access
Creates a step representing a (potentially nested) property from the result of a
source step without informing the step you're accessing it. In general, you
should prefer get()
.
Many steps require that you use .get()
or .at()
in order to function
properly, for example if you don't call .get('attribute_name')
on a loadOne()
step then it won't know to request the attribute_name
attribute,
and you may end up with unexpected nulls/undefineds.
access()
bypasses the step's .get()
/ .at()
methods, which may mean that
vital data is not fetched from the origin. You should only use access()
where
doing so is truly what you mean. Always use a step's .get()
or .at()
if
present unless you know better.
The get()
step will automatically
call $step.get(attr)
for you if it can, and fall back to access($step, attr)
if not, so it's generally much safer to use get()
rather than access()
.
Usage:
const $userId = access($user, "id");
const $firstPatchUserId = access($args.get("input"), [
"patches",
0,
"user",
"id",
]);
This could lead to unexpected results (which could introduce security issues) if it is not used carefully; only use it on JSON-like data, preferably where the objects have null prototypes, and only access keys that you trust (do not use user-provided data for the path!)
Examples of potentially dangerous keys on general JS objects (non-exhaustive!):
constructor
/prototype
/__proto__
toString
/valueOf
hasOwnProperty
/isPrototypeOf
__defineGetter__
/ etc
An AccessStep
has the following methods:
.get(key)
- gets the value for the keykey
assuming the parsed JSON value was an object.at(index)
- gets the value at indexindex
assuming the parsed JSON value was an array
function access<TData>(
$source: ExecutableStep<unknown>,
path: (string | number)[] | string | number,
fallback?: any,
): AccessStep<TData>;