Commit Graph

1619 Commits

Author SHA1 Message Date
Miroslav Bajtoš cf2acb3cd2 Conflict resolution and Access control
Add end-to-end unit-tests verifying enforcement of access control during
conflict resolution.

Implement two facade methods providing REST API for Change methods used
by conflict resolution:

    PersistedModel.findLastChange
    GET /api/{model.pluralName}/{id}/changes/last

    PersistedModel.updateLastChange
    PUT /api/{model.pluralName}/{id}/changes/last

By providing these two methods on PersistedModel, replication users
don't have to expose the Change model via the REST API. What's even
more important, these two methods use the same set of ACL rules
as other (regular) PersistedModel methods.

Rework `Conflict.prototype.changes()` and `Conflict.prototype.resolve()`
to use these new facade methods.

Implement a new method `Conflict.prototype.swapParties()` that provides
better API for the situation when a conflict detected in Remote->Local
replication should be resolved locally (i.e. in the replication target).
2015-04-14 08:23:24 +02:00
Raymond Feng b4c487b191 Fix the typo 2015-04-10 11:03:55 -07:00
Miroslav Bajtoš 28acffd7dd Fix PersistedModel._defineChangeModel
Correctly handle the case when the model is attached multiple times
during the lifecycle, this happens because `loopback.createModel`
always makes an attempt to auto-attach.
2015-04-08 11:55:03 +02:00
Miroslav Bajtoš b18d2516a4 Merge pull request #1270 from strongloop/feature/replication-access-control
Basic access control for change replication
2015-04-07 20:00:27 +02:00
Miroslav Bajtoš 9c5fe088e3 AccessControl for change replication
1) Add integration tests running change replication over REST to verify
that access control at model level is correctly enforced.

2) Implement a new access type "REPLICATE" that allows principals
to create new checkpoints, even though they don't have full WRITE
access to the model. Together with the "READ" permission, these
two types allow principals to replicate (pull) changes from the server.

Note that anybody having "WRITE" access type is automatically
granted "REPLICATE" type too.

3) Add a new model option "enableRemoteReplication" that exposes
replication methods via strong remoting, but does not configure
change rectification. This option should be used the clients
when setting up Remote models attached to the server via the remoting
connector.
2015-04-07 19:53:58 +02:00
Miroslav Bajtoš 699bc7aa97 test: remove global autoAttach 2015-04-07 15:25:18 +02:00
Miroslav Bajtoš b61fae58f6 Merge pull request #1272 from strongloop/feature/after-remote-error-hook
Model.afterRemoteError hook
2015-04-07 09:47:51 +02:00
Ritchie Martori 93960b838d Merge pull request #1212 from strongloop/feature/app-registries
Per-app Models
2015-04-03 13:13:34 -07:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Miroslav Bajtoš dd83be99f0 Implement ModelCtor.afterRemoteError 2015-04-03 10:31:03 +02:00
Miroslav Bajtoš a71c8253e2 Code cleanup, add Model._runWhenAttachedToApp 2015-04-03 10:06:49 +02:00
Miroslav Bajtoš 5a51c7f0fa Merge pull request #1271 from strongloop/refactor/core-models
Refactor Model and PersistedModel registration
2015-04-03 09:40:21 +02:00
Miroslav Bajtoš c72c134d80 Refactor Model and PersistedModel registration
Modify the files to export a model factory function accepting
a `registry` argument. This is a preparation step for per-application
models - see #1212.
2015-04-03 09:26:19 +02:00
Raymond Feng 72d547971a Merge branch 'fabien-fix/embeds-one-remoting' 2015-04-02 08:45:30 -07:00
Raymond Feng 64ccb785c2 Fix the style issue 2015-04-02 08:45:04 -07:00
Raymond Feng 9af828efd4 Merge branch 'fix/embeds-one-remoting' of https://github.com/fabien/loopback into fabien-fix/embeds-one-remoting 2015-04-02 08:41:49 -07:00
Miroslav Bajtoš cdbdc4b55d Merge pull request #1269 from strongloop/fix/replication-checkpoints
Add missing error handlers to checkpoints()
2015-04-02 14:21:46 +02:00
Miroslav Bajtoš 8493ede19e Add missing error handlers to checkpoints() 2015-04-02 14:14:32 +02:00
Rand McKinney 8a1fe0b744 Fix where param format 2015-04-01 11:29:35 -07:00
Miroslav Bajtoš 3ef7dedfa4 2.15.0
* Improve error handling in replication (Miroslav Bajtoš)

