Merge pull request #7488 from ever-co/fix/escape-query-array-parameters

[Fix] Array Query Parameters Escape
ever-co · Feb 2, 2024 · 68cd0a4 · 68cd0a4
2 parents 003037a + ae4dde8
commit 68cd0a4
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 23 deletions.
diff --git a/apps/gauzy/src/app/pages/tasks/components/task/task.component.ts b/apps/gauzy/src/app/pages/tasks/components/task/task.component.ts
@@ -82,6 +82,7 @@ export class TaskComponent extends PaginationFilterBaseComponent implements OnIn
 	selectedEmployee: ISelectedEmployee;
 	selectedEmployeeId: ISelectedEmployee['id'];
 	selectedProject: IOrganizationProject;
+	selectedTeamIds: string[] = [];
 
 	constructor(
 		private readonly dialogService: NbDialogService,
@@ -349,17 +350,17 @@ export class TaskComponent extends PaginationFilterBaseComponent implements OnIn
 		const storeOrganization$ = this._store.selectedOrganization$;
 		const storeEmployee$ = this._store.selectedEmployee$;
 		const storeProject$ = this._store.selectedProject$;
-		combineLatest([storeOrganization$, storeEmployee$, storeProject$])
+		const storeTeam$ = this._store.selectedTeam$;
+		combineLatest([storeOrganization$, storeEmployee$, storeProject$, storeTeam$])
 			.pipe(
 				distinctUntilChange(),
 				filter(([organization]) => !!organization),
-				tap(([organization, employee, project]) => {
+				tap(([organization, employee, project, team]) => {
 					this.organization = organization;
-					this.selectedEmployeeId = employee ? employee.id : null;
+					this.selectedEmployeeId = employee?.id || null;
 					this.selectedProject = project;
-					this.viewMode = !!project
-						? project.taskListType
-						: TaskListTypeEnum.GRID;
+					this.selectedTeamIds = team?.id ? [team.id] : [];
+					this.viewMode = project?.taskListType || TaskListTypeEnum.GRID;
 				}),
 				tap(() => this._refresh$.next(true)),
 				tap(() => this.taskSubject$.next(true)),
@@ -477,6 +478,7 @@ export class TaskComponent extends PaginationFilterBaseComponent implements OnIn
 						},
 					}
 					: {}),
+				...(this.selectedTeamIds ? { teams: this.selectedTeamIds } : {}),
 				...(this.filters.where ? this.filters.where : {}),
 			},
 			resultMap: (task: ITask) => {
@@ -736,21 +738,17 @@ export class TaskComponent extends PaginationFilterBaseComponent implements OnIn
 	}
 
 	/**
-	 * Open task settings page for specific project
+	 * Open task settings page for a specific project.
 	 *
-	 * @param selectedProject
-	 * @returns
+	 * @param selectedProject - The project for which the task settings page should be opened.
 	 */
 	openTasksSettings(selectedProject: IOrganizationProject): void {
-		const hasPermission = this._store.hasAnyPermission(
-			PermissionsEnum.ALL_ORG_EDIT,
-			PermissionsEnum.ORG_PROJECT_EDIT
-		);
-		if (this.isDefaultProject || !hasPermission) {
+		if (this.isDefaultProject || !this._store.hasAnyPermission(PermissionsEnum.ALL_ORG_EDIT, PermissionsEnum.ORG_PROJECT_EDIT)) {
 			return;
 		}
+
 		this._router.navigate(['/pages/tasks/settings', selectedProject.id], {
-			state: selectedProject,
+			state: selectedProject
 		});
 	}
 

diff --git a/packages/core/src/core/crud/pagination-params.ts b/packages/core/src/core/crud/pagination-params.ts
@@ -88,6 +88,7 @@ export class PaginationParams<T = any> extends OptionParams<T> {
  * @returns {TenantOrganizationBaseDTO} - The escaped and converted query parameters as a DTO instance.
  */
 export function escapeQueryWithParameters(nativeParameters: SimpleObjectLiteral): TenantOrganizationBaseDTO {
+
 	// Convert native parameters based on the database connection type
 	const builtParameters: SimpleObjectLiteral = convertNativeParameters(nativeParameters);
 

diff --git a/packages/core/src/core/crud/pagination.helper.ts b/packages/core/src/core/crud/pagination.helper.ts
@@ -24,7 +24,11 @@ export const parseBool = (value: any): boolean => Boolean(JSON.parse(value));
 export const convertNativeParameters = (parameters: any): any => {
     try {
         // Mapping boolean values to their numeric representation
-        if (typeof parameters === "object" && parameters !== null) {
+        if (Array.isArray(parameters)) {
+            // If it's an array, process each element
+            return parameters.map((item: any) => convertNativeParameters(item));
+            // Mapping boolean values to their numeric representation
+        } else if (typeof parameters === "object" && parameters !== null) {
             // Recursively convert nested objects
             return Object.keys(parameters).reduce((acc, key) => {
                 acc[key] = convertNativeParameters(parameters[key]);

diff --git a/packages/core/src/tasks/task.service.ts b/packages/core/src/tasks/task.service.ts
@@ -1,6 +1,6 @@
 import { Injectable, BadRequestException, HttpStatus, HttpException } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
-import { IsNull, SelectQueryBuilder, Brackets, WhereExpressionBuilder, Raw } from 'typeorm';
+import { IsNull, SelectQueryBuilder, Brackets, WhereExpressionBuilder, Raw, In } from 'typeorm';
 import { isUUID } from 'class-validator';
 import { IEmployee, IGetTaskOptions, IPagination, ITask, PermissionsEnum } from '@gauzy/contracts';
 import { isEmpty, isNotEmpty } from '@gauzy/common';
@@ -127,9 +127,7 @@ export class TaskService extends TenantAwareCrudService<Task> {
 				new Brackets((qb: WhereExpressionBuilder) => {
 					const tenantId = RequestContext.currentTenantId();
 					qb.andWhere(p(`"${query.alias}"."organizationId" = :organizationId`), { organizationId });
-					qb.andWhere(p(`"${query.alias}"."tenantId" = :tenantId`), {
-						tenantId
-					});
+					qb.andWhere(p(`"${query.alias}"."tenantId" = :tenantId`), { tenantId });
 				})
 			);
 			query.andWhere(
@@ -233,6 +231,7 @@ export class TaskService extends TenantAwareCrudService<Task> {
 	async findTeamTasks(options: PaginationParams<Task>): Promise<IPagination<ITask>> {
 		try {
 			const { where } = options;
+
 			const { status, teams = [], title, prefix, organizationSprintId = null } = where;
 			const { organizationId, projectId, members } = where;
 
@@ -287,9 +286,7 @@ export class TaskService extends TenantAwareCrudService<Task> {
 				new Brackets((qb: WhereExpressionBuilder) => {
 					const tenantId = RequestContext.currentTenantId();
 					qb.andWhere(p(`"${query.alias}"."organizationId" = :organizationId`), { organizationId });
-					qb.andWhere(p(`"${query.alias}"."tenantId" = :tenantId`), {
-						tenantId
-					});
+					qb.andWhere(p(`"${query.alias}"."tenantId" = :tenantId`), { tenantId });
 				})
 			);
 			if (isNotEmpty(projectId) && isNotEmpty(teams)) {
@@ -350,6 +347,12 @@ export class TaskService extends TenantAwareCrudService<Task> {
 					options['where']['organizationSprintId'] = IsNull();
 				}
 			}
+			if ('teams' in where) {
+				const { teams } = where;
+				options.where.teams = {
+					id: In(teams as string[])
+				}
+			}
 		}
 		return await super.paginate(options);
 	}