Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

query using pointers in deep sub-documents #7426

Closed
wants to merge 25 commits into from
Closed

query using pointers in deep sub-documents #7426

wants to merge 25 commits into from

Conversation

oallouch
Copy link
Contributor

@oallouch oallouch commented Jun 9, 2021

New Pull Request Checklist

  • [x ] I am not disclosing a vulnerability.
  • [x ] I am creating this PR in reference to an issue.

Issue Description

MongoTransform transforms deep pointers as if they were located at the root of the document hierarchy.

Related issue: #7414

Approach

I found a bug in MongoTransform. It only checks for array, not sub-documents.

TODOs before merging

Nothing special

  • [ x] Add test cases
  • [x ] Add entry to changelog
  • Add changes to documentation (guides, repository pages, in-code descriptions)
  • Add security check
  • Add new Parse Error codes to Parse JS SDK
  • ...

@oallouch oallouch mentioned this pull request Jun 10, 2021
Open
2 tasks
snyk-bot and others added 6 commits June 10, 2021 14:56
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities (#7423)
bea4707 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-1296835
@snyk-bot
fix: upgrade mongodb from 3.6.6 to 3.6.7 (#7425)
61affe2 
Snyk has created this PR to upgrade mongodb from 3.6.6 to 3.6.7.

See this package in npm:
https://www.npmjs.com/package/mongodb

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade apollo-server-express from 2.24.0 to 2.24.1 (#7424)
bfdb6a9 
Snyk has created this PR to upgrade apollo-server-express from 2.24.0 to 2.24.1.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@dependabot
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 (#7428)
0638e5e 
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mtrezza
bump mongo (#7429)
f6a4172
@oallouch
restriction to mongo testing
6deb7ec
@codecov
Copy link

codecov bot commented Jun 12, 2021
edited
Loading

Codecov Report

Merging #7426 (6deb7ec) into master (129f7bf) will decrease coverage by 0.02%.
The diff coverage is 100.00%.

❗ Current head 6deb7ec differs from pull request most recent head 0e215ea. Consider uploading reports for the commit 0e215ea to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7426      +/-   ##
==========================================
- Coverage   93.92%   93.90%   -0.03%     
==========================================
  Files         181      181              
  Lines       13245    13246       +1     
==========================================
- Hits        12441    12439       -2     
- Misses        804      807       +3
Impacted Files Coverage Δ
src/Adapters/Storage/Mongo/MongoTransform.js 88.54% <100.00%> (-0.28%) ⬇️
src/batch.js 91.37% <0.00%> (-1.73%) ⬇️
src/Adapters/Storage/Mongo/MongoStorageAdapter.js 92.37% <0.00%> (-0.22%) ⬇️
src/RestWrite.js 94.08% <0.00%> (+0.15%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 129f7bf...0e215ea. Read the comment docs.

olleolleolle and others added 7 commits June 15, 2021 13:25
@olleolleolle
CHANGELOG: typo fix braking->breaking [ci skip] (#7432)
1069519
@mtrezza
bump node version (#7441)
3a2afda
Add check for property (#7421)
d8dc524 
* Add check for property

* updated changelog

* Fixed logic returning false positive

* Added test case

* update change log
@snyk-bot
fix: upgrade graphql-relay from 0.6.0 to 0.7.0 (#7443)
770e36f 
Snyk has created this PR to upgrade graphql-relay from 0.6.0 to 0.7.0.

See this package in npm:
https://www.npmjs.com/package/graphql-relay

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade ldapjs from 2.2.4 to 2.3.0 (#7436)
7df6c02 
Snyk has created this PR to upgrade ldapjs from 2.2.4 to 2.3.0.

See this package in npm:
https://www.npmjs.com/package/ldapjs

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade apollo-server-express from 2.24.1 to 2.25.0 (#7435)
4e5eba6 
Snyk has created this PR to upgrade apollo-server-express from 2.24.1 to 2.25.0.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade mongodb from 3.6.7 to 3.6.8 (#7430)
c36588e 
Snyk has created this PR to upgrade mongodb from 3.6.7 to 3.6.8.

