From 59d46874c257ad7473db085175b45e54d7d02f3c Mon Sep 17 00:00:00 2001
From: Pavel Tiunov <pavel.tiunov@gmail.com>
Date: Sat, 10 Aug 2019 18:41:01 -0700
Subject: [PATCH] docs: `CubejsServerCore.queryTransformer`

---
 .../@cubejs-backend-server-core.md            | 24 +++++++++++++++++++
 packages/cubejs-server-core/core/index.d.ts   | 11 +++++----
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/docs/Cube.js-Backend/@cubejs-backend-server-core.md b/docs/Cube.js-Backend/@cubejs-backend-server-core.md
index d086d572e3e0c..ea75084af9271 100644
--- a/docs/Cube.js-Backend/@cubejs-backend-server-core.md
+++ b/docs/Cube.js-Backend/@cubejs-backend-server-core.md
@@ -51,6 +51,7 @@ Both [CubejsServerCore](@cubejs-backend-server-core) and [CubejsServer](@cubejs-
   contextToAppId: Function,
   repositoryFactory: Function,
   checkAuthMiddleware: Function,
+  queryTransformer: Function,
   telemetry: Boolean,
   orchestratorOptions: {
     redisPrefix: String,
@@ -194,6 +195,29 @@ CubejsServerCore.create({
 });
 ```
 
+### queryTransformer
+
+This is a security hook to check your query just before it gets processed.
+You can use this very generic API to implement any type of custom security checks your app needs and transform input query accordingly.
+
+For example you can use `queryTransformer` to add row level security filter where needed.
+
+```javascript
+CubejsServerCore.create({
+  queryTransformer: (query, { authInfo }) => {
+    const user = authInfo.u;
+    if (user.filterByRegion) {
+      query.filters.push({
+        dimension: 'Regions.id',
+        operator: 'equals',
+        values: [user.regionId]
+      })
+    }
+    return query;
+  }
+});
+```
+
 ### telemetry
 
 Cube.js collects high-level anonymous usage statistics for servers started in development mode. It doesn't track any credentials, schema contents or queries issued. This statistics is used solely for the purpose of constant cube.js improvement.
diff --git a/packages/cubejs-server-core/core/index.d.ts b/packages/cubejs-server-core/core/index.d.ts
index 30a03df4667d3..fa1818eba7895 100644
--- a/packages/cubejs-server-core/core/index.d.ts
+++ b/packages/cubejs-server-core/core/index.d.ts
@@ -2,24 +2,25 @@ declare module '@cubejs-backend/server-core' {
   export function create(options?: CreateOptions): any;
 
   export function createDriver(dbType: DatabaseType): DriverFactory;
-
+
   export interface CreateOptions {
     apiSecret?: string;
     basePath?: string;
     checkAuthMiddleware?: (req: any, res: any, next: any) => any;
+    queryTransformer?: () => (query: any, context: any) => any;
     contextToAppId?: any;
-    devServer?: boolean;
+    devServer?: boolean;
     dbType?: DatabaseType;
     driverFactory?: DriverFactory;
     externalDriverFactory?: DriverFactory;
     logger?: (msg: string, params: any) => void;
     orchestratorOptions?: any;
     repositoryFactory?: any;
-    schemaPath?: string;
+    schemaPath?: string;
   }
 
   export interface DriverFactory {
   }
 
-  export type DatabaseType = 'athena' | 'bigquery' | 'clickhouse' | 'jdbc' | 'mongobi' | 'mssql' | 'mysql' | 'postgres' | 'redshift';
-}
+  export type DatabaseType = 'athena' | 'bigquery' | 'clickhouse' | 'jdbc' | 'mongobi' | 'mssql' | 'mysql' | 'postgres' | 'redshift';
+}