Commit Graph

722 Commits

Author SHA1 Message Date
Samuel Reed b362776e73
fix(AccessContext): Tighten userid/appid checks
An application may have a use for a falsy ID.
2017-12-05 10:03:52 -06:00
Samuel Reed 0bac0a933f
fix(id): replace with != null
Ref: #2356, #2374, #3130, #3693
2017-12-05 09:54:28 -06:00
Raymond Feng 6570b94843 Fix createOnlyInstance for related methods
For scoped or related create method, the createOnlyInstance flag should
be calculated on the target model. For example, User.createAccessTokens
should set the flag only if AccessToken has updateonly properties.
2017-10-27 18:51:56 -07:00
Jürg Lehni 826ee2aca8 Handle missing getUpdateOnlyProperties fn
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
2017-10-09 09:19:47 +02:00
Siegfried Ehret db8130ac6d Fix typo
Update a jsdoc thing to match the argument name.
2017-10-04 09:26:17 +02:00
Raymond Feng c0a0f09f3a Allow declarative nestRemoting for relations
Now relation.options.nestRemoting can be set to true so that
nestRemoting will be set up automatically without explicitly
calling MyModel.nestRemoting
2017-09-27 09:22:06 -07:00
pierreclr e17132d061
Fix OWNER role to handle multiple relations
Fix the code resolving OWNER role to correctly handle the situation
where the target model has multiple "belongsTo" relations to the User
model.

Introduce a new model setting "ownerRelations" that enables the new
behavior. When "ownerRelations" is set to true, then all "belongsTo"
relations are considered as granting ownership. Alternatively,
"ownerRelations" can be set to an array of the relations which
are granting ownership.

For example, a document can "belongTo" an author and a reviewer,
but only the author is an owner, the reviewer is not. In this case,
"ownerRelations" should be set to "['author']".
2017-09-27 17:11:36 +02:00
Zak Barbuto d405432b2d Fix relation race condition in model glob
Globs working depended on the order that models were imported.
Remote sharing is now re-calculated whenever a new model is remoted.
2017-09-01 09:18:39 +09:30
Kevin Delisle 16ede97033 Handle missing getUpdateOnlyProperties fn
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
2017-08-23 10:21:11 -04:00
Rashmi Hunt 3651c09782 Support createOnlyInstance in model (#3548)
* setting up createOnlyInstance

* add comment

* fix eslint issue

* new tests

* Address code review comments
2017-08-22 17:10:55 -07:00
Miroslav Bajtoš 2ebe38b4d5 Merge pull request #3540 from lehni/fix/isStatic-method-settings
Do not add isStatic properties to method settings
2017-08-16 15:55:11 +02:00
Jürg Lehni a736f782af Do not add isStatic properties to method settings
Closes #3529
2017-08-15 18:09:16 +02:00
Zak Barbuto 724a7d1928 Allow glob-style patterns for remote options 2017-08-14 12:23:26 +09:30
Alexei Smirnov 8ed92a12e0
Remove observers from Model on end of the stream
- Remove flags and properly finish the stream.
 - Destroy emits an end event for compability with ending of
   ReadableStream now.
 - Check for default implementation of destroy() method,
   because in Node.js 8 all types of streams have a native one.
2017-07-12 10:28:27 +02:00
Farid Nouri Neshat 065eedab7b
Fix Model#settings.acls doc type signature 2017-06-23 16:25:54 +02:00
Daijiro Wachi 75b4a45968 Use `localhost` instead of `::` for local 2017-06-15 22:29:37 +02:00
Candy 04983831ca Fix API doc for Model class property type 2017-06-14 14:38:55 -04:00
Piero Maltese 4735efa41f
Support remoting adapters with no ctx.req object
Fix `Model.createOptionsFromRemotingContext()` to correctly handle
the case where `ctx.req` is not defined, e.g. when using
websocket-based adapters.
2017-05-22 13:21:44 +02:00
Miroslav Bajtoš c5145bdf34
Add support for scoped access tokens
Define a new property `AccessToken.scopes` to contain the list of
scopes granted to this access token.

Define a new remote method metadata `accessScopes` to contain a list
of scope name required by this method.

Define a special built-in scope name "DEFAULT" that's used when
a method/token does not provide any scopes. This allows access
tokens to grant access to both the default scope and any additional
custom scopes at the same time.

