Skip to content

Instantly share code, notes, and snippets.

@blabno
Forked from kristofsajdak/a1_simple.js
Last active August 29, 2015 14:23
Show Gist options
  • Save blabno/509b31c45d930270f9f0 to your computer and use it in GitHub Desktop.
Save blabno/509b31c45d930270f9f0 to your computer and use it in GitHub Desktop.
'use strict';
var Joi = require('joi');
module.exports = function (harvester) {
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
// register all routes :
// GET /categories, GET /categories/:id, GET /categories/changes/stream, POST /categories,
// PUT /categories/:id, DELETE /categories/:id,
// all of these are bootstrapped with the default authorization function, swagger spec and validation
// the Joi schema attributes are used to evaluate body or query params depending on the verb
.register();
};
'use strict';
var Joi = require('joi');
module.exports = function (harvester) {
var categories = harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
});
var models = harvester
.resource('models', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
//so now categories is pointing still to harvester, but the `.resource('models'` has overriden the getById, and the call below will modify the models resource
categories.getById().docs({summary: 'all the lovely categories by id'})
.register();
};
'use strict';
var Joi = require('joi');
module.exports = function (harvester) {
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
.get().validate({query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}})
.register();
};
'use strict';
var Joi = require('joi');
var Promise = require('bluebird');
module.exports = function (harvester) {
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
.get().authorize(false)
.getById().authorize(false)
.delete().before(function(req) {
var resource = this;
return dynamicAuthorizeDelete(req).then(function() {
return resource;
});
})
.register();
function dynamicAuthorizeDelete(req) {
var _category;
return Promise.resolve()
.then(function(){
harvester.adapter.find('category',req.params.id)
})
.then(function(category){
_category = category;
// lookup identity with whoamIfunction
return $http.get('/whoami') //header should have authentication
})
.then(function(resp) {
if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
return true;
}else{
throw new JSONAPI_Error({403, 'something went wrong'}))
}
})
}
}
};
'use strict';
var Joi = require('joi');
var roles = require('./roles');
module.exports = function (harvester) {
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
.roles([roles.dealerRegular])
// the values expressed in the .roles declaration clause will override/replace values defined at a higher level (e.g. .resource({}).roles(...))
// declaring disableAuthorization() in a route causes the authorization strategy function to be skipped
// a roles definition is required for every route unless disableAuthorization() is used
// this definition can be either inherited through the .resource({}).roles definition, or be expressed on the route itself
.get().disableAuthorization().validate({query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}})
.getById().disableAuthorization().docs({summary: 'all the lovely categories by id'})
.delete().roles([roles.dealerAdmin, roles.dealerRegular]).before(function(req) {
var resource = this;
return dynamicAuthorizeDelete(req).then(function() {
return resource;
});
})
.register();
function dynamicAuthorizeDelete(req) {
var _category;
return Promise.resolve()
.then(function(){
harvester.adapter.find('category',req.params.id)
})
.then(function(category){
_category = category;
// lookup identity with whoamIfunction
return $http.get('/whoami') //header should have authentication
})
.then(function(resp) {
if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
return true;
}else{
throw new JSONAPI_Error({403, 'something went wrong'}))
}
})
}
}
};
'use strict';
var Joi = require('joi');
module.exports = function (harvester) {
var category = harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
});
// retrieve express from app namespace
var app = harvester.app;
app.get('/categories', category.get().handler());
app.get('/categories/:id', category.getById().handler());
app.get('/categories/changes/stream', category.getChangeEventsStreaming().handler());
app.delete('/categories', category.delete().handler());
};
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
.immutable() // only POST and GETs are allowed
.register();
harvester
.resource('categories', {
name: Types.string().required().description('a name'),
links: {
brand: 'brands'
}
})
.readonly() // only GETs are allowed
.register();
@blabno
Copy link
Author

blabno commented Jun 25, 2015

Modified B to show possible misleading API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment