vanta-api 1.2.8 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/api-features.js +6 -9
package/package.json
CHANGED
package/src/api-features.js
CHANGED
|
@@ -15,10 +15,14 @@ const logger = winston.createLogger({
|
|
|
15
15
|
});
|
|
16
16
|
|
|
17
17
|
export class ApiFeatures {
|
|
18
|
-
constructor(model, query = {}, userRole = "
|
|
18
|
+
constructor(model, query = {}, userRole = "") {
|
|
19
19
|
this.model = model;
|
|
20
20
|
this.query = { ...query };
|
|
21
|
-
|
|
21
|
+
if (!userRole || ! Object.keys(securityConfig.accessLevels).includes(userRole)) {
|
|
22
|
+
this.userRole = 'guest';
|
|
23
|
+
} else {
|
|
24
|
+
this.userRole = userRole;
|
|
25
|
+
}
|
|
22
26
|
|
|
23
27
|
this.pipeline = [];
|
|
24
28
|
this.countPipeline = [];
|
|
@@ -82,9 +86,7 @@ export class ApiFeatures {
|
|
|
82
86
|
if (f.startsWith("-")) excludeFields.add(f.slice(1));
|
|
83
87
|
else includeFields.add(f);
|
|
84
88
|
});
|
|
85
|
-
|
|
86
89
|
const project = {};
|
|
87
|
-
|
|
88
90
|
if (includeFields.size > 0) {
|
|
89
91
|
includeFields.forEach((f) => {
|
|
90
92
|
if (validFields.includes(f)) project[f] = 1;
|
|
@@ -101,7 +103,6 @@ export class ApiFeatures {
|
|
|
101
103
|
|
|
102
104
|
return this;
|
|
103
105
|
}
|
|
104
|
-
|
|
105
106
|
paginate() {
|
|
106
107
|
const { maxLimit } = securityConfig.accessLevels[this.userRole] || {
|
|
107
108
|
maxLimit: 100,
|
|
@@ -248,7 +249,6 @@ export class ApiFeatures {
|
|
|
248
249
|
|
|
249
250
|
_parseQueryFilters() {
|
|
250
251
|
const obj = { ...this.query };
|
|
251
|
-
// پاک کردن پارامترهای سیستماتیک
|
|
252
252
|
["page", "limit", "sort", "fields", "populate"].forEach(
|
|
253
253
|
(k) => delete obj[k]
|
|
254
254
|
);
|
|
@@ -339,9 +339,6 @@ export class ApiFeatures {
|
|
|
339
339
|
_applySecurityFilters(filters) {
|
|
340
340
|
let res = { ...filters };
|
|
341
341
|
securityConfig.forbiddenFields.forEach((f) => delete res[f]);
|
|
342
|
-
if (this.userRole !== "admin" && this.model.schema.path("isActive")) {
|
|
343
|
-
res.isActive = true;
|
|
344
|
-
}
|
|
345
342
|
return res;
|
|
346
343
|
}
|
|
347
344
|
|