Write security property to loopback

Question

Write security property to loopback

I have a json type payload model.

content.json

...
"properties": {
    "payload": {
      "type": "object",
      "required": true
    }
  },
...

I would like to protect part of it from being overwritten when calling updateAttributes.

  Content.beforeRemote('prototype.updateAttributes', function (ctx, unused, next) {
    if (ctx.instance && ctx.instance.contentTypeId === 'folder') {
      // TODO: Do not allow direct modification of the folder items (should use exposed API).
      // Strip writes to payload.items and payload.itemIds
    }
    next();
  });

What is the best way to achieve this?

Neither

delete ctx.req.body.payload.items

neither

delete ctx.args.data.payload.items

neither

delete ctx.instance.payload.items

does what i want.

Do I need to completely override the updateAttributes method?

+4

javascript node.js loopbackjs

Kenneth lynne Aug 26 '15 at 17:58

source share

2 answers

idoshamun · Answer 1 · 2015-10-12T10:38:30+0000

In my experience, there is no other way to overcome your problem without redefinition updateAttributes.

I have a file with a name override-defaults.jsin a folder bootwith the following code.

var overrideUpdateAttributes = function (Model, fields) {
  var updateAttributes = Model.prototype.updateAttributes;
  Model.prototype.updateAttributes = function (data, cb) {
    data = _.omit(data, fields);
    if (Object.keys(data).length) {
      updateAttributes.call(this, data, cb);
    }
    else {
      cb(utils.createError('Request body cannot be empty', 400));
    }
  };
};

module.exports = function (app) {
  overrideUpdateAttributes(app.models.UserUser, ['id', 'created', 'lastLogin', 'deleted', 'deletedAt']);
};

SimoAmi · Answer 2 · 2017-05-28T20:25:11+0000

, , , undefined, :

ctx.instance.items = undefined;

, , , , ( undefined), .

Write security property to loopback

More articles: