Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
baucis - npm Package Compare versions
Comparing version 0.6.3 to 0.6.4
@@ -77,2 +77,18 @@ // __Dependencies__ | ||
| var deselected = []; | ||
| model.schema.eachPath(function (name, path) { | ||
| if (path.options.select === false) deselected.push(name); | ||
| }); | ||
| if (controller.get('select')) { | ||
| controller.get('select').split(/\s+/).forEach(function (path) { | ||
| var match = /^(?:[-](\w+))$/.exec(path); | ||
| if (match) deselected.push(match[1]); | ||
| }); | ||
| } | ||
| // Filter to unique paths | ||
| deselected = deselected.filter(function(path, position) { | ||
| return deselected.indexOf(path) === position; | ||
| }); | ||
| controller.set('deselected paths', deselected) | ||
| // __Initial Middleware__ | ||
@@ -79,0 +95,0 @@ |
@@ -0,1 +1,10 @@ | ||
| function isBadSelection (paths, select) { | ||
| var bad = false; | ||
| paths.forEach(function (path) { | ||
| var badPath = new RegExp('\\b[+]?' + path + '\\b', 'i'); | ||
| if (badPath.exec(select)) bad = true; | ||
| }); | ||
| return bad; | ||
| } | ||
| // __Module Definition__ | ||
@@ -19,2 +28,3 @@ var middleware = module.exports = { | ||
| var populate; | ||
| var error; | ||
| var query = request.baucis.query; | ||
@@ -29,15 +39,23 @@ | ||
| } | ||
| if (isBadSelection(request.app.get('deselected paths'), request.query.select)) { | ||
| return next(new Error('Including excluded fields is not permitted.')); | ||
| } | ||
| query.select(request.query.select); | ||
| } | ||
| if (request.query.populate) { | ||
| populate = JSON.parse(request.query.populate); | ||
| populate = request.query.populate; | ||
| if (populate.indexOf('{') !== -1) populate = JSON.parse(request.query.populate); | ||
| else if (populate.indexOf('[') !== -1) populate = JSON.parse(request.query.populate); | ||
| if (!Array.isArray(populate)) populate = [ populate ]; | ||
| populate.forEach(function (field) { | ||
| if (request.app.get('deselected').contains(field.path || field)) { // TODO case | ||
| if (isBadSelection(request.app.get('deselected paths'), field.path || field)) { | ||
| return next(new Error('Including excluded fields is not permitted.')); | ||
| } | ||
| // Don't allow selecting +field from client | ||
| if (field.select && field.select.indexOf('+') !== -1) { | ||
| return next(new Error('Including excluded fields is not permitted.')); | ||
| if (field.select) { | ||
| return next(new Error('May not set selected fields of populated document.')); | ||
| } | ||
| query.populate(field); | ||
@@ -44,0 +62,0 @@ }); |
@@ -5,3 +5,3 @@ { | ||
| "homepage": "https://github.com/wprl/baucis", | ||
| "version": "0.6.3", | ||
| "version": "0.6.4", | ||
| "main": "index.js", | ||
@@ -8,0 +8,0 @@ "scripts": { |
@@ -1,2 +0,2 @@ | ||
| baucis v0.6.3 | ||
| baucis v0.6.4 | ||
| ============= | ||
@@ -3,0 +3,0 @@ |
@@ -197,2 +197,10 @@ var expect = require('expect.js'); | ||
| it('should correctly set the deselected paths property', function (done) { | ||
| var doozle = new mongoose.Schema({ a: { type: String, select: false }, b: String, c: String, d: String }); | ||
| mongoose.model('doozle', doozle); | ||
| var controller = baucis.rest({ singular: 'doozle', select: '-d c -a b' }); | ||
| expect(controller.get('deselected paths')).eql([ 'a', 'd' ]); | ||
| done(); | ||
| }); | ||
| }); |
@@ -19,3 +19,5 @@ var mongoose = require('mongoose'); | ||
| lastModified: { type: Date, required: true, default: Date.now }, | ||
| diseases: { type: [ String ], select: false } | ||
| diseases: { type: [ String ], select: false }, | ||
| species: { type: String, default: 'n/a', select: false }, | ||
| related: { type: Schema.ObjectId, ref: 'vegetable' } | ||
| }); | ||
@@ -26,2 +28,7 @@ | ||
| Vegetable.pre('save', function (next) { | ||
| this.set('related', this._id); | ||
| next(); | ||
| }); | ||
| Vegetable.pre('save', function (next) { | ||
| this.set('lastModified', new Date()); | ||
@@ -28,0 +35,0 @@ next(); |
@@ -71,3 +71,3 @@ var expect = require('expect.js'); | ||
| expect(response.statusCode).to.be(200); | ||
| expect(body).to.eql([ '{', '"', 'n', 'a', 'm', 'e' ]); | ||
| expect(body).to.eql([ '{', '"', 'r', 'e', 'l', 'a' ]); | ||
| done(); | ||
@@ -74,0 +74,0 @@ }); |
@@ -69,8 +69,44 @@ var expect = require('expect.js'); | ||
| it('should disallow selecting deselected fields'); | ||
| it('should disallow populating deselected fields'); | ||
| it('should disallow selecting deselected fields', function (done) { | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?select=species+lastModified', | ||
| json: true | ||
| }; | ||
| request.get(options, function (err, response, body) { | ||
| if (err) return done(err); | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/Including excluded fields is not permitted[.]/i); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should disallow populating deselected fields 1', function (done) { | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?populate=species', | ||
| json: true | ||
| }; | ||
| request.get(options, function (err, response, body) { | ||
| if (err) return done(err); | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/Including excluded fields is not permitted[.]/i); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should disallow populating deselected fields 2', function (done) { | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?populate={ "path": "species" }', | ||
| json: true | ||
| }; | ||
| request.get(options, function (err, response, body) { | ||
| if (err) return done(err); | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/Including excluded fields is not permitted[.]/i); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should disallow using +fields with populate', function (done) { | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?populate={ "select": "%2Bfoo" }', | ||
| url: 'http://localhost:8012/api/v1/vegetables?populate={ "select": "%2Bboiler" }', | ||
| json: true | ||
@@ -81,2 +117,3 @@ }; | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/May not set selected fields of populated document[.]/i); | ||
| done(); | ||
@@ -88,3 +125,3 @@ }); | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?select=%2Bfoo', | ||
| url: 'http://localhost:8012/api/v1/vegetables?select=%2Bboiler', | ||
| json: true | ||
@@ -95,2 +132,3 @@ }; | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/Including excluded fields is not permitted[.]/i); | ||
| done(); | ||
@@ -100,2 +138,15 @@ }); | ||
| it('should disallow selecting fields when populating', function (done) { | ||
| var options = { | ||
| url: 'http://localhost:8012/api/v1/vegetables?populate={ "path": "", "select": "arbitrary" }', | ||
| json: true | ||
| }; | ||
| request.get(options, function (err, response, body) { | ||
| if (err) return done(err); | ||
| expect(response).to.have.property('statusCode', 500); | ||
| expect(body).to.match(/May not set selected fields of populated document[.]/i); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should allow selecting fields', function (done) { | ||
@@ -102,0 +153,0 @@ var options = { |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by1.49%
245729
- Lines of code
- increased by4.07%
2300
No dependency changes