/** * Module Dependencies. */ var loopback = require('../loopback'); var ModelBuilder = require('loopback-datasource-juggler').ModelBuilder; var modeler = new ModelBuilder(); var assert = require('assert'); /** * Define the built in loopback.Model. */ var Model = module.exports = modeler.define('Model'); Model.shared = true; /*! * Called when a model is extended. */ Model.setup = function () { var ModelCtor = this; ModelCtor.sharedCtor = function (data, id, fn) { if(typeof data === 'function') { fn = data; data = null; id = null; } else if (typeof id === 'function') { fn = id; if(typeof data !== 'object') { id = data; data = null; } else { id = null; } } if(id && data) { var model = new ModelCtor(data); model.id = id; fn(null, model); } else if(data) { fn(null, new ModelCtor(data)); } else if(id) { ModelCtor.findById(id, function (err, model) { if(err) { fn(err); } else if(model) { fn(null, model); } else { err = new Error('could not find a model with id ' + id); err.statusCode = 404; fn(err); } }); } else { fn(new Error('must specify an id or data')); } } // before remote hook ModelCtor.beforeRemote = function (name, fn) { var self = this; if(this.app) { var remotes = this.app.remotes(); remotes.before(self.pluralModelName + '.' + name, function (ctx, next) { fn(ctx, ctx.result, next); }); } else { var args = arguments; this.once('attached', function () { self.beforeRemote.apply(self, args); }); } }; // after remote hook ModelCtor.afterRemote = function (name, fn) { var self = this; if(this.app) { var remotes = this.app.remotes(); remotes.after(self.pluralModelName + '.' + name, function (ctx, next) { fn(ctx, ctx.result, next); }); } else { var args = arguments; this.once('attached', function () { self.afterRemote.apply(self, args); }); } }; // Map the prototype method to /:id with data in the body ModelCtor.sharedCtor.accepts = [ {arg: 'id', type: 'any', http: {source: 'path'}} // {arg: 'instance', type: 'object', http: {source: 'body'}} ]; ModelCtor.sharedCtor.http = [ {path: '/:id'} ]; ModelCtor.sharedCtor.returns = {root: true}; return ModelCtor; }; /*! * Get the reference to ACL in a lazy fashion to avoid race condition in require */ var ACL = null; function getACL() { return ACL || (ACL = require('./acl').ACL); } /** * Check if the given access token can invoke the method * * @param {AccessToken} token The access token * @param {*} modelId The model id * @param {String} method The method name * @param callback The callback function * * @callback callback * @param {String|Error} err The error object * @param {Boolean} allowed is the request allowed */ Model.checkAccess = function(token, modelId, method, callback) { var ANONYMOUS = require('./access-token').ANONYMOUS; token = token || ANONYMOUS; var ACL = getACL(); var methodName = 'string' === typeof method? method: method && method.name; ACL.checkAccessForToken(token, this.modelName, modelId, methodName, callback); }; /** * Determine the access type for the given `RemoteMethod`. * * @api private * @param {RemoteMethod} method */ Model._getAccessTypeForMethod = function(method) { if(typeof method === 'string') { method = {name: method}; } assert( typeof method === 'object', 'method is a required argument and must be a RemoteMethod object' ); var ACL = getACL(); switch(method.name) { case'create': return ACL.WRITE; case 'updateOrCreate': return ACL.WRITE; case 'upsert': return ACL.WRITE; case 'exists': return ACL.READ; case 'findById': return ACL.READ; case 'find': return ACL.READ; case 'findOne': return ACL.READ; case 'destroyById': return ACL.WRITE; case 'deleteById': return ACL.WRITE; case 'removeById': return ACL.WRITE; case 'count': return ACL.READ; break; default: return ACL.EXECUTE; break; } } // setup the initial model Model.setup();