Modify the authorization algorithm to ensure that at least one
of the scopes required by a remote method is allowed by the scopes
granted to the requesting access token.

The "DEFAULT" scope preserve backwards compatibility because existing
remote methods with no `accessScopes` can be accessed by (existing)
access tokens with no `scopes` defined.

Impact on existing applications:

 - Database schema must be updated after upgrading the loopback version

 - If the application was already using a custom `AccessToken.scopes`
   property with a type different from an array, then the relevant code
   must be updated to work with the new type "array of strings".
2017-04-07 13:04:40 +02:00
Flavien DAVID 981bd309fc
Add new event "remoteMethodAdded"
Emit a new method "remoteMethodAdded" whenever a new method is added,
typically when `Model.remoteMethod` or `Model.nestRemoting` is called.

The method is emitted both by the Model affected and the application
object.
2017-03-31 15:32:19 +02:00
ebarault 8aa98a80ef Propagate authorized roles in remoting context
Adds an authorizedRoles object to remotingContext.args.options
which contains all the roles (static and dynamic) that are
granted to the user when performing a request through
strong-remoting to an app with authentication enabled.

The authorizedRoles object for example looks like:
{
  $everyone: true,
  $authenticated: true,
  myRole: true
}

NOTE: this pr also covers a number of jsdoc fixes as well
as refactoring in ACL.js and access-context.js
2017-03-20 12:29:33 +01:00
agriwebb build 3f4b5ece71
Allow custom properties of Change Model
Allow custom properties to be added to Change Model,
and make change filter customizable through mixins
to allow to add the custom property to the filter
used to look up relevant changes during change replication.
2017-03-09 08:58:42 +01:00
Miroslav Bajtoš 79f441b9c4
Verify User and AccessToken relations at startup
Modify `app.enableAuth()` to verify that (custom) User and AccessToken
models have correctly configured their hasMany/belongsTo relations
and print a warning otherwise.
2017-03-03 10:18:58 +01:00
Miroslav Bajtoš f0c9700e1d
Deep-clone model settings in lib/builtin-models
Fix the code loading builtin models to always clone the JSON object
used as model settings/definition. This is needed to allow applications
to modify model settings while not affecting settings of new models
created in the local registry of another app.
2017-02-24 15:13:06 +01:00
kobaska 7078c5d0e5
Optimise replication
Add a new model-level setting "replicationChunkSize" which allows
users to configure change replication algorithm to issue several
smaller requests to fetch changes and upload updates.
2017-02-22 15:12:54 +01:00
Raymond Camden 440b9a52a6
Improve "filter" arg description
Add an example showing how to serialize object values as JSON.
2017-02-21 14:00:09 +01:00
ebarault f0e70dd8a9 Fix Role.isOwner() for multiple user models
Fix `Role.isOwner()` to check both principalId and principalType.
This fixes a bug where users from different User model were treated
as owners as long as their user id was the same as owner's id.
2017-02-17 11:19:07 +01:00
Eric 9fe084fffd Enable multiple user models
Allow LoopBack applications to configure multiple User models and share
the same AccessToken model.

To enable this feature:

1) In your custom AccessToken model:

 - add a new property "principalType" of type "string".
 - configure the relation "belongsTo user" as polymorphic,
   using "principalType" as the discriminator

2) In your User models:

 - Configure the "hasMany accessTokens" relation as polymorphic,
   using "principalType" as the discriminator

When creating custom Role and Principal instances, set your
User model's name as the value of "prinicipalType".
2017-02-02 09:42:30 +01:00
Miroslav Bajtoš 3e2ac9217f Warn about injectOptionsFromRemoteContext
The option injectOptionsFromRemoteContext was added to LoopBack 2.x only
and is not available in LoopBack 3.x (and newer).

