Created
December 19, 2013 09:53
-
-
Save vmakhaev/8036890 to your computer and use it in GitHub Desktop.
DerbyJS server validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
derby = require 'derby' | |
auth = require '../../app/auth' | |
creation = require '../../app/crud/creation' | |
schemas = require '../../app/schemas' | |
settings = require '../../app/settings' | |
validation = require './validation' | |
util = require '../../app/util' | |
module.exports = | |
init: (store) -> | |
validate = (collection, docId, parts, value, model, isDelete, next) -> | |
#if isDelete | |
# return next() | |
schema = schemas[collection] | |
if not schema | |
return next 'No schema for collection ' + collection | |
field = parts[0] | |
#userId = '' | |
#model.fetch 'employees.' + userId, 'roles', collection + '.' + docId, (err) -> | |
model.fetch collection + '.' + docId, (err) -> | |
return next err if err | |
#user = model.get 'employees.' + userId | |
#model.set '_user', user | |
entity = util.clone model.get collection + '.' + docId | |
if not entity | |
return next collection + ' with id ' + docId + ' not exist' | |
switch field | |
when 'isDeleted' | |
#Delete | |
#access | |
#if schema.access and schema.access.del and not auth.access schema.access.del, model | |
# return next 'No access to delete ' + collection | |
if value not in [true, false, undefined, null] | |
return next 'Not allowed value ' + value | |
return next() | |
else | |
#Edit | |
#Access | |
#if schema.access and schema.access.edit and not auth.access schema.access.edit, model | |
# return next 'No access to edit ' + path | |
if not entity | |
return next collection + ' with id ' + docId + ' not exist' | |
if field in settings.readonlyFields | |
return next 'Field is readonly ' + field | |
#Validation | |
#console.log parts | |
if parts.length > 1 | |
en = null | |
for part, index in parts | |
if index is 0 | |
en = entity[part] | |
else if index is parts.length - 1 | |
en[part] = value | |
else | |
en = en[part] | |
else | |
entity[field] = value | |
validation.validateField collection, entity, field, entity[field], model, next | |
store.onChange = (callback) -> | |
@shareClient.use "submit", (shareRequest, next) -> | |
collection = shareRequest.collection | |
agent = shareRequest.agent | |
action = shareRequest.action | |
docName = shareRequest.docName | |
backend = shareRequest.backend | |
# opData represents the ShareJS operation | |
opData = shareRequest.opData | |
isServer = agent.stream.isServer | |
callback collection, docName, opData, agent.connectSession, isServer, (err) -> | |
if err | |
console.log JSON.stringify opData | |
next err | |
store.onChange (collection, docId, opData, session, isServer, next) -> | |
#console.log JSON.stringify opData | |
#TODO: remove exceptions | |
if collection in ['catalogs', 'logs'] | |
return next() | |
model = store.createModel() | |
if opData.create | |
entity = opData.create.data | |
validation.validateEntity collection, entity, model, next | |
else if opData.op | |
valids = 0 | |
error = null | |
for op in opData.op | |
parts = op.p | |
value = v for v in [op.oi, op.od, op.li] when v isnt undefined | |
validate collection, docId, parts, value, model, op.od, (err) -> | |
if err | |
error = err | |
valids++ | |
if opData.op.length is valids | |
next error | |
### racer-access | |
store.allow 'all', '**', (docName, path, opData, doc) -> | |
console.log arguments | |
console.log opData.op | |
collection = opData.collection | |
#TODO: remove exceptions | |
if collection in ['catalogs', 'logs', 'imagetypes'] | |
return | |
model = store.createModel() | |
if opData.create | |
entity = opData.create.data | |
validation.validateEntity collection, entity, model, next | |
else if opData.op | |
valids = 0 | |
error = null | |
for op in opData.op | |
parts = op.p | |
value = op.oi | |
validate collection, docId, parts, value, model, (err) -> | |
if err | |
error = err | |
valids++ | |
if opData.op.length is valids | |
next error | |
### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment