Merge pull request #1471 from exogee-technology/fix/correctly-differe…

…ntiate-between-creates-and-updates-with-numeric-primary-key Fix / Correctly differentiate between creates and updates with numeric primary key
exogee-technology · Dec 23, 2024 · b543782 · b543782
2 parents b61b1f3 + 383130b
commit b543782
Show file tree

Hide file tree

Showing 3 changed files with 186 additions and 67 deletions.
diff --git a/src/packages/auth/src/auth-utils.ts b/src/packages/auth/src/auth-utils.ts
@@ -251,14 +251,20 @@ export async function checkAuthorization<G = unknown>(
 	requestInput: Partial<G>,
 	requiredPermission: AccessType
 ) {
+	logger.trace({ entityName, id, requestInput, requiredPermission }, 'Entering checkAuthorization');
+
 	// Get ACL first
 	const acl = getACL(entityName);
 	const meta = graphweaverMetadata.getEntityByName(entityName);
 
+	logger.trace('Checking whether user can perform requested action.');
+
 	// Check whether the user can perform the request type of action at all,
 	// before evaluating any (more expensive) permissions filters
 	await assertUserCanPerformRequestedAction(acl, requiredPermission);
 
+	logger.trace('They can, now checking entity permissions.');
+
 	// Now check whether the root entity passes permissions filters (if set)
 	await checkEntityPermission(entityName, id, requiredPermission);
 
@@ -303,6 +309,8 @@ export async function checkAuthorization<G = unknown>(
 		logger.info(`Permission check failed:`, e);
 		permissionsErrorHandler(e);
 	}
+
+	logger.trace('Leaving checkAuthorization, auth passed.');
 }
 
 const checkPayloadAndFilterScalarsAndDates = (requestInput: any, key: string, value: any) => {

diff --git a/src/packages/core/src/resolvers.ts b/src/packages/core/src/resolvers.ts
@@ -291,7 +291,12 @@ const _createOrUpdate = async <G>(
 		}
 
 		// Extract ids of items being updated
-		const updateItemIds = updateItems.map((item) => item[primaryKeyField as keyof typeof item]);
+		const updateItemIds = new Set(
+			updateItems.map((item) =>
+				// Normalise the type to a string, as string will always be able to hold whatever primary key type is used.
+				String(item[primaryKeyField as keyof typeof item])
+			)
+		);
 
 		// Prepare updateParams and run hook if needed
 		const updateParams: CreateOrUpdateHookParams<G> = {
@@ -320,10 +325,10 @@ const _createOrUpdate = async <G>(
 
 		// Filter update and create entities
 		let updatedEntities = entities.filter(
-			(entity) => entity && updateItemIds.includes(entity[primaryKeyField])
+			(entity) => entity && updateItemIds.has(String(entity[primaryKeyField]))
 		);
 		let createdEntities = entities.filter(
-			(entity) => entity && !updateItemIds.includes(entity[primaryKeyField])
+			(entity) => entity && !updateItemIds.has(String(entity[primaryKeyField]))
 		);
 
 		// Run after hooks for update and create entities