Add end-to-end unit-tests verifying enforcement of access control during
conflict resolution.
Implement two facade methods providing REST API for Change methods used
by conflict resolution:
PersistedModel.findLastChange
GET /api/{model.pluralName}/{id}/changes/last
PersistedModel.updateLastChange
PUT /api/{model.pluralName}/{id}/changes/last
By providing these two methods on PersistedModel, replication users
don't have to expose the Change model via the REST API. What's even
more important, these two methods use the same set of ACL rules
as other (regular) PersistedModel methods.
Rework `Conflict.prototype.changes()` and `Conflict.prototype.resolve()`
to use these new facade methods.
Implement a new method `Conflict.prototype.swapParties()` that provides
better API for the situation when a conflict detected in Remote->Local
replication should be resolved locally (i.e. in the replication target).
Correctly handle the case when the model is attached multiple times
during the lifecycle, this happens because `loopback.createModel`
always makes an attempt to auto-attach.
1) Add integration tests running change replication over REST to verify
that access control at model level is correctly enforced.
2) Implement a new access type "REPLICATE" that allows principals
to create new checkpoints, even though they don't have full WRITE
access to the model. Together with the "READ" permission, these
two types allow principals to replicate (pull) changes from the server.
Note that anybody having "WRITE" access type is automatically
granted "REPLICATE" type too.
3) Add a new model option "enableRemoteReplication" that exposes
replication methods via strong remoting, but does not configure
change rectification. This option should be used the clients
when setting up Remote models attached to the server via the remoting
connector.
- `loopback.registry` is now a true global registry
- `app.registry` is unique per app object
- `Model.registry` is set when a Model is created using any registry method
- `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
Modify the files to export a model factory function accepting
a `registry` argument. This is a preparation step for per-application
models - see #1212.
* Improve error handling in replication (Miroslav Bajtoš)
* Add `loopback.runInContext` (Miroslav Bajtoš)
* Fix style issues (Raymond Feng)
* Document the new third callback arg of replicate() (Miroslav Bajtoš)
* Fix API doc for updateAll/deleteAll (Miroslav Bajtoš)
* Import subset of underscore.string scripts only (Miroslav Bajtoš)
* Use `ctx.instance` provided by "after delete" hook (Miroslav Bajtoš)
* Add conflict resolution API (Miroslav Bajtoš)
* Detect 3rd-party changes made during replication (Miroslav Bajtoš)
* Ability to pass in custom verification token generator This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided. (jakerella)
* Remove unnecessary delay in tests. (Miroslav Bajtoš)
* Update README.md (Simon Ho)
* Remove duplicate cb func from getRoles and other doc cleanup (crandmck)
* Enhance the token middleware to support current user literal (Raymond Feng)
* Handling owner being a relation/function (Benjamin Boudreau)
* Run replication tests in the browser too (Miroslav Bajtoš)
* Add replication tests for conflict resolution (Miroslav Bajtoš)
* Fix an assertion broke by recent chai upgrade. (Miroslav Bajtoš)
* Static ACL support array of properties now (ulion)
* Add more integration tests for replication (Miroslav Bajtoš)
* Prevent more kinds of false replication conflicts (Miroslav Bajtoš)
* Upgrade deps (Raymond Feng)
* Fix "Issues" link in readme (Simon Ho)
* Add more debug logs to replication (Miroslav Bajtoš)
* Fixes#1158. (Jason Sturges)
* Checkpoint: start with seq=1 instead of seq=0 (Miroslav Bajtoš)
* Return new checkpoints in callback of replicate() (Miroslav Bajtoš)
* Create a remote checkpoint during replication too (Miroslav Bajtoš)
* Replication: fix checkpoint-related race condition (Miroslav Bajtoš)
* Support different "since" for source and target (Miroslav Bajtoš)
Deprecate `Change.handleError`, it was used inconsistenly for a subset
of possible errors only. Rework all `Change` methods to always report
all errors to the caller via the callback.
Rework `PersistedModel` to report change-tracking errors via the
existing method `PersistedModel.handleChangeError`. This method
can be customized on a per-model basis to provide different error
handling.
The default implementation emits `error` event on the model class,
users can attach an event listener that can provide a custom error
handler.
NOTE: Unhandled `error` events crash the application by default.
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.
Expose new public API:
- loopback.runInContext
- loopback.createContext
Use the recently added context property `ctx.instance` to improve
the accuracy of the algorithm detecting whether a single or
multiple models were deleted.
Modify `Change.diff()` to include current data revision in each
delta reported back. The current data revision is stored in
`delta.prev`.
Modify `PersistedModel.bulkUpdate()` to check that the current data
revision matches `delta.prev` and report a conflict if a third party
has modified the database under our hands.
Fix `Change` implementation and tests so that they are no longer
attempting to create instances with duplicate ids.
(This used to work because the memory connector was silently
converting such requests to updateOrCreate/findOrCreate.)
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
Miroslav Bajtoš
Miroslav Bajtoš
Raymond Feng
Ritchie Martori
Rand McKinney
Fabien Franzen
jakerella
Simon Ho
Raymond Feng
Benjamin Boudreau