 * Add `loopback.runInContext` (Miroslav Bajtoš)

 * Fix style issues (Raymond Feng)

 * Document the new third callback arg of replicate() (Miroslav Bajtoš)

 * Fix API doc for updateAll/deleteAll (Miroslav Bajtoš)

 * Import subset of underscore.string scripts only (Miroslav Bajtoš)

 * Use `ctx.instance` provided by "after delete" hook (Miroslav Bajtoš)

 * Add conflict resolution API (Miroslav Bajtoš)

 * Detect 3rd-party changes made during replication (Miroslav Bajtoš)

 * Ability to pass in custom verification token generator This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided. (jakerella)

 * Remove unnecessary delay in tests. (Miroslav Bajtoš)

 * Update README.md (Simon Ho)

 * Remove duplicate cb func from getRoles and other doc cleanup (crandmck)

 * Enhance the token middleware to support current user literal (Raymond Feng)

 * Handling owner being a relation/function (Benjamin Boudreau)

 * Run replication tests in the browser too (Miroslav Bajtoš)

 * Add replication tests for conflict resolution (Miroslav Bajtoš)

 * Fix an assertion broke by recent chai upgrade. (Miroslav Bajtoš)

 * Static ACL support array of properties now (ulion)

 * Add more integration tests for replication (Miroslav Bajtoš)

 * Prevent more kinds of false replication conflicts (Miroslav Bajtoš)

 * Upgrade deps (Raymond Feng)

 * Fix "Issues" link in readme (Simon Ho)

 * Add more debug logs to replication (Miroslav Bajtoš)

 * Fixes #1158. (Jason Sturges)

 * Checkpoint: start with seq=1 instead of seq=0 (Miroslav Bajtoš)

 * Return new checkpoints in callback of replicate() (Miroslav Bajtoš)

 * Create a remote checkpoint during replication too (Miroslav Bajtoš)

 * Replication: fix checkpoint-related race condition (Miroslav Bajtoš)

 * Support different "since" for source and target (Miroslav Bajtoš)
2015-04-01 18:50:18 +02:00
Miroslav Bajtoš 4a81d06018 Merge pull request #1251 from strongloop/feature/improve-replication-error-logging
Improve error handling in replication
2015-03-30 11:16:54 +02:00
Miroslav Bajtoš 63e2f4b134 Improve error handling in replication
Deprecate `Change.handleError`, it was used inconsistenly for a subset
of possible errors only. Rework all `Change` methods to always report
all errors to the caller via the callback.

Rework `PersistedModel` to report change-tracking errors via the
existing method `PersistedModel.handleChangeError`. This method
can be customized on a per-model basis to provide different error
handling.

The default implementation emits `error` event on the model class,
users can attach an event listener that can provide a custom error
handler.

NOTE: Unhandled `error` events crash the application by default.
2015-03-30 11:07:53 +02:00
Miroslav Bajtoš 6640f8a082 Merge pull request #1254 from strongloop/feature/run-in-context
Add `loopback.runInContext`
2015-03-27 19:15:22 +01:00
Miroslav Bajtoš 2aa09ba574 Add `loopback.runInContext`
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.

