Skip to content

Instantly share code, notes, and snippets.

@tarlepp

tarlepp/allowedProjects.js

Last active August 29, 2015 14:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tarlepp/9b6c73d3dfb33ec423f3 to your computer and use it in GitHub Desktop.
Save tarlepp/9b6c73d3dfb33ec423f3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
allowedProjects.js
'use strict';
var actionUtil = require('sails/lib/hooks/blueprints/actionUtil');
/**
* todo
*
* @param {Request} request Request object
* @param {Response} response Response object
* @param {Function} next Callback function
*
* @returns {*}
*/
module.exports = function(request, response, next) {
sails.log.verbose(' POLICY - ' + __filename);
// Parse where criteria
var where = actionUtil.parseCriteria(request);
// We have id condition set so we need to check if that / those are allowed
if (where.id) {
console.log('ID found');
where.id = 2;
} else { // Otherwise just add id collection to where query
console.log('ID not found');
where.id = 1;
}
request.query = where;
return next();
};
Raw
allowedProjectsv2.js
'use strict';
var actionUtil = require('sails/lib/hooks/blueprints/actionUtil');
var _ = require('lodash');
/**
* todo
*
* @param {Request} request Request object
* @param {Response} response Response object
* @param {Function} next Callback function
*
* @returns {*}
*/
module.exports = function(request, response, next) {
sails.log.verbose(' POLICY - ' + __filename);
// Parse where criteria
var where = actionUtil.parseCriteria(request);
sails.models['projectuser']
.find()
.where({user: request.token})
.populate('project')
.then(
function(projectUsers) {
var validIds = _.map(projectUsers, function(projectUser) {
return parseInt(projectUser.project.id, 10);
});
// We have id condition set so we need to check if that / those are allowed
if (where.id) {
var currentIds = _.map((!_.isArray(where.id)) ? [where.id] : where.id, function(id) {
return parseInt(id, 10);
});
where.id = _.intersection(currentIds, validIds);
} else { // Otherwise just add id collection to where query
where.id = validIds;
}
request.query = where;
return next();
}
);
};
Raw
allowedProjectsv3Final.js
'use strict';
var actionUtil = require('sails/lib/hooks/blueprints/actionUtil');
var _ = require('lodash');
/**
* Policy to limit GET /project results to just contain those projects that current
* user has access to.
*
* @param {Request} request Request object
* @param {Response} response Response object
* @param {Function} next Callback function
*
* @returns {*}
*/
module.exports = function(request, response, next) {
sails.log.verbose(' POLICY - ' + __filename);
// Parse where criteria
var where = actionUtil.parseCriteria(request);
sails.models['projectuser']
.find()
.where({user: request.token})
.populate('project')
.then(
function(projectUsers) {
// Determine valid project ids
var validIds = _.map(projectUsers, function(projectUser) {
return parseInt(projectUser.project.id, 10);
});
// We have id condition set so we need to check if that / those are allowed
if (where.id) {
// Normalize current ids
var currentIds = _.map((!_.isArray(where.id)) ? [where.id] : where.id, function(id) {
return parseInt(id, 10);
});
// Remove not valid ids
where.id = _.intersection(currentIds, validIds);
} else { // Otherwise just add id collection to where query
where.id = validIds;
}
// There is no "valid" ids so we need to send 404 back to client
if (_.isEmpty(where.id)) {
var error = {
status: 404
};
return response.negotiate(error);
}
// Remove existing query
delete request.query;
// Set new query to request, that blueprints will use after this
request.query = {
where: where
};
return next();
}
)
.catch(function(error) {
return response.negotiate(error);
});
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment