src/crud-include.integration.test.js

@@ -85,3 +85,13 @@ test('multiple includes /team?include[]=players&include[]=city', async (t) => {
   t.truthy(playerIds.includes(player2.id));
   t.is(result.City.id, city1.id);
 });
+
+test('inlcude filter /teams?include[]={"model": "City", "where": {"name": "Healdsburg"}}'
+  , async (t) => {
+    const { server } = t.context;
+    const url = '/teams?include[]={"model": "City", "where": {"name": "Healdsburg"}}';
+    const method = 'GET';
+
+    const { statusCode } = await server.inject({ url, method });
+    t.is(statusCode, STATUS_OK);
+  });

src/crud.js

@@ -13,7 +13,7 @@ const createAll = ({
   prefix,
   config,
   attributeValidation,
-  associationValidation,
+  modelAssociations,
   scopes,
 }) => {
   Object.keys(methods).forEach((method) => {
@@ -24,7 +24,7 @@ const createAll = ({
       config: getConfigForMethod({
         method,
         attributeValidation,
-        associationValidation,
+        modelAssociations,
         config,
         scopes,
       }),
@@ -71,13 +71,6 @@ export default (server, model, { prefix, defaultConfig: config, models: permissi
     return params;
   }, {});
 
-  const validAssociations = modelAssociations.length
-    ? joi.string().valid(...modelAssociations)
-    : joi.valid(null);
-  const associationValidation = {
-    include: [joi.array().items(validAssociations), validAssociations],
-  };
-
   const scopes = Object.keys(model.options.scopes);
 
   // if we don't have any permissions set, just create all the methods
@@ -88,7 +81,7 @@ export default (server, model, { prefix, defaultConfig: config, models: permissi
       prefix,
       config,
       attributeValidation,
-      associationValidation,
+      modelAssociations,
       scopes,
     });
     // if permissions are set, but we can't parse them, throw an error
@@ -103,7 +96,7 @@ export default (server, model, { prefix, defaultConfig: config, models: permissi
       prefix,
       config,
       attributeValidation,
-      associationValidation,
+      modelAssociations,
       scopes,
     });
     // if we've gotten here, we have complex permissions and need to set them
@@ -125,7 +118,7 @@ export default (server, model, { prefix, defaultConfig: config, models: permissi
               config: getConfigForMethod({
                 method,
                 attributeValidation,
-                associationValidation,
+                modelAssociations,
                 scopes,
                 config: permissionConfig,
               }),
@@ -137,7 +130,7 @@ export default (server, model, { prefix, defaultConfig: config, models: permissi
             model,
             prefix,
             attributeValidation,
-            associationValidation,
+            modelAssociations,
             scopes,
             config: permissionConfig,
           });

src/get-config-for-method.js

@@ -72,7 +72,7 @@ export const restrictMethods = [
 ];
 
 export default ({
-  method, attributeValidation, associationValidation, scopes = [], config = {},
+  method, attributeValidation, modelAssociations, scopes = [], config = {},
 }) => {
   const hasWhere = whereMethods.includes(method);
   const hasInclude = includeMethods.includes(method);
@@ -96,9 +96,27 @@ export default ({
   }
 
   if (hasInclude) {
+    const modelsHasAssociations = modelAssociations && modelAssociations.length;
+    const validAssociationsString = modelsHasAssociations
+      ? joi.string().valid(...modelAssociations)
+      : joi.valid(null);
+    const validAssociationsObject = modelsHasAssociations
+      ? joi.object().keys({
+        model: joi.string().valid(...modelAssociations),
+        where: joi.object().keys({
+          ...attributeValidation,
+          ...sequelizeOperators,
+        }),
+      })
+      : joi.valid(null);
     const query = concatToJoiObject(joi.object()
       .keys({
-        ...associationValidation,
+        include: [
+          joi.array().items(validAssociationsString),
+          joi.array().items(validAssociationsObject),
+          validAssociationsString,
+          validAssociationsObject,
+        ],
       }),
       get(methodConfig, 'validate.query')
     );

src/utils.js

@@ -25,13 +25,16 @@ export const parseInclude = request => {
   const models = getModels(request);
   if (models.isBoom) return models;
 
-  return include.map(a => {
+  return include.map(b => {
+    const a = /^{.*}$/.test(b) ? JSON.parse(b) : b;
+    if (typeof a !== 'object') {
       const singluarOrPluralMatch = Object.keys(models).find((modelName) => {
         const { _singular, _plural } = models[modelName];
         return _singular === a || _plural === a;
       });
 
       if (singluarOrPluralMatch) return models[singluarOrPluralMatch];
+    }
 
     if (typeof a === 'string') return models[a];