-
Notifications
You must be signed in to change notification settings - Fork 1
Restrict MaravelQL auto‐filtering and sort
By default (in laravel-crud-wizard-free) when filtering by some columns, at least one of the indexed (in first position/sequence of the index/key) columns of the resource MUST be used.
To remove this restriction define indexRequiredOnFiltering as false in the model:
protected bool $indexRequiredOnFiltering = false;But, if index is required on filtering and you want to expose just some columns from the indexed ones as standalone filters on a resource, you can overwrite in your model the retrieveFirstSeqIndexedColumns method:
public function retrieveFirstSeqIndexedColumns(): array
{
return [
'filterable_1',
'filterable_2',
];
}NOTES:
This will impact also the possible sort columns.
Also, to prevent data leaks, if the request column filters contain ONLY invalid columns, empty response will be returned. This is useful during development for example, when you want to show data that belongs only to a user_id (based on the authenticated user id) and you want to make sure that if the user_id filter is not applied, you should not show anything, while knowing user_id should be valid filter by its own.
If at least one indexed (allowed) column is used as filter, all the other column filters will be applied except for the non column filters: ?indexed_col=5¬_indexed_col=4¬_a_col=2 will translate into where indexed_col = 5 and not_indexed_col = 4 .
If the first sort by column is valid, all the other possible sorts will be applied: ?sort[0][by]=indexed_col&sort[1][by]=not_indexed_col&sort[2][by]=not_a_valid_sort will translate into order by indexed_col desc, not_indexed_col desc .
Aggregate columns {rel}_count and {rel}_exist can be used as valid sorts when withRelationsCount and respectively withRelationsExistence contain that {rel}: ?withRelationsCount[]=rel&sort[0][by]=rel_count
If the first sort by column is not valid the sort is ignored.