Filter results if joined table has an authorization.recordHandler

Question

Filter results if joined table has an authorization.recordHandler

chattago2002 opened this issue 7 months ago · comments

chattago2002 commented 7 months ago

Hi.
I'm trying to have good results from a call with join and filters.

I have 2 tables: "requests_details" and "requests". For the "requests" table I set the "authorization.recordHandler" middleware to add "filter=user_id,eq,$_SESSION['apiUser']['id']" if the user is not "admin".

The API endpoint is "/records/requests_details?join=requests&filter=request_id,nis".

At the moment I have the following response:

{
    "records": [
        {
            "id": 75,
            "request_id": null,
            "full_name": "John Doe",
            "phone": "00390099888",
            "room": "single"
        },
        {
            "id": 219,
            "request_id": {
                "id": 41,
                "full_name": "Melvin Carr",
                "birthday": "1960-06-27",
                "email": "MelvinRCarr@rhyta.com",
                "user_id": 128
            },
            "full_name": "Melvin Carr",
            "phone": "0039444777",
            "room": "double"
        }
    ]
}

For good results I mean those where request_id is not null.
I set "authorization.recordHandler" additional as following:

if ($tableName === 'requests_details') { return ($tableName == 'requests_details') ? 'filter=request_id,nis' : ''; } `

Where I'm wrong?
Is there another way to achieve the desired result?

Thanks

Maurits van der Schee · Answer 1 · Thu Jan 18 2024 21:01:21 GMT+0800 (China Standard Time)

Your code:

if ($tableName === 'requests_details') { return ($tableName == 'requests_details') ? 'filter=request_id,nis' : ''; }

Should be:

return ($tableName == 'requests_details') ? 'filter=request_id,nis' : '';

Other than that I see no code problem.

As for the logic: I can see why the filter doesn't work as the null results are caused by the recordHandler. You can apply an customization.afterHandler if you really want to remove those results from the query. You can also list the requests with their corresponding requests_details instead of the other way around.

chattago2002 · Answer 2 · Fri Jan 19 2024 23:27:01 GMT+0800 (China Standard Time)

I was using that code because I have other conditions for other tables but... my code and your code couldn't be considered very similar?

Anyway I replaced my code with yours but results are the same so I decided to use customization.afterHandler but I cannot find information about it and its parameters. I made the following code:
if ($tableName == 'requests_details') { $arr = json_decode($response->getBody()->getContents(), true); $arr['records'] = array_filter($arr['records'], function ($obj) { return !is_null($obj['request_id']); }); return ResponseFactory::fromObject(200, $arr, 1); }

Results are ok but the question is: Is this the right way?

Another question: in authorization.recordHandler I can add only the filter parameter? Is not possible to use others as excludeor join? I tried but it seems not working.

Maurits van der Schee · Answer 3 · Tue Mar 19 2024 18:34:25 GMT+0800 (China Standard Time)

couldn't be considered very similar?

I agree.

Is this the right way?

It seems good to me.

I tried but it seems not working.

I think only filter is allowed.