You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The new code introduces several error cases, such as missing records or permission issues. The reviewer should validate that these errors are handled correctly and appropriate error messages are returned to the client. Test various scenarios to ensure proper error handling.
if!res.HasPermission(roles.Create, context) {
returnroles.ErrPermissionDenied
}
returncontext.GetDB().Create(result).Error
}
// If we have a non-zero primary key, first check if it existsvarcountintprimaryField:=scope.PrimaryField()
ifprimaryField==nil {
returnfmt.Errorf("no primary key field found")
}
query:=fmt.Sprintf("%v = ?", scope.Quote(primaryField.DBName))
iferr:=context.GetDB().Model(result).Where(query, scope.PrimaryKeyValue()).Count(&count).Error; err!=nil {
returnerr
}
// For creation attempts with existing IDifcontext.Request!=nil&&context.Request.Method=="POST" {
ifcount>0 {
returnfmt.Errorf("record with primary key %v already exists", scope.PrimaryKeyValue())
}
if!res.HasPermission(roles.Create, context) {
returnroles.ErrPermissionDenied
}
returncontext.GetDB().Create(result).Error
}
// Update operationif!res.HasPermission(roles.Update, context) {
returnroles.ErrPermissionDenied
}
ifcount==0 {
returnfmt.Errorf("record with primary key %v not found", scope.PrimaryKeyValue())
}
The changes involve additional database queries to check for record existence. Review the performance impact of these queries, especially in high-load scenarios. Consider adding indexes if necessary to optimize the queries.
Improve error handling when checking record existence to avoid leaking sensitive details
Ensure proper error handling when checking if a record with the given primary key exists. The current code directly returns the error from the database query, which could leak sensitive database details. Instead, return a generic error message to the client.
if err := context.GetDB().Model(result).Where(query, scope.PrimaryKeyValue()).Count(&count).Error; err != nil {
- return err+ return fmt.Errorf("failed to check if record exists")
}
Suggestion importance[1-10]: 8
Why: Properly handling errors and avoiding leaking sensitive database details is important for security. The suggestion provides a good way to return a generic error message instead.
8
General
Refactor duplicated create operation logic into a separate function for better code reuse
Extract the duplicated permission check and error handling logic for the create operation into a separate function. This will make the code more DRY and easier to maintain.
if context.Request != nil && context.Request.Method == "POST" {
if count > 0 {
return fmt.Errorf("record with primary key %v already exists", scope.PrimaryKeyValue())
}
+ return res.createRecord(result, context)+}++// In a separate function:+func (res *Resource) createRecord(result interface{}, context *qor.Context) error {
if !res.HasPermission(roles.Create, context) {
return roles.ErrPermissionDenied
}
return context.GetDB().Create(result).Error
}
Suggestion importance[1-10]: 5
Why: Extracting the duplicated permission check and create logic into a separate function can improve code reuse and maintainability. However, the impact is moderate as it's more of a refactoring than fixing a critical issue.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Type
Bug fix, Enhancement
Description
Fix issue with POST update requests for existing records
Add check for record existence before update or create
Return appropriate errors for missing records or permission issues
Distinguish between create and update operations based on primary key
Changes walkthrough 📝
crud.go
Fix POST update behavior and add existence checksresource/crud.go
and HTTP method