ssebro/a1_simple.js Secret

## a1_simple.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    // register routes of interests
    // all routes are bootstrapped with default swagger spec and validation
    // e.g. categories.get registers a mustbe permission check activity with 'categories.get'
    // the Joi schema attributes are used to evaluate body or query params depending on the verb

    category.get().register();
    category.getById().register();
    category.getChangeEventsStreaming().register();
    category.delete().register();
        //or category.all().register();


};

## b_swagger_override.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    category.get().register();
    category.getById().swagger({summary: 'all the lovely categories by id'}).register();
        // only explicit .swagger() declaration needed when an override of standard swagger spec is wanted
    category.getChangeEventsStreaming().register();
    category.delete().register();

};

## c_validation_override.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    var validation = {
        get: {query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}}
    };

    category.get().validate(validation.get).register();
    // only explicit .validate() needed when you want to override/augment defaults
    category.getById().register();
    category.getChangeEventsStreaming().register();
    category.delete().register();

};

## d1_authorize_override.js
'use strict';
var Joi = require('joi');
var Promise = require('bluebird');
module.exports = function (harvester) {
    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    category.get().authorize(false).register();
    category.getById().authorize(false).register();
    category.getChangeEventsStreaming().register();

    category.delete().authorize(function(req) {
        var _category;
        return Promise.resolve()
            .then(function(){
                harvester.adapter.find('category',req.params.id)
            })
            .then(function(category){
                _category = category;
                // lookup identity with whoamIfunction
                return $http.get('/whoami') //header should have authentication
            })
            .then(function(resp){
                if (resp.dealerUser && dealerUser.id==_category.links.dealerUser && permission('category.delete',resp.dealerUser)){
                    return true;
                }else{
                    return Promise.reject("somethig went bad");//this should be serialized in the sent error msg.
                }
            })
        }
    })
    .register();
    // overrides default mustbe.authorized('category.delete')

};

## e_finegrained_validation.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester, mustbeConfig) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    category.get().register();
    category.getById().register();
    category.getChangeEventsStreaming().register();
    category.delete().before(beforeDelete).register();
        // adding validation fn handler
        // however this clause accepts an unbounded amount of fn handlers which get triggered before the actual delete fn handler;

    function beforeDelete(req, res, next) {
        // do some checks with req.
        if ('untouchable'===req.body.categories[0].name) {
            next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
        } else {
            next();
        }
    }


};

## f_fullmonty.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

     var validation = {
        get: {query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}}
    };

    category.get().validate(validation.get).register();
    category.getById().swagger({summary: 'all the lovely categories by id'}).register();
    category.getChangeEventsStreaming().register();

    category.routes.delete()
        .authorize(function(req, res, next) {
            // lookup identity with req.user['agco-uuid']
            // data lookup and execute business rules
            if (ok) {
                next(req, res);
            } else {
                throw new JSONAPI_Error({status:403, message: 'not cool enough, sorry :-) '});
            }
        })
        .before(beforeDelete).register();
        // overrides default mustbe.authorized('category.delete')

    function beforeDelete(req, res, next) {
        if ('untouchable'===req.body.categories[0].name) {
            next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
        } else {
            next();
        }
    }


};

## g_express_handler.js
'use strict';

var Joi = require('joi');

module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    // retrieve express from app namespace
    var app = harvester.app;

    app.get('/categories', category.get().handler());
    app.get('/categories/:id', category.getById().handler());
    app.get('/categories/changes/stream', category.getChangeEventsStreaming().handler());
    app.delete('/categories', category.delete().handler());

};

## static authorization middleware for non-harvester routes.js
    app.post('/topcon/positionlist', staticAuthMiddlewareHandler, topconPositionListHandler);


    var staticAuthStrategy = require('./app').staticAuthStrategy;//I don't think it's actually named this, but something similar.

    function staticAuthMiddlewareHandler(req,res,next){
      var retval = staticAuthStrategy();
      if (retVal.isThennable){
        return retval
          .catch(function(){
            //Handle thrown jsonapi, array(could be an array of jsonapi errors) and error objects: send an error for that type
          })
          .then(function(){
            next();
          })

      }else if (_.isError(retVal)){
        //figure out error type and send an error for that type
      }

    }
	'use strict';

	var Joi = require('joi');

	module.exports = function (harvester) {

	var category = harvester
	.resource('categories', {
	name: Joi.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	});

	// register routes of interests
	// all routes are bootstrapped with default swagger spec and validation
	// e.g. categories.get registers a mustbe permission check activity with 'categories.get'
	// the Joi schema attributes are used to evaluate body or query params depending on the verb

	category.get().register();
	category.getById().register();
	category.getChangeEventsStreaming().register();
	category.delete().register();
	//or category.all().register();


	};
	'use strict';
	var Joi = require('joi');
	var Promise = require('bluebird');
	module.exports = function (harvester) {
	var category = harvester
	.resource('categories', {
	name: Joi.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	});

	category.get().authorize(false).register();
	category.getById().authorize(false).register();
	category.getChangeEventsStreaming().register();

	category.delete().authorize(function(req) {
	var _category;
	return Promise.resolve()
	.then(function(){
	harvester.adapter.find('category',req.params.id)
	})
	.then(function(category){
	_category = category;
	// lookup identity with whoamIfunction
	return $http.get('/whoami') //header should have authentication
	})
	.then(function(resp){
	if (resp.dealerUser && dealerUser.id==_category.links.dealerUser && permission('category.delete',resp.dealerUser)){
	return true;
	}else{
	return Promise.reject("somethig went bad");//this should be serialized in the sent error msg.
	}
	})
	}
	})
	.register();
	// overrides default mustbe.authorized('category.delete')

	};
	'use strict';

	var Joi = require('joi');

	module.exports = function (harvester, mustbeConfig) {

	var category = harvester
	.resource('categories', {
	name: Joi.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	});

	category.get().register();
	category.getById().register();
	category.getChangeEventsStreaming().register();
	category.delete().before(beforeDelete).register();
	// adding validation fn handler
	// however this clause accepts an unbounded amount of fn handlers which get triggered before the actual delete fn handler;

	function beforeDelete(req, res, next) {
	// do some checks with req.
	if ('untouchable'===req.body.categories[0].name) {
	next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
	} else {
	next();
	}
	}


	};
	app.post('/topcon/positionlist', staticAuthMiddlewareHandler, topconPositionListHandler);


	var staticAuthStrategy = require('./app').staticAuthStrategy;//I don't think it's actually named this, but something similar.

	function staticAuthMiddlewareHandler(req,res,next){
	var retval = staticAuthStrategy();
	if (retVal.isThennable){
	return retval
	.catch(function(){
	//Handle thrown jsonapi, array(could be an array of jsonapi errors) and error objects: send an error for that type
	})
	.then(function(){
	next();
	})

	}else if (_.isError(retVal)){
	//figure out error type and send an error for that type
	}

	}