Skip to content

feat: Allow short circuit of beforeFind #9770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 54 commits into
base: alpha
Choose a base branch
from
+524 −41
Open

feat: Allow short circuit of beforeFind #9770

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
6f65ec5
feat: allow short circuit of beforeFind
dblythy Jul 19, 2023
41bf1b7
improve test description
mtrezza Jul 23, 2023
21c9289
Update CloudCode.spec.js
dblythy Jul 23, 2023
ca74929
wip
dblythy Jul 24, 2023
207c3c0
wip
dblythy Jul 24, 2023
bc68816
wip
dblythy Jul 25, 2023
d66fa48
Merge branch 'alpha' into beforeFind-objects
mtrezza Sep 1, 2023
34f7741
feat: allow short circuit of beforeFind
dblythy Jul 19, 2023
5825abf
improve test description
mtrezza Jul 23, 2023
6daa039
Update CloudCode.spec.js
dblythy Jul 23, 2023
ec37789
wip
dblythy Jul 24, 2023
09fcde2
wip
dblythy Jul 25, 2023
8de0edb
Merge branch 'beforeFind-objects' of https://github.com/dblythy/parse…
EmpiDev May 27, 2025
dd75062
refactor: remove redundant beforeFind tests and clean up afterFind hooks
EmpiDev May 27, 2025
8d6aae6
refactor: improve condition checks and format function parameters for…
EmpiDev May 30, 2025
c5dd665
test: update beforeFind test to create and save a new object
EmpiDev May 30, 2025
55c3b3b
Merge branch 'alpha' into beforeFind-fix
EmpiDev May 30, 2025
d8525e9
fix : Unexpected token '}' 2057
EmpiDev Jun 2, 2025
04ae88f
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jun 2, 2025
f083527
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jun 3, 2025
f679ba0
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jun 6, 2025
dfd4082
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jun 6, 2025
43a87bb
Merge branch 'alpha' into beforeFind-fix
mtrezza Jun 7, 2025
c417118
refactor: Improve afterFind trigger handling and object processing
EmpiDev Jun 11, 2025
c6463c3
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jun 12, 2025
0c2ad57
Merge branch 'alpha' into beforeFind-fix
mtrezza Jun 24, 2025
92ef147
refactor in CloudCode.spec.js
EmpiDev Jun 30, 2025
546e5b0
refactor in triggers.js
EmpiDev Jun 30, 2025
00b104e
test: Add direct function tests for maybeRunAfterFindTrigger
EmpiDev Jul 2, 2025
2a5dce9
Remove unnecessary comment
EmpiDev Jul 2, 2025
98be232
refactor: Replace isGet boolean flag with options object
EmpiDev Jul 15, 2025
0d42676
Provide isGet context to afterFind trigger
EmpiDev Jul 15, 2025
f197119
fix: Correct parameter formatting in afterFind trigger test
EmpiDev Jul 16, 2025
06e2bcc
Merge branch 'alpha' into beforeFind-fix
EmpiDev Jul 16, 2025
52d5594
Merge branch 'alpha' into beforeFind-fix
mtrezza Jul 21, 2025
c08b3f6
chore(tests): add spy to confirm DB is not accessed
EmpiDev Jul 22, 2025
37f74c1
Merge branch 'alpha' into beforeFind-fix
mtrezza Jul 29, 2025
468a6ec
refactor(tests): extract database spy setup into a helper function fo…
EmpiDev Jul 30, 2025
b157aa2
refactor(tests): move repetitive code into beforeEach block
EmpiDev Jul 31, 2025
83a918b
Merge branch 'alpha' into beforeFind-fix
mtrezza Aug 3, 2025
840a3e4
feat: Add beforeFind security tests for object visibility and protect…
EmpiDev Aug 26, 2025
3da7ffb
feat: Enhance beforeFind security tests for object visibility and acc…
EmpiDev Aug 26, 2025
041b00d
feat: Re-apply ACL/CLP systematically when beforeFind returns objects
EmpiDev Aug 26, 2025
bf70c6a
feat: Add explicit comments in runFindTriggers, triggers.js
EmpiDev Aug 26, 2025
6ec28a8
tests: normalize query construction to production conditions; avoid a…
EmpiDev Aug 27, 2025
c49f8aa
refactor: simplify query handling in maybeRunAfterFindTrigger
EmpiDev Aug 27, 2025
0d68f26
refactor: streamline id handling and security checks in runFindTriggers
EmpiDev Aug 27, 2025
f5acfa0
Revert "refactor: streamline id handling and security checks in runFi…
EmpiDev Aug 28, 2025
ec9033d
Merge branch 'alpha' into beforeFind-fix
EmpiDev Sep 1, 2025
97e143a
Merge branch 'alpha' into beforeFind-fix
mtrezza Sep 9, 2025
fdd9270
Add code comment in runFindTriggers
EmpiDev Sep 15, 2025
08865e3
Merge branch 'alpha' into beforeFind-fix
mtrezza Sep 21, 2025
069551f
Merge branch 'alpha' into beforeFind-fix
mtrezza Sep 21, 2025
caa5037
fix: remove unnecessary blank lines
EmpiDev Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 109 additions & 0 deletions spec/CloudCode.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,115 @@ describe('Cloud Code', () => {
done();
}
});
it('beforeFind can return object without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return new Parse.Object('TestObject', { foo: 'bar' });
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return array of objects without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [new Parse.Object('TestObject', { foo: 'bar' })];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return object for get query without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [new Parse.Object('TestObject', { foo: 'bar' })];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').get('objId');
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return empty array without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects.length).toBe(0);
});
const obj = new Parse.Object('beforeFind');
await obj.save();
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj).toBeUndefined();
});

it('beforeFind can return object without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return new Parse.Object('TestObject', { foo: 'bar' });
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return array of objects without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [new Parse.Object('TestObject', { foo: 'bar' })];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return object for get query without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [new Parse.Object('TestObject', { foo: 'bar' })];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects).toBeDefined();
expect(req.objects[0].get('foo')).toBe('bar');
});
const newObj = await new Parse.Query('beforeFind').get('objId');
expect(newObj.className).toBe('TestObject');
expect(newObj.toJSON()).toEqual({ foo: 'bar' });
await newObj.save();
});

it('beforeFind can return empty array without DB operation', async () => {
Parse.Cloud.beforeFind('beforeFind', () => {
return [];
});
Parse.Cloud.afterFind('beforeFind', req => {
expect(req.objects.length).toBe(0);
});
const obj = new Parse.Object('beforeFind');
await obj.save();
const newObj = await new Parse.Query('beforeFind').first();
expect(newObj).toBeUndefined();
});

it('beforeSave rejection with custom error code', function (done) {
Parse.Cloud.beforeSave('BeforeSaveFailWithErrorCode', function () {
Expand Down
74 changes: 65 additions & 9 deletions src/rest.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,52 @@ function checkTriggers(className, config, types) {
function checkLiveQuery(className, config) {
return config.liveQueryController && config.liveQueryController.hasLiveQuery(className);
}
async function runFindTriggers(
config,
auth,
className,
restWhere,
restOptions,
clientSDK,
context,
isGet
) {
const result = await triggers.maybeRunQueryTrigger(
triggers.Types.beforeFind,
className,
restWhere,
restOptions,
config,
auth,
context,
isGet
);

// Returns a promise for an object with optional keys 'results' and 'count'.
const find = async (config, auth, className, restWhere, restOptions, clientSDK, context) => {
restWhere = result.restWhere || restWhere;
restOptions = result.restOptions || restOptions;

if (result?.objects) {
const objects = result.objects;

// Déclencher le trigger afterFind si des objets sont retournés
await triggers.maybeRunAfterFindTrigger(
triggers.Types.afterFind,
auth,
className,
objects,
config,
restWhere,
context
);

return {
results: objects.map(row => row._toFullJSON()),
};
}

// Conserver la distinction entre get et find
const query = await RestQuery({
method: RestQuery.Method.find,
method: isGet ? RestQuery.Method.get : RestQuery.Method.find,
config,
auth,
className,
Expand All @@ -36,23 +77,38 @@ const find = async (config, auth, className, restWhere, restOptions, clientSDK,
clientSDK,
context,
});

return query.execute();
}

// Returns a promise for an object with optional keys 'results' and 'count'.
const find = async (config, auth, className, restWhere, restOptions, clientSDK, context) => {
enforceRoleSecurity('find', className, auth);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: how the enforce role security was implemented before, it's not clear

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Moumouls Can this be resolved?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay i investigated the code deeper it seems that in the common cases "enforceRoleSecurity" will run twice (here and in RestQuery instance), enforceRoleSecurity ONLY prevent some queries on core classes, it's a small sync function with 2 "if" so i guess it's okay to run it twice. What do you think @mtrezza ?

@EmpiDev you added this function here because some existing tests fails without it ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was added by @dblythy .
As you correctly identified, this is indeed a duplication - enforceRoleSecurity runs twice in the common case: once here in find()/get(), and again in the RestQuery constructor.

I've verified that all tests pass without these calls in rest.js (lines 126 and 141), since the check is already performed in RestQuery() which is always called downstream.

I think we have two reasonable options:

  • Keep it as an extra safety layer
  • Remove it to eliminate the duplication since RestQuery() already handles it

I'm fine with either approach. What's your preference @mtrezza?

return runFindTriggers(
config,
auth,
className,
restWhere,
restOptions,
clientSDK,
context,
false
);
};

// get is just like find but only queries an objectId.
const get = async (config, auth, className, objectId, restOptions, clientSDK, context) => {
var restWhere = { objectId };
const query = await RestQuery({
method: RestQuery.Method.get,
enforceRoleSecurity('get', className, auth);
return runFindTriggers(
config,
auth,
className,
restWhere,
{ objectId },
restOptions,
clientSDK,
context,
});
return query.execute();
true
);
};

// Returns a promise that doesn't resolve to any useful value.
Expand Down
13 changes: 13 additions & 0 deletions src/triggers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,9 @@ export function maybeRunAfterFindTrigger(
request.objects = objects.map(object => {
//setting the class name to transform into parse object
object.className = className;
if (object instanceof Parse.Object) {
return object;
}
return Parse.Object.fromJSON(object);
});
return Promise.resolve()
Expand Down Expand Up @@ -607,9 +610,19 @@ export function maybeRunQueryTrigger(
restOptions = restOptions || {};
restOptions.subqueryReadPreference = requestObject.subqueryReadPreference;
}
let objects = undefined;
if (result instanceof Parse.Object) {
objects = [result];
} else if (
Array.isArray(result) &&
(!result.length || result.some(obj => obj instanceof Parse.Object))
) {
objects = result;
}
return {
restWhere,
restOptions,
objects,
};
},
err => {
Expand Down