情况
在一个项目中,我有这段代码来从表中选择数据。请注意,它正在工作,我只是没有得到我期望的结果。
serviceSurveyQuestions.find({
query: {
survey_id: this.survey_id,
user_id: this.$store.state.auth.user.id, //TODO move this to the hook!!
//todo make satus also not equal new
$or: [
{ status_id: process.env.mfp.statusSurveyQuestionStarted },
{ status_id: process.env.mfp.statusSurveyQuestionPlanned }
],
$sort: {
survey_question_question: 1
},
$limit: 150,
$select: [
'survey_question_question',
'survey_question_at',
'survey_question_answer',
'survey_question_details',
'survey_question_source_id',
'survey_question_source_answer_id',
'survey_question_source_user_id',
'survey_question_step',
'survey_question_dep_step',
'id'
]
}
}).then(page => {
this.listSurveyQuestions = page;
});
当我看到一个listSurveyQuestion
项目中的内容时,我会看到这个:
{
"survey_question_question": "PEN 10 Scope vaststellen",
"survey_question_at": "2017-06-23T06:46:10.038Z",
"survey_question_answer": "",
"survey_question_details": "tester done",
"survey_question_source_id": 83499707,
"survey_question_source_answer_id": 74864,
"survey_question_source_user_id": 83488216,
"survey_question_step": 10,
"survey_question_dep_step": null,
"id": 4651,
"source_user": {
"user_id": 1005
},
"status": {
"status": "Planned"
},
"language": {
"language": "Dutch"
,
"source": {
"source": "MexonInControl - Pob - Dev (local)"
},
"survey_question": [{
"answer_type_id": 1014,
"answer_en": null,
"answer_nl": null,
"answer_explanation_en": null,
"answer_explanation_nl": null,
"survey_question_next_id": 4652
} ]
}
我知道结果来自我的get
中的配置和find
被调用服务的钩子。
预期成果
我期望发生的是返回的数据只是$SELECT
中定义的列。如果我保持原样,它将起作用,但我从数据库中获取了很多数据,这些数据稍后可以被视为安全漏洞。不是这个例子,而是其他表。
**问题**
那么我需要更改什么才能使其按预期运行。您可以调整服务的返回,但是由于列不可用,因此我无法在其他情况下使用相同的服务。或者,您可以将一个选项传递给服务,这将导致if (parameter = view 1) then return view 1
等等。
**解决**
注1: 所以我只是看到"原因"有点不同。配置的钩子从问题表中返回更多未显示的列。所以我在这里的猜测是,如果您不在查找查询中配置包含,它将传递所有包含。我需要检查一下,如果是这种情况,看看是否有不选择"包含"的选项。
假设您所指的钩子设置hook.params.sequelize
与此答案类似,您必须检查是否包含的属性也在$select
查询中设置,如下所示:
// GET /my-service?include=1
function (hook) {
const include = [];
const select = hook.params.query.$select;
// Go through all properties that are added via includes
['includeProp1', 'includeProp2'].forEach(propertyName => {
// If no $select or the include property is part of the $select
if(!select || select.indexOf(propertyName) !== -1) {
include.push({ model: ModelForIncludeProp1 });
}
});
hook.params.sequelize = { include };
return Promise.resolve(hook);
}