When a model with this option is encountered, we are printing a warning
message now, to let the user know about this change between 2.x and 3.x.
2017-01-09 14:45:23 +01:00
Miroslav Bajtoš 70eecfab70 Upgrade eslint-config to 7.x 2017-01-06 12:12:35 +01:00
Miroslav Bajtoš 0a6740cc30 Fix construction of sharedCtor remoting metadata
Prevent the situation when we are configuring remoting metadata after
strong-remoting has already picked up data from our parent (base) model.
2017-01-05 10:24:04 +01:00
Miroslav Bajtoš 0d1f74e2cd Merge pull request #3047 from strongloop/forward-port/avoid-change-cleanup
Add option disabling periodic change rectification
2017-01-04 16:39:44 +01:00
kobaska e15a656714 Add option disabling periodic change rectification
When `Model.settings.changeCleanupInterval` is set to a negative value,
no periodic cleanup is performed at all.
2017-01-04 15:58:44 +01:00
lschricke baa50518cf Fix annotation for persistedModel.count 2017-01-03 20:09:42 -05:00
Miroslav Bajtoš 60ea3e96bc Contextify DAO and relation methods
Modify remoting metadata of data-access methods in PersistedModel
and relation method in Model and add an "options" argument to "accepts"
list.
2016-12-22 10:26:09 +01:00
Miroslav Bajtoš 4de3aa77e3 Implement new http arg mapping optionsFromRequest
Define a new Model method "createOptionsFromRemotingContext" that allows
models to define what "options" should be passed to methods invoked
via strong-remoting (e.g. REST).

Define a new http mapping `http: 'optionsFromRequest'` that invokes
`Model.createOptionsFromRemotingContext` to build the value from
remoting context.

This should provide enough infrastructure for components and
applications to implement their own ways of building the "options"
object.
2016-12-22 10:26:01 +01:00
Miroslav Bajtoš acdfb432d0 Upgrade eslint config and grunt-eslint to latest
- disable ES6 because PhantomJS does not support it yet
 - fix linter errors reported after the upgrade.
2016-12-06 16:05:13 +01:00
ebarault 94c786f2f7 Fix connector naming in strict mode
In strict mode, creating properties on strings is not allowed.
As a result, creating a new datasource fails with the following
error:

    TypeError: Cannot create data source "db":
    Cannot create property 'name' on string 'mongodb'

In this commit, we fix the code to assign the connector name only
if the connector is an object (not a string).

Add "returnOnlyRoleNames" option to Role.getRoles

Currently the return type of Role.getRoles() method is inconsistent:
role names are returned for smart roles and role ids are returned for
static roles (configured through user-role mapping).

This commit adds a new option to Role.getRoles() allowing the caller
to request role names to be returned for all types of roles.
2016-11-30 14:08:28 -05:00
Amir Jafarian d4e0efcab3 Fix broken document for `upsertWithWhere` 2016-11-24 15:58:21 -05:00
David Cheung a673a3884c Merge pull request #2947 from strongloop/related-models-allow-array
add allowArray to relations' create remoteMethod
2016-11-23 14:51:08 -05:00
Candy 5815ca8211 Fix js doc for deleteAll event 2016-11-23 12:02:49 -05:00
David Cheung fa7cb923cd add allowArray to relations' create remoteMethod
this is needed because we added allowArray flag to persisted model's
remoteMethod, but when relations try to rebuild such methods, it does
not carry over such flags
2016-11-23 12:00:18 -05:00
Loay 06cb481c3f Update eslint to loopback config v5
Notable side-effects:
 - loopback no longer exports "caller" and "arguments" properties
 - kv-memory connector is now properly added to the connector registry
 - the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
Kogulan Baskaran b4f1b2f02c Add options to bulkUpdate 2016-11-15 17:40:44 +01:00
Candy 8f08398c30 Update doc links 2016-11-04 16:47:12 -04:00
David Cheung 5252fba376 allow batch create for persisted models
In strong-remoting 3.x, we have stricken the coercion of inputs
methods that are expecting an Object will nolonger accept an array
as input, to preserve backwards compatibility we have added flag
allowArray in remote arguments, which would accept an array of objects
2016-10-25 15:45:00 -04:00
Miroslav Bajtoš 1439446b36 Fix description of updateAll response
Correctly describe the first non-error callback arg as an `info` object
containing a `count` property.
2016-10-12 12:43:53 +02:00
Tim van der Staaij c58bff6c3d Fix support for remote hooks returning a Promise
Fix beforeRemote/afterRemote to correctly return promises returned
by the user-provided hook callback.
2016-10-05 10:32:44 +02:00
Candy 246da8fc5e Add license text 2016-09-23 10:32:22 -04:00
Candy 640f3a8ca7 Update globalization structure 2016-09-22 11:58:00 +02:00