feat: Re-apply ACL/CLP systematically when beforeFind returns objects

EmpiDev · EmpiDev · commit 041b00d4a16e · 2025-08-26T17:15:47.000+02:00
diff --git a/src/rest.js b/src/rest.js
@@ -51,11 +51,39 @@ async function runFindTriggers(
   if (result?.objects) {
     const objectsFromBeforeFind = result.objects;
 
+    let objectsForAfterFind = objectsFromBeforeFind;
+
+    if (!auth?.isMaster && !auth?.isMaintenance) {
+      const ids = (Array.isArray(objectsFromBeforeFind) ? objectsFromBeforeFind : [objectsFromBeforeFind])
+        .map(o => (o && (o.id || o.objectId)) || null)
+        .filter(Boolean);
+
+      if (ids.length > 0) {
+        const refilterWhere = isGet ? { objectId: ids[0] } : { objectId: { $in: ids } };
+
+        const refilterQuery = await RestQuery({
+          method: isGet ? RestQuery.Method.get : RestQuery.Method.find,
+          config,
+          auth,
+          className,
+          restWhere: refilterWhere,
+          restOptions,
+          clientSDK,
+          context,
+          runBeforeFind: false,
+          runAfterFind: false,
+        });
+
+        const refiltered = await refilterQuery.execute();
+        objectsForAfterFind = (refiltered && refiltered.results) || [];
+      }
+    }
+
     const afterFindProcessedObjects = await triggers.maybeRunAfterFindTrigger(
       triggers.Types.afterFind,
       auth,
       className,
-      objectsFromBeforeFind,
+      objectsForAfterFind,
       config,
       new Parse.Query(className).withJSON({ where: restWhere, ...restOptions }),
       context,
diff --git a/src/triggers.js b/src/triggers.js
@@ -470,7 +470,7 @@ export function maybeRunAfterFindTrigger(
       if (query.where) {
         parseQueryInstance.withJSON(query);
       } else {
-        parseQueryInstance.withJSON({ where: query });
+        parseQueryInstance.withJSON({ where: {}, ...query });
       }
       request.query = parseQueryInstance;
     } else {

Original file line number	Diff line number	Diff line change
`@@ -470,7 +470,7 @@ export function maybeRunAfterFindTrigger(`
`470`	`470`	`if (query.where) {`
`471`	`471`	`parseQueryInstance.withJSON(query);`
`472`	`472`	`} else {`
`473`		`- parseQueryInstance.withJSON({ where: query });`
	`473`	`+ parseQueryInstance.withJSON({ where: {}, ...query });`
`474`	`474`	`}`
`475`	`475`	`request.query = parseQueryInstance;`
`476`	`476`	`} else {`