See this package in npm:
https://www.npmjs.com/package/mongodb

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@oallouch
Copy link
Contributor Author

Can someone review this PR. It's only a bug fix.

mtrezza
mtrezza requested changes Jun 27, 2021
View reviewed changes
CHANGELOG.md Outdated
@@ -134,6 +134,7 @@ ___
- Add NPM package-lock version check to CI (Manuel Trezza) [#7333](https://github.com/parse-community/parse-server/pull/7333)
- Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events [#7341](https://github.com/parse-community/parse-server/pull/7341)
- Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242)
- Fix querying deep nested pointers (Olivier Allouch)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please adapt format, see other entries

spec/ParseQuery.spec.js
@@ -4318,6 +4318,40 @@ describe('Parse.Query testing', () => {
}
});

it_only_db('mongo')('deeply nested Pointers (issue #7413)', async function (done) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this only a bug in MongoDB, or is this a feature that only works in MongoDB? If the first, then the test should not be exclusively for MongoDB.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't really know how PostgreSQL works with parse-server, but I think it must be MongoDB only. How sub-documents work in an SQL db ?

spec/ParseQuery.spec.js Outdated Show resolved Hide resolved
src/Adapters/Storage/Mongo/MongoTransform.js Outdated Show resolved Hide resolved
snyk-bot and others added 4 commits June 27, 2021 22:00
@snyk-bot
fix: upgrade mongodb from 3.6.8 to 3.6.9 (#7445)
17cf1a4 
Snyk has created this PR to upgrade mongodb from 3.6.8 to 3.6.9.

See this package in npm:
https://www.npmjs.com/package/mongodb

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 (#7450)
d36a53b 
Snyk has created this PR to upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0.

See this package in npm:
https://www.npmjs.com/package/subscriptions-transport-ws

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@snyk-bot
fix: upgrade apollo-server-express from 2.25.0 to 2.25.1 (#7449)
682f1bf 
Snyk has created this PR to upgrade apollo-server-express from 2.25.0 to 2.25.1.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
@mtrezza
bumped node (#7452)
05882bc
@mtrezza mtrezza added type:bug Impaired feature or lacking behavior that is likely assumed and removed type:bug Impaired feature or lacking behavior that is likely assumed labels Jul 11, 2021
@oallouch
Copy link
Contributor Author

Oh. I think I screwed things up with a rebase.

@mtrezza
Copy link
Member

mtrezza commented Sep 3, 2021

⚠️ Important change for merging PRs from Parse Server 5.0 onwards!

We are planning to release the first beta version of Parse Server 5.0 in October 2021.

If a PR contains a breaking change and is not merged before the beta release of Parse Server 5.0, it cannot be merged until the end of 2022. Instead it has to follow the Deprecation Policy and phase-in breaking changes to be merged during the course of 2022.

One of the most voiced community feedbacks was the demand for predictability in breaking changes to make it easy to upgrade Parse Server. We have made a first step towards this by introducing the Deprecation Policy in February 2021 that assists to phase-in breaking changes, giving developers time to adapt. We will follow-up with the introduction of Release Automation and a branch model that will allow breaking changes only with a new major release, scheduled for the beginning of each calendar year.

We understand that some PRs are a long time in the making and we very much appreciate your contribution. We want to make it easy for PRs that contain a breaking change and were created before the introduction of the Deprecation Policy. These PRs can be merged with a breaking change without being phased-in before the beta release of Parse Server 5.0. We are making this exception because we appreciate that this is a time of transition that requires additional effort from contributors to adapt. We encourage everyone to prepare their PRs until the end of September and account for review time and possible adaptions.

If a PR contains a breaking change and should be merged before the beta release, please mention @parse-community/server-maintenance and we will coordinate with you to merge the PR.

Thanks for your contribution and support during this transition to Parse Server release automation!

@oallouch oallouch closed this Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtrezza mtrezza mtrezza requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@oallouch @mtrezza @snyk-bot @olleolleolle