hola-server 0.4.9 → 0.5.1

package/core/meta.js

@@ -10,12 +10,16 @@ const meta_manager = {};
  * delete: delete is only used for ref field, it decide when the ref entity will be deleted, how to handle this entity,no value, will not let the refered entity be deleted, keep: keep this entity(no data consistency), cascade: also delete this entity also,
  * sys: this field is used to control the user can set the value or not. sys field can only be set in the server side(before callback is good place to do this)
  * create is false, this attribute can be shown in property list but sys property can't be shown in property list 
+ * secure: secure properties will not be read by client, this is useful for password
+ * group: this is used to control user sharing entities, this means the entity is shared by user group, this is only valid for user field
  * 
  * routes: configure customer defined routes
  * link property: field link property link to entity field and the field should ref to an entity.
  * and the field name should be the same with the ref entity field name and shouldn't make as required and no other property
+ * 
+ * 
 */
-const field_attrs = ["name", "type", "required", "ref", "link", "delete", "create", "list", "search", "update", "clone", "sys", "secure"];
+const field_attrs = ["name", "type", "required", "ref", "link", "delete", "create", "list", "search", "update", "clone", "sys", "secure", "group"];
 const meta_attrs = ["collection", "primary_keys", "fields", "creatable", "readable", "updatable", "deleteable", "cloneable", "after_read",
     "before_create", "after_create", "before_clone", "after_clone", "before_update", "after_update", "before_delete", "after_delete", "create", "clone", "update", "batch_update", "after_batch_update", "delete",
     "ref_label", "ref_filter", "route", "user_field"];

package/http/express.js

@@ -11,6 +11,18 @@ const { asyncLocalStorage, set_context_value } = require('./context');
 const app = express();
 let server_initialized = false;
 
+const is_excluded_url = (server, req) => {
+    const exclude_urls = server.exclude_urls;
+    for (let i = 0; i < exclude_urls.length; i++) {
+        const re = new RegExp(exclude_urls[i], "gim");
+        if (re.test(req.originalUrl)) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 const init_express_server = (base_dir, callback) => {
     if (server_initialized === true) {
         return app;
@@ -25,27 +37,15 @@ const init_express_server = (base_dir, callback) => {
     init_session(app);
 
     app.use((req, res, next) => {
-        if (server.check_user) {
-            const exclude_urls = server.exclude_urls;
-            let excluded = false;
-            for (let i = 0; i < exclude_urls.length; i++) {
-                const re = new RegExp(exclude_urls[i], "gim");
-                if (re.test(req.originalUrl)) {
-                    excluded = true;
-                    break;
-                }
-            }
-
-            if (!excluded) {
-                const user_id = get_session_userid(req);
-                if (user_id == null) {
-                    res.json({ code: NO_SESSION, err: "no session found" });
-                } else {
-                    asyncLocalStorage.run({}, () => {
-                        set_context_value("req", req);
-                        next();
-                    });
-                }
+        if (server.check_user && !is_excluded_url(server, req)) {
+            const user_id = get_session_userid(req);
+            if (user_id == null) {
+                res.json({ code: NO_SESSION, err: "no session found" });
+            } else {
+                asyncLocalStorage.run({}, () => {
+                    set_context_value("req", req);
+                    next();
+                });
             }
         } else {
             asyncLocalStorage.run({}, () => {

package/http/session.js

@@ -24,4 +24,9 @@ const get_session_userid = (req) => {
     return user ? user.id : null;
 }
 
-module.exports = { init_session, get_session_userid };
+const get_session_user_groups = (req) => {
+    const group = req && req.session ? req.session.group : null;
+    return group && Array.isArray(group) ? group : null;
+}
+
+module.exports = { init_session, get_session_userid, get_session_user_groups };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hola-server",
-  "version": "0.4.9",
+  "version": "0.5.1",
   "description": "a meta programming framework used to build nodejs restful api",
   "main": "index.js",
   "scripts": {

package/router/read.js

@@ -1,7 +1,7 @@
 const { required_post_params, get_params } = require('../http/params');
 const { has_value } = require('../core/validate');
 const { NO_PARAMS, SUCCESS } = require('../http/code');
-const { get_session_userid } = require('../http/session');
+const { get_session_userid, get_session_user_groups } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
@@ -45,11 +45,12 @@ const init_read_router = function (router, meta) {
 
         const param_obj = req.body;
         if (meta.user_field) {
-            const user_id = get_session_userid(req);
-            if (user_id == null) {
-                throw new Error("no user is found in session");
+            const [user_field] = meta.fields.filter(f => f.name == meta.user_field);
+            const user_ids = user_field && user_field.group == true ? get_session_user_groups(req) : [get_session_userid(req)];
+            if (user_ids == null) {
+                throw new Error("no user or user group is found in session");
             }
-            param_obj[meta.user_field] = user_id;
+            param_obj[meta.user_field] = { "$in": user_ids };
         }
 
         const { code, err, total, data } = await entity.list_entity(query_params["_query"], null, param_obj);