Commit Graph

740 Commits

Author SHA1 Message Date
Raymond Feng f1c613ac07 Set juggler options for remote calls 2018-11-15 08:28:46 -08:00
Mohammed Essehemy e33d10fe44
Clear handler cache when a method is added/removed 2018-10-09 15:03:00 +02:00
virkt25 fa644d6a31 chore: update to latest linting rules 2018-09-13 10:08:25 -04:00
Diana Lau 6b0a880efa remove unnecessary format call 2018-08-20 16:55:56 -04:00
Diana Lau 89ff760b6d Make desc when export-api-def translatable 2018-08-20 13:04:21 -04:00
virkt25 5ee731eafd chore: update deps + fix linting + .npmrc 2018-08-08 13:31:30 -04:00
mcitdev f9e9aaa8ce
Make verifyUserRelations() more robust
The fix introduced in previous commit was relying on the default
merge algorighm applied when a child model inherits relation config
from the parent.

This commit changes the check to use a more reliable approach
based on the relation metadata configured by the child model.
2018-07-03 09:03:44 +02:00
ryanxwelch 9d77ba28d3
Fix crash in verifyUserRelations
In the present implementation `verifyUserRelations(Model)` assumes that
`Model.relations.accessTokens` is always set, and as a result may
crash when trying to access `polymorphic` property of that relation.

It seems the intention is to check whether the the following conditions
are met:
 1. a model has a hasMany accessTokens relation
 2. that relation is polymorphic

This commit fixes the problem by accounting for the case where the
accessTokens relation was not correctly set up.
2018-06-29 16:14:01 +02:00
Dimitris 83fc62c0af
Update nodemailer to v4.x 2018-06-11 16:01:42 +02:00
Miroslav Bajtoš 0cd380c590
feat: remove all references to a Model
Add API allowing applications to hide a Model from the
REST API and remove all references to it, allowing Garbage Collector
to claim all memory used by the model.
2018-04-17 09:42:08 +02:00
Miroslav Bajtoš f4527c9c91
Fix role check in apps with multiple user models 2018-03-20 14:15:44 +01:00
Kevin Delisle 386615a1df model: fix infinite loop on nestRemoting
Prevent endless recursion on nestRemoting calls for
two-way model links.
2018-02-08 11:26:02 -05:00
Kevin Scroggins ab791fc258
fix: preserve datasource name
Modify the code creating juggler DataSource objects to correctly
forward the datasource name provided by the user.
2018-01-19 15:58:33 +01:00
Justin Ross 60750b4508
Update Copyright Years
Update copyright years to include 2018
2018-01-16 13:55:02 +01:00
Edward Choh 00169d2312
Support options.filter in createChangeStream
Implement "options.filter" argument in Persisted.createChangeStream()
by leveraging loopback-filter module.
2017-12-14 13:08:28 +01:00
Miroslav Bajtoš 7c030c6900
Merge pull request #3728 from strongloop/update-eslint-config
Update eslint and eslint-config to latest
2017-12-14 13:07:14 +01:00
bmatson 317e00d92c
Update nestRemoting to pass optionsFromContext
Fix the code invoking relation getter to correctly pass through
the "options" argument.
2017-12-12 17:24:35 +01:00
Miroslav Bajtoš 73cc950b1b
Update eslint and eslint-config to latest 2017-12-12 09:33:15 +01:00
Samuel Reed b362776e73
fix(AccessContext): Tighten userid/appid checks
An application may have a use for a falsy ID.
2017-12-05 10:03:52 -06:00
Samuel Reed 0bac0a933f
fix(id): replace with != null
Ref: #2356, #2374, #3130, #3693
2017-12-05 09:54:28 -06:00
Raymond Feng 6570b94843 Fix createOnlyInstance for related methods
For scoped or related create method, the createOnlyInstance flag should
be calculated on the target model. For example, User.createAccessTokens
should set the flag only if AccessToken has updateonly properties.
2017-10-27 18:51:56 -07:00
Jürg Lehni 826ee2aca8 Handle missing getUpdateOnlyProperties fn
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
2017-10-09 09:19:47 +02:00
Siegfried Ehret db8130ac6d Fix typo
Update a jsdoc thing to match the argument name.
2017-10-04 09:26:17 +02:00
Raymond Feng c0a0f09f3a Allow declarative nestRemoting for relations
Now relation.options.nestRemoting can be set to true so that
nestRemoting will be set up automatically without explicitly
calling MyModel.nestRemoting
2017-09-27 09:22:06 -07:00
pierreclr e17132d061
Fix OWNER role to handle multiple relations
Fix the code resolving OWNER role to correctly handle the situation
where the target model has multiple "belongsTo" relations to the User
model.

