0

I want to limit the result of return strapi.services.myType.fetchAll (ctx.query); by selecting certain columns (SELECT column1, column2, ... not SELECT *).

How and where can I edit "ctx.query"?

Many thanks!

P.S. I also do not know exactly how to use GraphQL (for backend) for this case. Can someone give me a hint please?

Benjamin Reeves
  • 553
  • 3
  • 6
  • 19
  • Could this be the answer to my question? I have not tested it yet. https://stackoverflow.com/questions/38647775/how-do-i-return-only-selected-certain-fields-in-strapi?rq=1 – Benjamin Reeves Jul 15 '19 at 09:08
  • If I use GraphQL and have the following GraphQL query, how and where can I place this query in the backend? `{ posts { id, title } }` – Benjamin Reeves Jul 15 '19 at 10:43
  • Is GraphQL a frontend application? I have in the table (ContentType) columns that should be invisible to the users. If I use GraphQL in my frontend, could the GraphQL-query be manipulated? I mean, can any user hack these columns? If I just want to show `{ posts { col1, col2 } }`, but the user change this like `{ posts { col3, col4, colAnyone... } }` Is this possible? – Benjamin Reeves Jul 15 '19 at 15:06
  • Yes when using `GraphQL` any API user can select any existing columns, as long as s/he knows the column name (and has access to the API). Technically `GraphQL` allows you to restrict the access to some fields/columns but I guess that's out of `Strapi` scope. – Wei WANG Jul 17 '19 at 01:09

1 Answers1

1

You can do it in several ways, one of which is in your model's lifecycle function afterFetchAll(). It should work whether you're using GraphQL or not.

afterFetchAll: async (model, response, options) => {
    model.forEach(m => {
        m.unset('column1')
        m.unset('column2')
    })
}

This way you will be able to remove any columns/fields from the fetched model array.

And this file should be located in: api/MyType/models/MyType.js

Ref to here for more information.

Wei WANG
  • 1,748
  • 19
  • 23