ebarault/disable-remote-methods.js

## disable-remote-methods.js
// based on https://github.com/strongloop/loopback/issues/651#issuecomment-259540469

'use strict';

module.exports = function (Model, options) {

	if(Model && Model.sharedClass) {
		var methodsToExpose = options.expose || [];
		var methodsToHide = options.hide || [];

		if (methodsToExpose.length) {
			disableAllExcept(Model, methodsToExpose);
		}
		else if (methodsToHide.length) {
			disableOnlyTheseMethods(Model, methodsToHide);
		}
		else {
			disableAllExcept(Model);
		}
	}

/**
 * Options for disableAllExcept
 * @param Model -- The model to operate on
 * @param methodsToExpose -- An array of method names
 */
	function disableAllExcept (Model, methodsToExpose ) {
		var hiddenMethods = [];
		let explicitMethods, excludedMethods;

		// wait for all models to be attached so sharedClass.methods() returns all methods
		Model.on('attached', function (server) {
			server.on('started', function () {
				explicitMethods = getAclMethods(Model);
				excludedMethods = methodsToExpose ? methodsToExpose.concat(explicitMethods) : explicitMethods;
				Model.sharedClass.methods().forEach(disableMethod);

				if ( hiddenMethods.length ) {
					console.log( 'Hidding remote methods for model', Model.modelName, ':', hiddenMethods.join( ', ' ));
				}
			});
		});

		function disableMethod (method) {
			var methodName = method.name;
			if ( excludedMethods.indexOf(methodName) === -1 ) {
				// append prefix 'prototype.' to method name if not static
				methodName = method.isStatic? methodName: 'prototype.'+methodName;
				hiddenMethods.push(methodName);
				// disable method
				Model.disableRemoteMethodByName(methodName);
			}
		}
	}

/**
 * Options for methodsToDisable:
 * create, upsert, replaceOrCreate, upsertWithWhere, exists, findById, replaceById,
 * find, findOne, updateAll, deleteById, count, updateAttributes, createChangeStream
 * -- can also specify related method using prefixes listed above
 * and the related model name ex for Account: (prototype.__updateById__followers, prototype.__create__tags)
 * @param Model
 * @param methodsToDisable array
 */
	function disableOnlyTheseMethods (Model, methodsToDisable ) {
		methodsToDisable.forEach( function (method) {
			Model.disableRemoteMethodByName(method);
		});
		if ( methodsToDisable.length ) {
			console.log( 'Hidding explicitly remote methods for model', Model.modelName, ':', methodsToDisable.join( ', ' ));
		}
	}

	function getAclMethods (Model) {
		let authorizedMethods = [];
		const acls = Model.definition.settings.acls || [];

		acls.forEach((acl) => {
			if (acl.permission === 'ALLOW' && acl.property) {
				if (Array.isArray(acl.property)) {
					authorizedMethods = authorizedMethods.concat(acl.property);
				}
				else {
					authorizedMethods.push(acl.property);
				}
			}
		});

		if (authorizedMethods.length) {
			console.log('Exposing explicitly methods for model', Model.modelName, ':', authorizedMethods.join(', '));
		}

		return authorizedMethods;
	}

};

## example.json
{
  "name": "Example",
  "base": "PersistentModel",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "name": {
      "type": "string",
      "required": true
    }
  },
  "validations": [],
  "relations": {},
  "acls": [],
  "methods": {},
  "mixins":{
    "DisableAllMethods":{
      "expose":[
        "find",
        "findById"
      ]
    }
  }
}

## example2.json
{
  "name": "Example",
  "base": "PersistentModel",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "name": {
      "type": "string",
      "required": true
    }
  },
  "validations": [],
  "relations": {},
  "acls": [],
  "methods": {},
  "mixins":{
    "DisableAllMethods":{
      "hide":[
        "create"
      ]
    }
  }
}

## example3.json
{
  "name": "Example",
  "base": "PersistentModel",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "name": {
      "type": "string",
      "required": true
    }
  },
  "validations": [],
  "relations": {},
  "acls": [],
  "methods": {},
  "mixins":{
    "DisableAllMethods":{}
  }
}

