Added extra test cases and fixed issue found with them.

Author: pdiaz

spec/DatabaseController.spec.js

@@ -236,6 +236,65 @@ describe('DatabaseController', function () {
       done();
     });
 
+    it('should not return a $or operation if the query involves one of the two fields also used as array/pointer permissions', done => {
+      const clp = buildCLP(['users', 'user']);
+      const query = { a: 'b', user: createUserPointer(USER_ID) };
+
+      schemaController.testPermissionsForClassName
+        .withArgs(CLASS_NAME, ACL_GROUP, OPERATION)
+        .and.returnValue(false);
+      schemaController.getClassLevelPermissions.withArgs(CLASS_NAME).and.returnValue(clp);
+      schemaController.getExpectedType
+        .withArgs(CLASS_NAME, 'user')
+        .and.returnValue({ type: 'Pointer' });
+      schemaController.getExpectedType
+        .withArgs(CLASS_NAME, 'users')
+        .and.returnValue({ type: 'Array' });
+
+      const output = databaseController.addPointerPermissions(
+        schemaController,
+        CLASS_NAME,
+        OPERATION,
+        query,
+        ACL_GROUP
+      );
+
+      expect(output).toEqual({ ...query, user: createUserPointer(USER_ID) });
+
+      done();
+    });
+
+    it('should not return a $or operation if the query involves one of the fields also used as array/pointer permissions', done => {
+      const clp = buildCLP(['user', 'users', 'userObject']);
+      const query = { a: 'b', user: createUserPointer(USER_ID) };
+
+      schemaController.testPermissionsForClassName
+        .withArgs(CLASS_NAME, ACL_GROUP, OPERATION)
+        .and.returnValue(false);
+      schemaController.getClassLevelPermissions.withArgs(CLASS_NAME).and.returnValue(clp);
+      schemaController.getExpectedType
+        .withArgs(CLASS_NAME, 'user')
+        .and.returnValue({ type: 'Pointer' });
+      schemaController.getExpectedType
+        .withArgs(CLASS_NAME, 'users')
+        .and.returnValue({ type: 'Array' });
+      schemaController.getExpectedType
+        .withArgs(CLASS_NAME, 'userObject')
+        .and.returnValue({ type: 'Object' });
+
+      const output = databaseController.addPointerPermissions(
+        schemaController,
+        CLASS_NAME,
+        OPERATION,
+        query,
+        ACL_GROUP
+      );
+
+      expect(output).toEqual({ ...query, user: createUserPointer(USER_ID) });
+
+      done();
+    });
+
     it('should throw an error if for some unexpected reason the property specified in the CLP is neither a pointer nor an array', done => {
       const clp = buildCLP(['user']);
       const query = { a: 'b' };

src/Controllers/DatabaseController.js

@@ -1378,21 +1378,28 @@ class DatabaseController {
       return query;
     }
     const queries = query.$or.map(q => this.objectToEntriesStrings(q));
-    for (let i = 0; i < queries.length - 1; i++) {
-      for (let j = i + 1; j < queries.length; j++) {
-        const [shorter, longer] = queries[i].length > queries[j].length ? [j, i] : [i, j];
-        const foundEntries = queries[shorter].reduce(
-          (acc, entry) => acc + (queries[longer].includes(entry) ? 1 : 0),
-          0
-        );
-        if (foundEntries === queries[shorter].length) {
-          // If the shorter query is completely contained in the longer one, we can strike
-          // out the longer query.
-          query.$or.splice(longer, 1);
-          queries.splice(longer, 1);
+    let repeat = false;
+    do {
+      repeat = false;
+      for (let i = 0; i < queries.length - 1; i++) {
+        for (let j = i + 1; j < queries.length; j++) {
+          const [shorter, longer] = queries[i].length > queries[j].length ? [j, i] : [i, j];
+          const foundEntries = queries[shorter].reduce(
+            (acc, entry) => acc + (queries[longer].includes(entry) ? 1 : 0),
+            0
+          );
+          const shorterEntries = queries[shorter].length;
+          if (foundEntries === shorterEntries) {
+            // If the shorter query is completely contained in the longer one, we can strike
+            // out the longer query.
+            query.$or.splice(longer, 1);
+            queries.splice(longer, 1);
+            repeat = true;
+            break;
+          }
         }
       }
-    }
+    } while (repeat);
     if (query.$or.length === 1) {
       query = { ...query, ...query.$or[0] };
       delete query.$or;
@@ -1406,21 +1413,28 @@ class DatabaseController {
       return query;
     }
     const queries = query.$and.map(q => this.objectToEntriesStrings(q));
-    for (let i = 0; i < queries.length - 1; i++) {
-      for (let j = i + 1; j < queries.length; j++) {
-        const [shorter, longer] = queries[i].length > queries[j].length ? [j, i] : [i, j];
-        const foundEntries = queries[shorter].reduce(
-          (acc, entry) => acc + (queries[longer].includes(entry) ? 1 : 0),
-          0
-        );
-        if (foundEntries === queries[shorter].length) {
-          // If the shorter query is completely contained in the longer one, we can strike
-          // out the shorter query.
-          query.$and.splice(shorter, 1);
-          queries.splice(shorter, 1);
+    let repeat = false;
+    do {
+      repeat = false;
+      for (let i = 0; i < queries.length - 1; i++) {
+        for (let j = i + 1; j < queries.length; j++) {
+          const [shorter, longer] = queries[i].length > queries[j].length ? [j, i] : [i, j];
+          const foundEntries = queries[shorter].reduce(
+            (acc, entry) => acc + (queries[longer].includes(entry) ? 1 : 0),
+            0
+          );
+          const shorterEntries = queries[shorter].length;
+          if (foundEntries === shorterEntries) {
+            // If the shorter query is completely contained in the longer one, we can strike
+            // out the shorter query.
+            query.$and.splice(shorter, 1);
+            queries.splice(shorter, 1);
+            repeat = true;
+            break;
+          }
         }
       }
-    }
+    } while (repeat);
     if (query.$and.length === 1) {
       query = { ...query, ...query.$and[0] };
       delete query.$and;