Prevent ID column from being updated? | NestJS | Page 1

terse glacier May 19, 2023, 6:44 PM

#

Hello,

I am building out my CRUD API and am wondering if the ID column in an an update query should be modifiable.

I have the following entity:

@Entity()
export class Aircraft {
  @PrimaryGeneratedColumn()
  id: number;
 
  @Column()
  airlineId: number;

  @ManyToOne(() => Airline, (airline) => airline.aircraft, { nullable: false })
  @JoinColumn({ name: 'airlineId' })
  airline: Airline;
}

Then, in my aircraft.service.ts, it can be updated like such:

  async update(id: number, updateAircraftDto: UpdateAircraftDto): Promise<any> {
    return await this.aircraftRepository
      .createQueryBuilder()
      .update(Aircraft)
      .set(updateAircraftDto)
      .returning('*')
      .where('id = :id', { id })
      .execute();
  }

When I test this, I find that passing along any ID with my request will cause it to be updated in the database (so long as it's an integer). This seems pretty dangerous to me, but maybe it's the intended behavior? I am hoping someone can guide me on the proper pattern to use when updating an entity.

Thank you!

daring dirge May 20, 2023, 6:05 PM

#

terse glacier Hello, I am building out my CRUD API and am wondering if the ID column in an an...

if you do use class-validator for validation, check out: https://github.com/nestjs/docs.nestjs.com/blob/master/content/techniques/validation.md#stripping-properties

you can stop the request from processing when non-whitelisted properties are present, and return an error response to the user. To enable this, set the forbidNonWhitelisted option property to true, in combination with setting whitelist to true.

terse glacier May 20, 2023, 6:06 PM

#

Once again, thank you very much @daring dirge ! exactly what i was trying to find

#Prevent ID column from being updated?