Expose new public API:
 - loopback.runInContext
 - loopback.createContext
2015-03-27 19:12:17 +01:00
Raymond Feng 548cb6ef94 Fix style issues 2015-03-27 08:59:11 -07:00
Miroslav Bajtoš ade5d5ea21 Merge pull request #1246 from strongloop/fix/browser-bundle-size
Import subset of underscore.string scripts only
2015-03-27 08:51:59 +01:00
Miroslav Bajtoš e69eba6560 Merge pull request #1252 from strongloop/fix/updateall-deleteall-jsdoc
Improve API docs
2015-03-26 19:20:31 +01:00
Miroslav Bajtoš 2ca621e597 Document the new third callback arg of replicate() 2015-03-26 19:10:00 +01:00
Miroslav Bajtoš caf53f72c1 Fix API doc for updateAll/deleteAll
Based on changes made in
  https://github.com/strongloop/loopback/issues/1167
  https://github.com/strongloop/loopback-datasource-juggler/pull/540
2015-03-26 19:06:56 +01:00
Esco Obong 957f84e989 add callback args for listByPrincipalType to jsdoc comment, pass explicit arguments to callback 2015-03-26 10:10:13 -04:00
Esco Obong 1993338c0b Merge branch 'master' of https://github.com/strongloop/loopback 2015-03-25 16:45:58 -04:00
Esco Obong 7923d036f8 mark utiltiy function as private 2015-03-25 10:10:34 -04:00
Miroslav Bajtoš 7528cbb712 Import subset of underscore.string scripts only
Require individual methods like `classify` instead of the whole module.
This reduces the size of the browser bundle from ~27kb down to ~2kb.
2015-03-25 14:02:16 +01:00
Miroslav Bajtoš 4a8c3be8f4 Merge pull request #1233 from strongloop/feature/conflict-resolution-api
Add conflict resolution API
2015-03-24 12:08:25 +01:00
Miroslav Bajtoš df770455eb Merge pull request #1238 from strongloop/fix/change-tracking-on-delete
Use `ctx.instance` provided by "after delete" hook
2015-03-24 11:06:55 +01:00
Miroslav Bajtoš cadb5e4524 Use `ctx.instance` provided by "after delete" hook
Use the recently added context property `ctx.instance` to improve
the accuracy of the algorithm detecting whether a single or
multiple models were deleted.
2015-03-23 11:49:47 +01:00
Fabien Franzen 93aefc36f5 Test embedsOne CRUD methods 2015-03-21 17:21:49 +01:00
Miroslav Bajtoš 65c14c1779 Add conflict resolution API
New methods:
  conflict.resolveUsingSource(cb)
  conflict.resolveUsingTarget(cb)
  conflict.resolveManually(data, cb)
2015-03-20 17:47:07 +01:00
Miroslav Bajtoš 911d8323b4 Merge pull request #1205 from strongloop/feature/custom-verify-token-generator
Add ability to pass in custom verification token generator
2015-03-20 08:56:59 +01:00
Miroslav Bajtoš 7454462526 Merge pull request #1214 from strongloop/fix/bulkUpdate-race-condition
Detect 3rd-party changes made during replication
2015-03-20 08:30:31 +01:00
Miroslav Bajtoš 87940a4b58 Detect 3rd-party changes made during replication
Modify `Change.diff()` to include current data revision in each
delta reported back. The current data revision is stored in
`delta.prev`.

Modify `PersistedModel.bulkUpdate()` to check that the current data
revision matches `delta.prev` and report a conflict if a third party
has modified the database under our hands.

Fix `Change` implementation and tests so that they are no longer
attempting to create instances with duplicate ids.
(This used to work because the memory connector was silently
converting such requests to updateOrCreate/findOrCreate.)
2015-03-20 08:19:59 +01:00
jakerella 713001913e Ability to pass in custom verification token generator
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Miroslav Bajtoš 91f59e1ccd Remove unnecessary delay in tests. 2015-03-19 08:00:37 +01:00
Simon Ho 3de9594bf4 Update README.md 2015-03-16 10:12:13 -07:00
Esco Obong 551261ec16 fix linting errors 2015-03-13 18:30:53 -04:00
Esco Obong c764c09837 fix lint erros 2015-03-13 16:53:26 -04:00
Esco Obong 7a990d745c Merge remote-tracking branch 'upstream/master' 2015-03-13 15:06:00 -04:00
Esco Obong 8cc558a991 consolidate Role methods roles, applications, and users into one, add query param to allow for pagination and restricting fields 2015-03-13 11:50:30 -04:00
Esco Obong 74018019b4 fix implementation of Role methods: users,roles, and applications 2015-03-12 14:58:08 -04:00
crandmck 1cabd74308 Remove duplicate cb func from getRoles and other doc cleanup 2015-03-12 11:15:36 -07:00