File tree Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -34,7 +34,6 @@ async function runFindTriggers(
3434 options = { }
3535) {
3636 const { isGet } = options ;
37-
3837 // Run beforeFind trigger - may modify query or return objects directly
3938 const result = await triggers . maybeRunQueryTrigger (
4039 triggers . Types . beforeFind ,
@@ -59,11 +58,18 @@ async function runFindTriggers(
5958
6059 // Security check: Re-filter objects if not master to ensure ACL/CLP compliance
6160 if ( ! auth ?. isMaster && ! auth ?. isMaintenance ) {
62- const ids = ( Array . isArray ( objectsFromBeforeFind ) ? objectsFromBeforeFind : [ objectsFromBeforeFind ] )
61+ const inputArray = Array . isArray ( objectsFromBeforeFind )
62+ ? objectsFromBeforeFind
63+ : [ objectsFromBeforeFind ] ;
64+
65+ const ids = inputArray
6366 . map ( o => ( o && ( o . id || o . objectId ) ) || null )
6467 . filter ( Boolean ) ;
6568
66- if ( ids . length > 0 ) {
69+ // If no valid ids are present, do not return unsanitized data
70+ if ( ids . length === 0 ) {
71+ objectsForAfterFind = [ ] ;
72+ } else {
6773 const refilterWhere = isGet ? { objectId : ids [ 0 ] } : { objectId : { $in : ids } } ;
6874
6975 // Re-query with proper security: no triggers to avoid infinite loops
You can’t perform that action at this time.
0 commit comments