@modular-rest/server 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +1 -1
  2. package/src/class/collection_definition.js +1 -1
  3. package/src/class/database_trigger.js +2 -4
  4. package/src/class/security.js +10 -2
  5. package/src/index.js +8 -0
  6. package/src/services/data_provider/service.js +6 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@modular-rest/server",
3
- "version": "1.7.0",
3
+ "version": "1.8.0",
4
4
  "description": "a nodejs module based on KOAJS for developing Rest-APIs in a modular solution.",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/class/collection_definition.js CHANGED
@@ -14,7 +14,7 @@ class CollectionDefinition {
14
14
  * @param {string} option.collection - Collection name
15
15
  * @param {Object} option.schema - Mongoose schema
16
16
  * @param {Array<Permission>} option.permissions - A list of permissions for this collection
17
- * @param {Array<DatabaseTrigger>} option.trigger - A database trigger
17
+ * @param {Array<DatabaseTrigger>=} option.trigger - A database trigger
18
18
  */
19
19
  constructor({ db, collection, schema, permissions, trigger }) {
20
20
  // string
package/src/class/database_trigger.js CHANGED
@@ -7,10 +7,8 @@ class DatabaseTrigger {
7
7
  /**
8
8
  * Creates a new instance of `DatabaseTrigger`.
9
9
  *
10
- * @param {string} operation - The name of the operation on which the callback should be triggered.
11
- * @param {function} [callback=(query, queryResult) => {}] - The callback function to be triggered. It accepts two parameters:
12
- * 1. `query` - The query that is being executed.
13
- * 2. `queryResult` - The result of the query execution.
10
+ * @param {'find' | 'find-one' | 'count' | 'update-one' | 'insert-one' | 'remove-one' | 'aggregate'} operation - The operation to be triggered. Supported operations are:
11
+ * @param {function(query, queryResult)} callback - The callback to be called when the operation is executed.
14
12
  */
15
13
  constructor(operation, callback = (query, queryResult) => {}) {
16
14
  this.operation = operation;
package/src/class/security.js CHANGED
@@ -17,7 +17,7 @@ class AccessDefinition {
17
17
  }
18
18
 
19
19
  /**
20
- * @typedef {('god_access'|'user_access'|'delete'|'upload_file_access'|'remove_file_access'|'anonymous_access')} PermissionType
20
+ * @typedef {('god_access'|'user_access'|'upload_file_access'|'remove_file_access'|'anonymous_access')} PermissionType
21
21
  */
22
22
 
23
23
  /**
@@ -31,12 +31,20 @@ class Permission {
31
31
  * @param {boolean} [options.read=false] - The read access of the permission.
32
32
  * @param {boolean} [options.write=false] - The write access of the permission.
33
33
  * @param {boolean} [options.onlyOwnData=false] - If true, users can perform CRUD on documents that they created already.
34
+ * @param {string} [options.ownerIdField='refId'] - The name of the field that contains the owner's id of the document.
34
35
  */
35
- constructor({ type, read = false, write = false, onlyOwnData = false }) {
36
+ constructor({
37
+ type,
38
+ read = false,
39
+ write = false,
40
+ onlyOwnData = false,
41
+ ownerIdField = "refId",
42
+ }) {
36
43
  this.type = type;
37
44
  this.read = read;
38
45
  this.write = write;
39
46
  this.onlyOwnData = onlyOwnData;
47
+ this.ownerIdField = ownerIdField;
40
48
  }
41
49
  }
42
50
 
package/src/index.js CHANGED
@@ -19,16 +19,24 @@ const userManager = require("./services/user_manager/service");
19
19
 
20
20
  module.exports = {
21
21
  createRest,
22
+
23
+ // Route utilities
22
24
  reply,
23
25
  TypeCasters,
24
26
  paginator,
25
27
  validator,
28
+
29
+ // Service utilities
26
30
  getCollection,
31
+
32
+ // Database
27
33
  CollectionDefinition,
28
34
  Schemas,
29
35
  Schema,
30
36
  DatabaseTrigger,
31
37
  ...SecurityClass,
38
+
39
+ // Middlewares
32
40
  middleware,
33
41
  userManager: userManager.main,
34
42
  };
package/src/services/data_provider/service.js CHANGED
@@ -149,17 +149,19 @@ function _getPermissionList(db, collection, operationType) {
149
149
 
150
150
  function checkAccess(db, collection, operationType, queryOrDoc, user) {
151
151
  let key = false;
152
- let permissionList = _getPermissionList(db, collection, operationType);
152
+ const permissionList = _getPermissionList(db, collection, operationType);
153
153
 
154
154
  permissionList.forEach((permission) => {
155
155
  let permissionType = permission.type;
156
156
 
157
157
  if (permission.onlyOwnData == true) {
158
- let owner = queryOrDoc.owner;
159
- let userId = user.id;
158
+ const userId = user.id;
160
159
 
161
160
  try {
162
- if (owner.toString() == userId.toString()) key = true;
161
+ if (
162
+ queryOrDoc[permission.ownerIdField].toString() === userId.toString()
163
+ )
164
+ key = true;
163
165
  } catch (error) {
164
166
  key = false;
165
167
  }