-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: liveQuery with containedIn
not working when object field is an array
#8128
fix: liveQuery with containedIn
not working when object field is an array
#8128
Conversation
Thanks for opening this pull request!
|
you guys. the issue is that 1st case const message = {
id: new Id('Message', 'O1'),
profile: pointer('Profile', 'abc'),
};
let q = new Parse.Query('Message');
q.containedIn('profile', [
Parse.Object.fromJSON({ className: 'Profile', objectId: 'abc' }),
Parse.Object.fromJSON({ className: 'Profile', objectId: 'def' }),
]);
expect(matchesQuery(message, q)).toBe(true);
2nd case const message = {
id: new Id('Message', 'O2'),
profiles: [pointer('Profile', 'yeahaw'), pointer('Profile', 'yes')],
};
let q = new Parse.Query('Message');
q.containedIn('profiles', [
Parse.Object.fromJSON({ className: 'Profile', objectId: 'no' }),
Parse.Object.fromJSON({ className: 'Profile', objectId: 'yes' }),
]);
expect(matchesQuery(message, q)).toBe(true);
so my PR aims to add support for the 2nd case above thanks for your time reviewing this |
containedIn
doesn't work when the object field is an array
I will reformat the title to use the proper commit message syntax. |
containedIn
doesn't work when the object field is an arraycontainedIn
doesn't work when the object field is an array
containedIn
doesn't work when the object field is an arraycontainedIn
not working when the object field is an array
containedIn
not working when the object field is an arraycontainedIn
not working when object field is an array
Codecov ReportBase: 94.20% // Head: 94.21% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## alpha #8128 +/- ##
=======================================
Coverage 94.20% 94.21%
=======================================
Files 182 182
Lines 13720 13724 +4
=======================================
+ Hits 12925 12930 +5
+ Misses 795 794 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Heyo @mtrezza is there anything I can help with to get this merged? |
This is just awaiting review, sorry for the long wait. cc @parse-community/server-review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
# [5.3.0-alpha.23](5.3.0-alpha.22...5.3.0-alpha.23) (2022-09-17) ### Bug Fixes * liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b))
🎉 This change has been released in version 5.3.0-alpha.23 |
# [5.4.0-beta.1](5.3.0...5.4.0-beta.1) (2022-10-29) ### Bug Fixes * authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71)) * brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7)) * certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2)) * graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d)) * internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529)) * invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956)) * liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b)) * protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516)) * push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b)) * query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137)) * relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26)) * security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b)) * server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f)) * session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30)) * sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1)) * updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7)) ### Features * add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115)) * add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956)) * add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081)) * add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4)) * liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
🎉 This change has been released in version 5.4.0-beta.1 |
# [5.4.0-alpha.1](5.3.0...5.4.0-alpha.1) (2022-10-31) ### Bug Fixes * authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71)) * brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7)) * certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2)) * graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d)) * internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529)) * invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956)) * liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b)) * protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516)) * push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b)) * query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137)) * relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26)) * security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b)) * server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f)) * session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30)) * sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1)) * updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7)) ### Features * add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115)) * add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956)) * add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081)) * add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4)) * liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
🎉 This change has been released in version 5.4.0-alpha.1 |
# [5.4.0](5.3.3...5.4.0) (2022-11-19) ### Bug Fixes * authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71)) * brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7)) * certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2)) * graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d)) * internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529)) * invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956)) * liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b)) * protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516)) * push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b)) * query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137)) * relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26)) * security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b)) * server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f)) * session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30)) * sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1)) * updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7)) ### Features * add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115)) * add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956)) * add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081)) * add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4)) * liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
🎉 This change has been released in version 5.4.0 |
🎉 This change has been released in version 5.4.0 |
* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([parse-community#8187](parse-community#8187)) ([8c8ec71](parse-community@8c8ec71)) * brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([parse-community#8146](parse-community#8146)) [skip release] ([4c0c7c7](parse-community@4c0c7c7)) * certificate in Apple Game Center auth adapter not validated [skip release] ([parse-community#8058](parse-community#8058)) ([75af9a2](parse-community@75af9a2)) * graphQL query ignores condition `equalTo` with value `false` ([parse-community#8032](parse-community#8032)) ([7f5a15d](parse-community@7f5a15d)) * internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([parse-community#8121](parse-community#8121)) ([c16f529](parse-community@c16f529)) * invalid file request not properly handled [skip release] ([parse-community#8062](parse-community#8062)) ([4c9e956](parse-community@4c9e956)) * liveQuery with `containedIn` not working when object field is an array ([parse-community#8128](parse-community#8128)) ([1d9605b](parse-community@1d9605b)) * protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([parse-community#8076](parse-community#8076)) ([9fd4516](parse-community@9fd4516)) * push notifications `badge` doesn't update with Installation beforeSave trigger ([parse-community#8162](parse-community#8162)) ([3c75c2b](parse-community@3c75c2b)) * query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([parse-community#8167](parse-community#8167)) ([e424137](parse-community@e424137)) * relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([parse-community#8203](parse-community#8203)) ([28f0d26](parse-community@28f0d26)) * security upgrade undici from 5.6.0 to 5.8.0 ([parse-community#8108](parse-community#8108)) ([4aa016b](parse-community@4aa016b)) * server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([parse-community#8238](parse-community#8238)) ([c03908f](parse-community@c03908f)) * session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([parse-community#8180](parse-community#8180)) ([37fed30](parse-community@37fed30)) * sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([parse-community#8157](parse-community#8157)) ([3b775a1](parse-community@3b775a1)) * updating object includes unchanged keys in client response for certain key types ([parse-community#8159](parse-community#8159)) ([37af1d7](parse-community@37af1d7)) * add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([parse-community#8244](parse-community#8244)) ([9f11115](parse-community@9f11115)) * add option to change the default value of the `Parse.Query.limit()` constraint ([parse-community#8152](parse-community#8152)) ([0388956](parse-community@0388956)) * add support for MongoDB 6 ([parse-community#8242](parse-community#8242)) ([aba0081](parse-community@aba0081)) * add support for Postgres 15 ([parse-community#8215](parse-community#8215)) ([2feb6c4](parse-community@2feb6c4)) * liveQuery support for unsorted distance queries ([parse-community#8221](parse-community#8221)) ([0f763da](parse-community@0f763da))
New Pull Request Checklist
Issue Description
previously it was not possible to use livequery with
containedIn
if the object field is an arrayRelated issue: #2088
Approach
I figured out that if
notCointainedIn
is supported, then there must be a way to make the other way around work.TODOs before merging