tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added todo for the extra rule constraint

Browse Source
This commit is contained in:
Gani Georgiev
2026-03-04 22:14:49 +02:00
parent e9d4b1fe77
commit 4a40c1b897
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/record_field_resolver.go
View File

@@ -184,6 +184,13 @@ func (r *RecordFieldResolver) updateQueryWithCollectionListRule(c *Collection, t
return fmt.Errorf("failed to build %q ListRule join subquery filter expression: %w", c.Name, err) return fmt.Errorf("failed to build %q ListRule join subquery filter expression: %w", c.Name, err)
} }
// Bind the extra rule expression at the top query level for performance and security reasons
// (it is more strict and minimizes the risk of data disclosure from a side-channel attack).
//
// @todo Investigate with the refactoring if there is a way to group it
// together with the client-side constraint that invoked it and benchmark
// it with many (tag.name="1"||...) like statements to evaluate the impact of applying the check many times.
// If not feasible - document it as caveat and maybe add --dev log.
query.AndWhere(expr) query.AndWhere(expr)
if len(cloneR.joins) > 0 { if len(cloneR.joins) > 0 {