[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jun 29 15:29:01 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #63 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Documenting for my own sanity.
This patchset works as is.. but there are various ways we could improve.
Right now when building an API response we...
1) Build up a query that includes a prefetch any relations we add with an embed
(or add via the query)
2) We can't drop the prefetch because if we do we may affect the resulting
related data we return if part of the query passed filters on the joined data.
3) We then recurse through the embeds and with this patchset we filter out
based on the is_accessible method in each Object class.
4) This can result in 'nulls' in the array of related data if the relation
returns multiple rows.. or a null for the related singular object for the
singular case.
This may not be the most efficient way to do things.. we're fetching all the
data all the time and then filtering in perl as we iterate through the
resultsets calling to_api.
If we wanted to move this into a filtered query, because of the prefetch nature
of it, we'd need to do it as a filtered relationship accessor added to the
DBIx::Class schema files.. We should test whether adding a
'filter_by_accessible' method to the Koha::Objects class would work when
chained onto an existing prefetched relation. I'm not sure how it handles such
a chain and whether our original query would be taken into account correctly.
If we do opt to add a filter_by_accessible to the Koha::Objects class, we will
still need the is_accessible for the singular forms here anyway as the
relationship will have already been prefetched by the original call.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list