fix: skip validation of where
query paths from access result
#9349
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Previously,
payload.findByID
withoverrideAccess: false
and this collection configLed to the
The following path cannot be queried: secret
error becausewhere
input tovalidateQueryPaths
also includes the result from access control, which shouldn't be.This works when using
payload.find
.The same applies to find with drafts / joins
where
. We need to validate only userwhere
input, not access control that we defined in our config.Also, this exact logic seems be used in
find
without drafts - we don't usefullWhere
here butwhere
, that's why this error isn't being thrown withfind
but onlyfindByID
.payload/packages/payload/src/collections/operations/find.ts
Line 134 in d9c6288
payload/packages/payload/src/collections/operations/find.ts
Lines 166 to 171 in d9c6288
Fixes #9210