no hard error when permission is missing from includes

src/dba/PaginationFilter.class.php

@@ -8,18 +8,23 @@ class PaginationFilter extends Filter {
   private $operator;
   private $tieBreakerKey;
   private $tieBreakerValue;
+  private $filters;
   /**
    * @var AbstractModelFactory
    */
   private $factory;
 
-  function __construct($key, $value, $operator, $tieBreakerKey, $tieBreakerValue, $factory = null) {
+  function __construct($key, $value, $operator, $tieBreakerKey, $tieBreakerValue, $filters = [], $factory = null) {
+    /**
+     * @param QueryFilter[] $filters
+     */
     $this->key = $key;
     $this->value = $value;
     $this->operator = $operator;
     $this->factory = $factory;
     $this->tieBreakerKey = $tieBreakerKey;
     $this->tieBreakerValue = $tieBreakerValue;
+    $this->filters = $filters;
   }
 
   function getQueryString($table = "") {
@@ -29,15 +34,22 @@ function getQueryString($table = "") {
     if ($this->factory != null) {
       $table = $this->factory->getModelTable() . ".";
     }
+    $parts = array_map(fn($filter) => $filter->getQueryString(), $this->filters);
     //ex. SELECT hashTypeId, description, isSalted, isSlowHash FROM HashType 
     //    where (HashType.isSalted < 1) OR (HashType.isSalted = 1 and HashType.hashTypeId < 12600) 
     //    ORDER BY HashType.isSalted DESC, HashType.hashTypeId DESC LIMIT 25;
-    return "(" . $table . $this->key . $this->operator . "?" . ") OR (" . $this->key . "=" . "?" 
-    . " AND " . $this->tieBreakerKey . $this->operator . "?)";
+    $queryString = "(" . $table . $this->key . $this->operator . "?" . ") OR (" . $this->key . "=" . "?" 
+    . " AND " . $this->tieBreakerKey . $this->operator . "?";
+    if (count($this->filters) > 0) {
+      $queryString = $queryString . " AND ". implode(" AND ", $parts);
+    }
+    $queryString .= ")"; 
+    return $queryString;
   }
 
   function getValue() {
-    return [$this->value, $this->value, $this->tieBreakerValue];
+    $values = [$this->value, $this->value, $this->tieBreakerValue];
+    return array_merge($values, array_map(fn($filter) => $filter->getValue(), $this->filters));
   }
 
   function getHasValue() {
@@ -46,4 +58,4 @@ function getHasValue() {
     }
     return true;
   }
-}
+}

src/inc/apiv2/common/AbstractBaseAPI.class.php

@@ -79,7 +79,9 @@ abstract public function getRequiredPermissions(string $method): array;
   /** @var mixed|null $permissionErrors contained detailed results of last
    * validatePermissions function call
    */
-  private mixed $permissionErrors;
+  protected mixed $permissionErrors = null;
+
+  protected mixed $missing_permissions = [];
 
   /**
    * @var array|null list of model classes which will need to be filtered for public attributes because
@@ -967,9 +969,17 @@ protected function makeExpandables(Request $request, array $validExpandables): a
       array_push($required_perms, ...$expandedPerms);
     }
     $permissionResponse = $this->validatePermissions($required_perms, $permsExpandMatching);
-    if ($permissionResponse === FALSE) {
-      throw new HttpError('Permissions missing on expand parameter objects! || ' . join('||', $this->permissionErrors));
+    $expands_to_remove = [];
+
+    // remove expands with missing permissions
+    foreach($this->missing_permissions as $missing_permission) {
+      $expands_to_remove = array_merge($expands_to_remove, $permsExpandMatching[$missing_permission]);
     }
+    $queryExpands = array_diff($queryExpands, $expands_to_remove);
+
+    // if ($permissionResponse === FALSE) {
+    //   throw new HttpError('Permissions missing on expand parameter objects! || ' . join('||', $this->permissionErrors));
+    // }
     return $queryExpands;
   }
 
@@ -1255,6 +1265,7 @@ protected function validatePermissions(array $required_perms, array $permsExpand
         }
       }
       $this->permissionErrors = array("No '" . join(",", $missing_permissions) . "' permission(s). [required_permissions='" . join(", ", $required_perms) . "', user_permissions='" . join(", ", $user_available_perms) . "']");
+      $this->missing_permissions = $missing_permissions;
       return FALSE;
     }
     else {
@@ -1451,8 +1462,12 @@ protected static function getOneResource(object $apiClass, object $object, Reque
     $linksSelf = $request->getUri()->getPath() . ((!empty($linksQuery)) ? '?' . $linksQuery : '');
     $links = ["self" => $linksSelf];
 
+    $metaData = [];
+    if ($apiClass->permissionErrors !== null) {
+      $metadata["Include errors"] = $apiClass->permissionErrors;
+    }
     // Generate JSON:API GET output
-    $ret = self::createJsonResponse($dataResources[0], $links, $includedResources);
+    $ret = self::createJsonResponse($dataResources[0], $links, $includedResources, $metaData);
 
     $body = $response->getBody();
     $body->write($apiClass->ret2json($ret));

src/inc/apiv2/common/AbstractModelAPI.class.php

@@ -710,7 +710,7 @@ public static function getManyResources(object $apiClass, Request $request, Resp
       $secondary_cursor_key = key($secondary_cursor);
       $secondary_cursor_key = $secondary_cursor_key == '_id' ? array_column($aliasedfeatures, 'alias', 'dbname')[$apiClass->getPrimaryKey()] : $secondary_cursor_key;
         $finalFs[Factory::FILTER][] = new PaginationFilter($primary_cursor_key, current($primary_cursor), 
-                                                            $operator, $secondary_cursor_key, current($secondary_cursor));
+                                                            $operator, $secondary_cursor_key, current($secondary_cursor), $qFs_Filter);
       } else {
         $finalFs[Factory::FILTER][] = new QueryFilter($primary_cursor_key, current($primary_cursor), $operator, $factory);
       }
@@ -846,6 +846,9 @@ public static function getManyResources(object $apiClass, Request $request, Resp
       ];
 
     $metadata = ["page" => ["total_elements" => $total]];
+    if ($apiClass->permissionErrors !== null) {
+      $metadata["Include errors"] = $apiClass->permissionErrors;
+    }
     // Generate JSON:API GET output
     $ret = self::createJsonResponse($dataResources, $links, $includedResources, $metadata);