/controllers/dataset-fields-controller.ts
@@ -12,7 +12,7 @@ export class DatasetFieldsController extends BaseController {
   async index() {
     const where = this.query.where as WhereOptions<DatasetField>
 
-    const scopedDatasetFields = DatasetFieldsPolicy.applyScope(DatasetField, this.currentUser)
+    const scopedDatasetFields = DatasetFieldsPolicy.applyScope([], this.currentUser)
 
     const totalCount = await scopedDatasetFields.count({ where })
     const datasetFields = await scopedDatasetFields.findAll({
@@ -90,7 +90,9 @@ export class DatasetFieldsController extends BaseController {
       await DestroyService.perform(datasetField, this.currentUser)
       return this.response.status(204).end()
     } catch (error) {
-      return this.response.status(422).json({ message: `Dataset field destruction failed: ${error}` })
+      return this.response
+        .status(422)
+        .json({ message: `Dataset field destruction failed: ${error}` })
     }
   }
 

diff --git a/api/src/controllers/datasets-controller.ts b/api/src/controllers/datasets-controller.ts
@@ -1,7 +1,8 @@
-import { WhereOptions } from "sequelize"
+import { Op, WhereOptions } from "sequelize"
 import { isEmpty, isNil } from "lodash"
 
 import { Dataset } from "@/models"
+import { BaseScopeOptions } from "@/policies/base-policy"
 import { DatasetsPolicy } from "@/policies"
 import { CreateService, UpdateService } from "@/services/datasets"
 import { ShowSerializer, TableSerializer } from "@/serializers/datasets"
@@ -13,17 +14,16 @@ export class DatasetsController extends BaseController {
     const where = this.query.where as WhereOptions<Dataset>
     const filters = this.query.filters as Record<string, unknown>
 
-    const scopedDatasets = DatasetsPolicy.applyScope(Dataset, this.currentUser)
-
-    let filteredDatasets = scopedDatasets
+    const scopes: BaseScopeOptions[] = []
     if (!isEmpty(filters)) {
       Object.entries(filters).forEach(([key, value]) => {
-        filteredDatasets = filteredDatasets.scope({ method: [key, value] })
+        scopes.push({ method: [key, value] })
       })
     }
+    const scopedDatasets = DatasetsPolicy.applyScope(scopes, this.currentUser)
 
-    const totalCount = await filteredDatasets.count({ where })
-    const datasets = await filteredDatasets.findAll({
+    const totalCount = await scopedDatasets.count({ where })
+    const datasets = await scopedDatasets.findAll({
       where,
       limit: this.pagination.limit,
       offset: this.pagination.offset,
@@ -142,8 +142,12 @@ export class DatasetsController extends BaseController {
         "integration",
         "stewardship",
         "accessGrants",
-        "accessRequests",
         "visualizationControl",
+        {
+          association: "accessRequests",
+          where: { revokedAt: { [Op.is]: null } },
+          required: false,
+        },
       ],
     })
 

diff --git a/api/src/controllers/users-controller.ts b/api/src/controllers/users-controller.ts
@@ -1,8 +1,9 @@
-import { ModelStatic, WhereOptions } from "sequelize"
+import { WhereOptions } from "sequelize"
 import { isEmpty, isNil } from "lodash"
 
 import { User } from "@/models"
 import { UserSerializers } from "@/serializers"
+import { BaseScopeOptions } from "@/policies/base-policy"
 import { UsersPolicy } from "@/policies"
 import { CreateService, DestroyService, UpdateService } from "@/services/users"
 
@@ -13,12 +14,13 @@ export class UsersController extends BaseController {
     const where = this.query.where as WhereOptions<User>
     const filters = this.query.filters as Record<string, unknown>
 
-    let filteredUsers: ModelStatic<User> = User
+    const scopes: BaseScopeOptions[] = []
     if (!isEmpty(filters)) {
       Object.entries(filters).forEach(([key, value]) => {
-        filteredUsers = filteredUsers.scope({ method: [key, value] })
+        scopes.push({ method: [key, value] })
       })
     }
+    const filteredUsers = User.scope(scopes)
 
     const totalCount = await filteredUsers.count({ where })
     const users = await filteredUsers.findAll({

diff --git a/api/src/controllers/users/search-controller.ts b/api/src/controllers/users/search-controller.ts
@@ -1,7 +1,8 @@
-import { ModelStatic, Op, WhereOptions, col, fn, where } from "sequelize"
+import { Op, WhereOptions, col, fn, where } from "sequelize"
 import { isEmpty, isNil } from "lodash"
 
 import { User } from "@/models"
+import { BaseScopeOptions } from "@/policies/base-policy"
 import { UserSerializers } from "@/serializers"
 
 import BaseController from "@/controllers/base-controller"
@@ -10,12 +11,13 @@ export class SearchController extends BaseController {
   async index() {
     const filters = this.query.filters as Record<string, unknown>
 
-    let filteredUsers: ModelStatic<User> = User
+    const scopes: BaseScopeOptions[] = []
     if (!isEmpty(filters)) {
       Object.entries(filters).forEach(([key, value]) => {
-        filteredUsers = filteredUsers.scope({ method: [key, value] })
+        scopes.push({ method: [key, value] })
       })
     }
+    const filteredUsers = User.scope(scopes)
 
     const searchQuery = this.buildSearchQuery()
     const totalCount = await filteredUsers.count({ where: searchQuery })

diff --git a/api/src/models/dataset-entry.ts b/api/src/models/dataset-entry.ts
@@ -11,6 +11,7 @@ import {
   NonAttribute,
   Op,
 } from "sequelize"
+import { isEmpty } from "lodash"
 
 import sequelize from "@/db/db-client"
 
@@ -117,16 +118,20 @@ DatasetEntry.init(
     ],
     scopes: {
       search(searchToken: string) {
+        if (isEmpty(searchToken)) {
+          return {}
+        }
+
         return {
           where: {
             id: {
               [Op.in]: datasetEntriesSearch(),
-            }
+            },
           },
           replacements: {
             searchTokenWildcard: `%${searchToken}%`,
             searchToken,
-          }
+          },
         }
       },
     },