From c521b3c386cbde2fa52fb073d96ec2341c90ef4e Mon Sep 17 00:00:00 2001 From: Ritchie Martori Date: Fri, 21 Mar 2014 12:18:00 -0700 Subject: [PATCH 1/3] Allow app.model() to accept a DataSource instance --- lib/application.js | 8 +++- test/hidden-properties.test.js | 18 ++++++++ test/model.test.js | 77 ---------------------------------- test/remoting.integration.js | 3 +- 4 files changed, 25 insertions(+), 81 deletions(-) create mode 100644 test/hidden-properties.test.js diff --git a/lib/application.js b/lib/application.js index acb4f1f2..1705a4a5 100644 --- a/lib/application.js +++ b/lib/application.js @@ -90,7 +90,7 @@ app.disuse = function (route) { * * @param {String} modelName The name of the model to define * @options {Object} config The model's configuration - * @property {String} dataSource The `DataSource` to attach the model to + * @property {String|DataSource} dataSource The `DataSource` to attach the model to * @property {Object} [options] an object containing `Model` options * @property {Object} [properties] object defining the `Model` properties in [LoopBack Definition Language](http://docs.strongloop.com/loopback-datasource-juggler/#loopback-definition-language) * @end @@ -545,7 +545,11 @@ function dataSourcesFromConfig(config) { function modelFromConfig(name, config, app) { var ModelCtor = require('./loopback').createModel(name, config.properties, config.options); - var dataSource = app.dataSources[config.dataSource]; + var dataSource = config.dataSource; + + if(typeof dataSource === 'string') { + dataSource = app.dataSources[dataSource]; + } assert(isDataSource(dataSource), name + ' is referencing a dataSource that does not exist: "'+ config.dataSource +'"'); diff --git a/test/hidden-properties.test.js b/test/hidden-properties.test.js new file mode 100644 index 00000000..7664631c --- /dev/null +++ b/test/hidden-properties.test.js @@ -0,0 +1,18 @@ +var loopback = require('../'); + +describe('hidden properties', function () { + beforeEach(function (done) { + var app = this.app = loopback(); + var Product = this.Product = app.model('product', { + properties: { + secret: {} + }, + dataSource: loopback.memory() + }); + app.listen(done); + }); + + it('should hide a property remotely', function () { + + }); +}); diff --git a/test/model.test.js b/test/model.test.js index d291db2b..d1ed5097 100644 --- a/test/model.test.js +++ b/test/model.test.js @@ -624,81 +624,4 @@ describe('Model', function() { assert.equal(model, acl); }); }); - - // describe('Model.hasAndBelongsToMany()', function() { - // it("TODO: implement / document", function(done) { - // /* example - - // - // */ - // done(new Error('test not implemented')); - // }); - // }); - - // describe('Model.remoteMethods()', function() { - // it("Return a list of enabled remote methods", function() { - // app.model(User); - // User.remoteMethods(); // ['save', ...] - // }); - // }); - - // describe('Model.availableMethods()', function() { - // it("Returns the currently available api of a model as well as descriptions of any modified behavior or methods from attached data sources", function(done) { - // /* example - - // User.attachTo(oracle); - // console.log(User.availableMethods()); - // - // { - // 'User.all': { - // accepts: [{arg: 'filter', type: 'object', description: '...'}], - // returns: [{arg: 'users', type: ['User']}] - // }, - // 'User.find': { - // accepts: [{arg: 'id', type: 'any'}], - // returns: [{arg: 'items', type: 'User'}] - // }, - // ... - // } - // var oracle = loopback.createDataSource({ - // connector: 'oracle', - // host: '111.22.333.44', - // database: 'MYDB', - // username: 'username', - // password: 'password' - // }); - // - // */ - // done(new Error('test not implemented')); - // }); - // }); - -// describe('Model.before(name, fn)', function(){ -// it('Run a function before a method is called', function() { -// // User.before('save', function(user, next) { -// // console.log('about to save', user); -// // -// // next(); -// // }); -// // -// // User.before('delete', function(user, next) { -// // // prevent all delete calls -// // next(new Error('deleting is disabled')); -// // }); -// // User.beforeRemote('save', function(ctx, user, next) { -// // if(ctx.user.id === user.id) { -// // next(); -// // } else { -// // next(new Error('must be logged in to update')) -// // } -// // }); -// -// throw new Error('not implemented'); -// }); -// }); -// -// describe('Model.after(name, fn)', function(){ -// it('Run a function after a method is called', function() { -// -// throw new Error('not implemented'); -// }); -// }); }); diff --git a/test/remoting.integration.js b/test/remoting.integration.js index 02fcbde0..8fa987f2 100644 --- a/test/remoting.integration.js +++ b/test/remoting.integration.js @@ -66,5 +66,4 @@ describe('remoting - integration', function () { }); }); -}) -; +}); From 5b50a99eb366f2af36c6a5b6479adacc04fc1547 Mon Sep 17 00:00:00 2001 From: Ritchie Martori Date: Fri, 21 Mar 2014 12:53:04 -0700 Subject: [PATCH 2/3] Add hidden property support to models --- lib/models/model.js | 16 ++++++++++++++++ lib/models/user.js | 1 + test/access-control.integration.js | 6 +++++- test/hidden-properties.test.js | 24 ++++++++++++++++++------ 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/lib/models/model.js b/lib/models/model.js index 78df36f0..7d52c3b4 100644 --- a/lib/models/model.js +++ b/lib/models/model.js @@ -200,6 +200,22 @@ Model._getAccessTypeForMethod = function(method) { } } +var superToJSON = Model.prototype.toJSON; +Model.prototype.toJSON = function toJSON() { + var Model = this.constructor; + var obj = superToJSON.apply(this, arguments); + var settings = Model.definition && Model.definition.settings; + var hiddenProperties = settings && settings.hidden; + + if(Array.isArray(hiddenProperties)) { + for(var i = 0; i < hiddenProperties.length; i++) { + delete obj[hiddenProperties[i]]; + } + } + + return obj; +} + // setup the initial model Model.setup(); diff --git a/lib/models/user.js b/lib/models/user.js index 049f1262..85aa6519 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -49,6 +49,7 @@ var properties = { }; var options = { + hidden: ['password'], acls: [ { principalType: ACL.ROLE, diff --git a/test/access-control.integration.js b/test/access-control.integration.js index e96de823..1abb320e 100644 --- a/test/access-control.integration.js +++ b/test/access-control.integration.js @@ -55,6 +55,7 @@ describe('access control - integration', function () { return '/api/accessTokens/' + this.randomToken.id; } }); + */ describe('/users', function () { @@ -94,6 +95,10 @@ describe('access control - integration', function () { }); lt.describe.whenCalledRemotely('GET', '/api/users/:id', function() { lt.it.shouldBeAllowed(); + it('should not include a password', function() { + var user = this.res.body; + assert.equal(user.password, undefined); + }); }); lt.describe.whenCalledRemotely('PUT', '/api/users/:id', function() { lt.it.shouldBeAllowed(); @@ -136,7 +141,6 @@ describe('access control - integration', function () { return '/api/banks/' + this.bank.id; } }); - */ describe('/accounts', function () { lt.beforeEach.givenModel('account'); diff --git a/test/hidden-properties.test.js b/test/hidden-properties.test.js index 7664631c..65565341 100644 --- a/test/hidden-properties.test.js +++ b/test/hidden-properties.test.js @@ -4,15 +4,27 @@ describe('hidden properties', function () { beforeEach(function (done) { var app = this.app = loopback(); var Product = this.Product = app.model('product', { - properties: { - secret: {} - }, + options: {hidden: ['secret']}, dataSource: loopback.memory() }); - app.listen(done); + app.use(loopback.rest()); + + Product.create( + {name: 'pencil', secret: 'secret'}, + done + ); }); - it('should hide a property remotely', function () { - + it('should hide a property remotely', function (done) { + request(this.app) + .get('/products') + .expect('Content-Type', /json/) + .expect(200) + .end(function(err, res){ + if(err) return done(err); + var product = res.body[0]; + assert.equal(product.secret, undefined); + done(); + }); }); }); From a08b047fab49ef60216af0769ef419289bf22689 Mon Sep 17 00:00:00 2001 From: Ritchie Martori Date: Fri, 21 Mar 2014 13:01:53 -0700 Subject: [PATCH 3/3] Add hidden property documentation --- lib/application.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/application.js b/lib/application.js index 1705a4a5..f7090d81 100644 --- a/lib/application.js +++ b/lib/application.js @@ -92,6 +92,8 @@ app.disuse = function (route) { * @options {Object} config The model's configuration * @property {String|DataSource} dataSource The `DataSource` to attach the model to * @property {Object} [options] an object containing `Model` options + * @property {ACL[]} [options.acls] an array of `ACL` definitions + * @property {String[]} [options.hidden] **experimental** an array of properties to hide when accessed remotely * @property {Object} [properties] object defining the `Model` properties in [LoopBack Definition Language](http://docs.strongloop.com/loopback-datasource-juggler/#loopback-definition-language) * @end * @returns {ModelConstructor} the model class