## index.js
'use strict';

var util = require('util');

var disableRemoteMethods = require('./disable-remote-methods');

module.exports = (0, util.deprecate) (
	function (app) { return app.loopback.modelBuilder.mixins.define('disableRemoteMethods', disableRemoteMethods);},
	'DEPRECATED: Use mixinSources, see https://github.com/.../loopback-import-mixin#mixinsources'
);
	// based on https://github.com/strongloop/loopback/issues/651#issuecomment-259540469

	'use strict';

	module.exports = function (Model, options) {

	if(Model && Model.sharedClass) {
	var methodsToExpose = options.expose \|\| [];
	var methodsToHide = options.hide \|\| [];

	if (methodsToExpose.length) {
	disableAllExcept(Model, methodsToExpose);
	}
	else if (methodsToHide.length) {
	disableOnlyTheseMethods(Model, methodsToHide);
	}
	else {
	disableAllExcept(Model);
	}
	}

	/**
	* Options for disableAllExcept
	* @param Model -- The model to operate on
	* @param methodsToExpose -- An array of method names
	*/
	function disableAllExcept (Model, methodsToExpose ) {
	var hiddenMethods = [];
	let explicitMethods, excludedMethods;

	// wait for all models to be attached so sharedClass.methods() returns all methods
	Model.on('attached', function (server) {
	server.on('started', function () {
	explicitMethods = getAclMethods(Model);
	excludedMethods = methodsToExpose ? methodsToExpose.concat(explicitMethods) : explicitMethods;
	Model.sharedClass.methods().forEach(disableMethod);

	if ( hiddenMethods.length ) {
	console.log( 'Hidding remote methods for model', Model.modelName, ':', hiddenMethods.join( ', ' ));
	}
	});
	});

	function disableMethod (method) {
	var methodName = method.name;
	if ( excludedMethods.indexOf(methodName) === -1 ) {
	// append prefix 'prototype.' to method name if not static
	methodName = method.isStatic? methodName: 'prototype.'+methodName;
	hiddenMethods.push(methodName);
	// disable method
	Model.disableRemoteMethodByName(methodName);
	}
	}
	}

	/**
	* Options for methodsToDisable:
	* create, upsert, replaceOrCreate, upsertWithWhere, exists, findById, replaceById,
	* find, findOne, updateAll, deleteById, count, updateAttributes, createChangeStream
	* -- can also specify related method using prefixes listed above
	* and the related model name ex for Account: (prototype.__updateById__followers, prototype.__create__tags)
	* @param Model
	* @param methodsToDisable array
	*/
	function disableOnlyTheseMethods (Model, methodsToDisable ) {
	methodsToDisable.forEach( function (method) {
	Model.disableRemoteMethodByName(method);
	});
	if ( methodsToDisable.length ) {
	console.log( 'Hidding explicitly remote methods for model', Model.modelName, ':', methodsToDisable.join( ', ' ));
	}
	}

	function getAclMethods (Model) {
	let authorizedMethods = [];
	const acls = Model.definition.settings.acls \|\| [];

	acls.forEach((acl) => {
	if (acl.permission === 'ALLOW' && acl.property) {
	if (Array.isArray(acl.property)) {
	authorizedMethods = authorizedMethods.concat(acl.property);
	}
	else {
	authorizedMethods.push(acl.property);
	}
	}
	});

	if (authorizedMethods.length) {
	console.log('Exposing explicitly methods for model', Model.modelName, ':', authorizedMethods.join(', '));
	}

	return authorizedMethods;
	}

	};
	{
	"name": "Example",
	"base": "PersistentModel",
	"idInjection": true,
	"options": {
	"validateUpsert": true
	},
	"properties": {
	"name": {
	"type": "string",
	"required": true
	}
	},
	"validations": [],
	"relations": {},
	"acls": [],
	"methods": {},
	"mixins":{
	"DisableAllMethods":{
	"expose":[
	"find",
	"findById"
	]
	}
	}
	}
	'use strict';

	var util = require('util');

	var disableRemoteMethods = require('./disable-remote-methods');

	module.exports = (0, util.deprecate) (
	function (app) { return app.loopback.modelBuilder.mixins.define('disableRemoteMethods', disableRemoteMethods);},
	'DEPRECATED: Use mixinSources, see https://github.com/.../loopback-import-mixin#mixinsources'
	);