Introduce a new model setting "ownerRelations" that enables the new
behavior. When "ownerRelations" is set to true, then all "belongsTo"
relations are considered as granting ownership. Alternatively,
"ownerRelations" can be set to an array of the relations which
are granting ownership.

For example, a document can "belongTo" an author and a reviewer,
but only the author is an owner, the reviewer is not. In this case,
"ownerRelations" should be set to "['author']".
2017-09-27 17:11:36 +02:00
Zak Barbuto d405432b2d Fix relation race condition in model glob
Globs working depended on the order that models were imported.
Remote sharing is now re-calculated whenever a new model is remoted.
2017-09-01 09:18:39 +09:30
Kevin Delisle 16ede97033 Handle missing getUpdateOnlyProperties fn
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
2017-08-23 10:21:11 -04:00
Rashmi Hunt 3651c09782 Support createOnlyInstance in model (#3548)
* setting up createOnlyInstance

* add comment

* fix eslint issue

* new tests

* Address code review comments
2017-08-22 17:10:55 -07:00
Miroslav Bajtoš 2ebe38b4d5 Merge pull request #3540 from lehni/fix/isStatic-method-settings
Do not add isStatic properties to method settings
2017-08-16 15:55:11 +02:00
Jürg Lehni a736f782af Do not add isStatic properties to method settings
Closes #3529
2017-08-15 18:09:16 +02:00
Zak Barbuto 724a7d1928 Allow glob-style patterns for remote options 2017-08-14 12:23:26 +09:30
Alexei Smirnov 8ed92a12e0
Remove observers from Model on end of the stream
- Remove flags and properly finish the stream.
 - Destroy emits an end event for compability with ending of
   ReadableStream now.
 - Check for default implementation of destroy() method,
   because in Node.js 8 all types of streams have a native one.
2017-07-12 10:28:27 +02:00
Farid Nouri Neshat 065eedab7b
Fix Model#settings.acls doc type signature 2017-06-23 16:25:54 +02:00
Daijiro Wachi 75b4a45968 Use `localhost` instead of `::` for local 2017-06-15 22:29:37 +02:00
Candy 04983831ca Fix API doc for Model class property type 2017-06-14 14:38:55 -04:00
Piero Maltese 4735efa41f
Support remoting adapters with no ctx.req object
Fix `Model.createOptionsFromRemotingContext()` to correctly handle
the case where `ctx.req` is not defined, e.g. when using
websocket-based adapters.
2017-05-22 13:21:44 +02:00
Miroslav Bajtoš c5145bdf34
Add support for scoped access tokens
Define a new property `AccessToken.scopes` to contain the list of
scopes granted to this access token.

Define a new remote method metadata `accessScopes` to contain a list
of scope name required by this method.

Define a special built-in scope name "DEFAULT" that's used when
a method/token does not provide any scopes. This allows access
tokens to grant access to both the default scope and any additional
custom scopes at the same time.

Modify the authorization algorithm to ensure that at least one
of the scopes required by a remote method is allowed by the scopes
granted to the requesting access token.

The "DEFAULT" scope preserve backwards compatibility because existing
remote methods with no `accessScopes` can be accessed by (existing)
access tokens with no `scopes` defined.

Impact on existing applications:

 - Database schema must be updated after upgrading the loopback version

 - If the application was already using a custom `AccessToken.scopes`
   property with a type different from an array, then the relevant code
   must be updated to work with the new type "array of strings".
2017-04-07 13:04:40 +02:00
Flavien DAVID 981bd309fc
Add new event "remoteMethodAdded"
Emit a new method "remoteMethodAdded" whenever a new method is added,
typically when `Model.remoteMethod` or `Model.nestRemoting` is called.

The method is emitted both by the Model affected and the application
object.
2017-03-31 15:32:19 +02:00
ebarault 8aa98a80ef Propagate authorized roles in remoting context
Adds an authorizedRoles object to remotingContext.args.options
which contains all the roles (static and dynamic) that are
granted to the user when performing a request through
strong-remoting to an app with authentication enabled.

The authorizedRoles object for example looks like:
{
  $everyone: true,
  $authenticated: true,
  myRole: true
}

NOTE: this pr also covers a number of jsdoc fixes as well
as refactoring in ACL.js and access-context.js
2017-03-20 12:29:33 +01:00
agriwebb build 3f4b5ece71
Allow custom properties of Change Model
Allow custom properties to be added to Change Model,
and make change filter customizable through mixins
to allow to add the custom property to the filter
used to look up relevant changes during change replication.
2017-03-09 08:58:42 +01:00
Miroslav Bajtoš 79f441b9c4
Verify User and AccessToken relations at startup
Modify `app.enableAuth()` to verify that (custom) User and AccessToken
models have correctly configured their hasMany/belongsTo relations
and print a warning otherwise.
2017-03-03 10:18:58 +01:00
Miroslav Bajtoš f0c9700e1d
Deep-clone model settings in lib/builtin-models
Fix the code loading builtin models to always clone the JSON object
used as model settings/definition. This is needed to allow applications
to modify model settings while not affecting settings of new models
created in the local registry of another app.
2017-02-24 15:13:06 +01:00
kobaska 7078c5d0e5
Optimise replication
Add a new model-level setting "replicationChunkSize" which allows
users to configure change replication algorithm to issue several
smaller requests to fetch changes and upload updates.
2017-02-22 15:12:54 +01:00
Raymond Camden 440b9a52a6
Improve "filter" arg description
Add an example showing how to serialize object values as JSON.
2017-02-21 14:00:09 +01:00
ebarault f0e70dd8a9 Fix Role.isOwner() for multiple user models
Fix `Role.isOwner()` to check both principalId and principalType.
This fixes a bug where users from different User model were treated
as owners as long as their user id was the same as owner's id.
2017-02-17 11:19:07 +01:00
Eric 9fe084fffd Enable multiple user models
Allow LoopBack applications to configure multiple User models and share
the same AccessToken model.

To enable this feature:

1) In your custom AccessToken model:

 - add a new property "principalType" of type "string".
 - configure the relation "belongsTo user" as polymorphic,
   using "principalType" as the discriminator

2) In your User models:

 - Configure the "hasMany accessTokens" relation as polymorphic,
   using "principalType" as the discriminator

When creating custom Role and Principal instances, set your
User model's name as the value of "prinicipalType".
2017-02-02 09:42:30 +01:00
Miroslav Bajtoš 3e2ac9217f Warn about injectOptionsFromRemoteContext
The option injectOptionsFromRemoteContext was added to LoopBack 2.x only
and is not available in LoopBack 3.x (and newer).

When a model with this option is encountered, we are printing a warning
message now, to let the user know about this change between 2.x and 3.x.
2017-01-09 14:45:23 +01:00
Miroslav Bajtoš 70eecfab70 Upgrade eslint-config to 7.x 2017-01-06 12:12:35 +01:00
Miroslav Bajtoš 0a6740cc30 Fix construction of sharedCtor remoting metadata
Prevent the situation when we are configuring remoting metadata after
strong-remoting has already picked up data from our parent (base) model.
2017-01-05 10:24:04 +01:00
Miroslav Bajtoš 0d1f74e2cd Merge pull request #3047 from strongloop/forward-port/avoid-change-cleanup
Add option disabling periodic change rectification
2017-01-04 16:39:44 +01:00