Last active
August 29, 2015 14:05
-
-
Save tarlepp/9b6c73d3dfb33ec423f3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var actionUtil = require('sails/lib/hooks/blueprints/actionUtil'); | |
| /** | |
| * todo | |
| * | |
| * @param {Request} request Request object | |
| * @param {Response} response Response object | |
| * @param {Function} next Callback function | |
| * | |
| * @returns {*} | |
| */ | |
| module.exports = function(request, response, next) { | |
| sails.log.verbose(' POLICY - ' + __filename); | |
| // Parse where criteria | |
| var where = actionUtil.parseCriteria(request); | |
| // We have id condition set so we need to check if that / those are allowed | |
| if (where.id) { | |
| console.log('ID found'); | |
| where.id = 2; | |
| } else { // Otherwise just add id collection to where query | |
| console.log('ID not found'); | |
| where.id = 1; | |
| } | |
| request.query = where; | |
| return next(); | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var actionUtil = require('sails/lib/hooks/blueprints/actionUtil'); | |
| var _ = require('lodash'); | |
| /** | |
| * todo | |
| * | |
| * @param {Request} request Request object | |
| * @param {Response} response Response object | |
| * @param {Function} next Callback function | |
| * | |
| * @returns {*} | |
| */ | |
| module.exports = function(request, response, next) { | |
| sails.log.verbose(' POLICY - ' + __filename); | |
| // Parse where criteria | |
| var where = actionUtil.parseCriteria(request); | |
| sails.models['projectuser'] | |
| .find() | |
| .where({user: request.token}) | |
| .populate('project') | |
| .then( | |
| function(projectUsers) { | |
| var validIds = _.map(projectUsers, function(projectUser) { | |
| return parseInt(projectUser.project.id, 10); | |
| }); | |
| // We have id condition set so we need to check if that / those are allowed | |
| if (where.id) { | |
| var currentIds = _.map((!_.isArray(where.id)) ? [where.id] : where.id, function(id) { | |
| return parseInt(id, 10); | |
| }); | |
| where.id = _.intersection(currentIds, validIds); | |
| } else { // Otherwise just add id collection to where query | |
| where.id = validIds; | |
| } | |
| request.query = where; | |
| return next(); | |
| } | |
| ); | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var actionUtil = require('sails/lib/hooks/blueprints/actionUtil'); | |
| var _ = require('lodash'); | |
| /** | |
| * Policy to limit GET /project results to just contain those projects that current | |
| * user has access to. | |
| * | |
| * @param {Request} request Request object | |
| * @param {Response} response Response object | |
| * @param {Function} next Callback function | |
| * | |
| * @returns {*} | |
| */ | |
| module.exports = function(request, response, next) { | |
| sails.log.verbose(' POLICY - ' + __filename); | |
| // Parse where criteria | |
| var where = actionUtil.parseCriteria(request); | |
| sails.models['projectuser'] | |
| .find() | |
| .where({user: request.token}) | |
| .populate('project') | |
| .then( | |
| function(projectUsers) { | |
| // Determine valid project ids | |
| var validIds = _.map(projectUsers, function(projectUser) { | |
| return parseInt(projectUser.project.id, 10); | |
| }); | |
| // We have id condition set so we need to check if that / those are allowed | |
| if (where.id) { | |
| // Normalize current ids | |
| var currentIds = _.map((!_.isArray(where.id)) ? [where.id] : where.id, function(id) { | |
| return parseInt(id, 10); | |
| }); | |
| // Remove not valid ids | |
| where.id = _.intersection(currentIds, validIds); | |
| } else { // Otherwise just add id collection to where query | |
| where.id = validIds; | |
| } | |
| // There is no "valid" ids so we need to send 404 back to client | |
| if (_.isEmpty(where.id)) { | |
| var error = { | |
| status: 404 | |
| }; | |
| return response.negotiate(error); | |
| } | |
| // Remove existing query | |
| delete request.query; | |
| // Set new query to request, that blueprints will use after this | |
| request.query = { | |
| where: where | |
| }; | |
| return next(); | |
| } | |
| ) | |
| .catch(function(error) { | |
| return response.negotiate(error); | |
| }); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment