access
Creates a step representing a (potentially nested) property from the result of a
source step without informing the step you're accessing it. In general, you
should prefer get().
Many steps require that you use .get() or .at() in order to function
properly, for example if you don't call .get('attribute_name') on a loadOne()
step then it won't know to request the attribute_name attribute,
and you may end up with unexpected nulls/undefineds.
access() bypasses the step's .get() / .at() methods, which may mean that
vital data is not fetched from the origin. You should only use access() where
doing so is truly what you mean. Always use a step's .get() or .at() if
present unless you know better.
The get() step will automatically
call $step.get(attr) for you if it can, and fall back to access($step, attr)
if not, so it's generally much safer to use get() rather than access().
Usage:
const $userId = access($user, "id");
const $firstPatchUserId = access($args.get("input"), [
"patches",
0,
"user",
"id",
]);
This could lead to unexpected results (which could introduce security issues) if it is not used carefully; only use it on JSON-like data, preferably where the objects have null prototypes, and only access keys that you trust (do not use user-provided data for the path!)
Examples of potentially dangerous keys on general JS objects (non-exhaustive!):
constructor/prototype/__proto__toString/valueOfhasOwnProperty/isPrototypeOf__defineGetter__/ etc
An AccessStep has the following methods:
.get(key)- gets the value for the keykeyassuming the parsed JSON value was an object.at(index)- gets the value at indexindexassuming the parsed JSON value was an array
function access<TData>(
$source: ExecutableStep<unknown>,
path: (string | number)[] | string | number,
fallback?: any,
): AccessStep<TData>;