@@ -56,12 +56,17 @@ export default class AdminForthBaseConnector implements IAdminForthDataSourceCon
5656 } , { ok : true , error : '' } ) ;
5757 }
5858
59- if ( ! filters . operator ) {
60- return { ok : false , error : `Field "operator" not specified in filter object: ${ JSON . stringify ( filters ) } } ;
61- }
62-
6359 if ( ( filters as IAdminForthSingleFilter ) . field ) {
6460 // if "field" is present, filter must be Single
61+ if ( ! filters . operator ) {
62+ return { ok : false , error : `Field "operator" not specified in filter object: ${ JSON . stringify ( filters ) } } ;
63+ }
64+ if ( ( filters as IAdminForthSingleFilter ) . value === undefined ) {
65+ return { ok : false , error : `Field "value" not specified in filter object: ${ JSON . stringify ( filters ) } } ;
66+ }
67+ if ( ( filters as IAdminForthSingleFilter ) . insecureRawSQL ) {
68+ return { ok : false , error : `Field "insecureRawSQL" should not be specified in filter object alongside "field": ${ JSON . stringify ( filters ) } } ;
69+ }
6570 if ( ! [ AdminForthFilterOperators . EQ , AdminForthFilterOperators . NE , AdminForthFilterOperators . GT ,
6671 AdminForthFilterOperators . LT , AdminForthFilterOperators . GTE , AdminForthFilterOperators . LTE ,
6772 AdminForthFilterOperators . LIKE , AdminForthFilterOperators . ILIKE , AdminForthFilterOperators . IN ,
@@ -73,6 +78,7 @@ export default class AdminForthBaseConnector implements IAdminForthDataSourceCon
7378 const similar = suggestIfTypo ( resource . dataSourceColumns . map ( ( col ) => col . name ) , ( filters as IAdminForthSingleFilter ) . field ) ;
7479 throw new Error ( `Field '${ ( filters as IAdminForthSingleFilter ) . field } ${ resource . resourceId } ${ similar ? `Did you mean '${ similar } : '' } ) ;
7580 }
81+ // value normalization
7682 if ( filters . operator == AdminForthFilterOperators . IN || filters . operator == AdminForthFilterOperators . NIN ) {
7783 if ( ! Array . isArray ( filters . value ) ) {
7884 return { ok : false , error : `Value for operator '${ filters . operator } ${ JSON . stringify ( filters ) } } ;
@@ -85,8 +91,19 @@ export default class AdminForthBaseConnector implements IAdminForthDataSourceCon
8591 } else {
8692 ( filters as IAdminForthSingleFilter ) . value = this . setFieldValue ( fieldObj , ( filters as IAdminForthSingleFilter ) . value ) ;
8793 }
94+ } else if ( ( filters as IAdminForthSingleFilter ) . insecureRawSQL ) {
95+ // if "insecureRawSQL" filter is insecure sql string
96+ if ( ( filters as IAdminForthSingleFilter ) . operator ) {
97+ return { ok : false , error : `Field "operator" should not be specified in filter object alongside "insecureRawSQL": ${ JSON . stringify ( filters ) } } ;
98+ }
99+ if ( ( filters as IAdminForthSingleFilter ) . value !== undefined ) {
100+ return { ok : false , error : `Field "value" should not be specified in filter object alongside "insecureRawSQL": ${ JSON . stringify ( filters ) } } ;
101+ }
88102 } else if ( ( filters as IAdminForthAndOrFilter ) . subFilters ) {
89103 // if "subFilters" is present, filter must be AndOr
104+ if ( ! filters . operator ) {
105+ return { ok : false , error : `Field "operator" not specified in filter object: ${ JSON . stringify ( filters ) } } ;
106+ }
90107 if ( ! [ AdminForthFilterOperators . AND , AdminForthFilterOperators . OR ] . includes ( filters . operator ) ) {
91108 return { ok : false , error : `Field "operator" has wrong value in filter object: ${ JSON . stringify ( filters ) } } ;
92109 }
0 commit comments