blabno · August 29, 2015 14:23 · blabno · Jun 25, 2015
diff --git a/a1_simple.js b/a1_simple.js
 'use strict';

 var Joi = require('joi');

 module.exports = function (harvester) {

    harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })

    // register all routes : 
    // GET /categories, GET /categories/:id, GET /categories/changes/stream, POST /categories, 
    // PUT /categories/:id, DELETE /categories/:id,
    
    // all of these are bootstrapped with the default authorization function, swagger spec and validation
    // the Joi schema attributes are used to evaluate body or query params depending on the verb 
    
    .register();
    
 };
diff --git a/b_swagger_override.js b/b_swagger_override.js
 'use strict';

 var Joi = require('joi');

 module.exports = function (harvester) {

    var categories = harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });
    var models = harvester
        .resource('models', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })


    //so now categories is pointing still to harvester, but the `.resource('models'` has overriden the getById, and the call below will modify the models resource
    categories.getById().docs({summary: 'all the lovely categories by id'})
    
    .register();
        
 };
diff --git a/c_validation_override.js b/c_validation_override.js
 'use strict';

 var Joi = require('joi');

 module.exports = function (harvester) {

    harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })
    .get().validate({query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}})
    
    .register();
    
 };
diff --git a/d1_authorize_override.js b/d1_authorize_override.js
 'use strict';
 var Joi = require('joi');
 var Promise = require('bluebird');
 module.exports = function (harvester) {
    
    harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })
    
    .get().authorize(false)
    .getById().authorize(false)
    
    .delete().before(function(req) {
        var resource = this;
        return dynamicAuthorizeDelete(req).then(function() {
            return resource;
        });
    })
    
    .register();
    
    function dynamicAuthorizeDelete(req) {
            var _category;
            return Promise.resolve()
                .then(function(){
                    harvester.adapter.find('category',req.params.id)
                })
                .then(function(category){
                    _category = category;
                    // lookup identity with whoamIfunction
                    return $http.get('/whoami') //header should have authentication
                })
                .then(function(resp) {
                    if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
                        return true; 
                    }else{
                        throw new JSONAPI_Error({403, 'something went wrong'}))
                    }
                })
            }
        }

 };
diff --git a/f_fullmonty.js b/f_fullmonty.js
 'use strict';

 var Joi = require('joi');
 var roles = require('./roles');

 module.exports = function (harvester) {

    harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })
        .roles([roles.dealerRegular])

    // the values expressed in the .roles declaration clause will override/replace values defined at a higher level (e.g. .resource({}).roles(...))   
    
    // declaring disableAuthorization() in a route causes the authorization strategy function to be skipped 
    // a roles definition is required for every route unless disableAuthorization() is used
    // this definition can be either inherited through the .resource({}).roles definition, or be expressed on the route itself
    .get().disableAuthorization().validate({query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}})
    .getById().disableAuthorization().docs({summary: 'all the lovely categories by id'})
    
    .delete().roles([roles.dealerAdmin, roles.dealerRegular]).before(function(req) {
        var resource = this;
        return dynamicAuthorizeDelete(req).then(function() {
            return resource;
        });
    })
    
    .register();
 
    function dynamicAuthorizeDelete(req) {
            var _category;
            return Promise.resolve()
                .then(function(){
                    harvester.adapter.find('category',req.params.id)
                })
                .then(function(category){
                    _category = category;
                    // lookup identity with whoamIfunction
                    return $http.get('/whoami') //header should have authentication
                })
                .then(function(resp) {
                    if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
                        return true; 
                    }else{
                        throw new JSONAPI_Error({403, 'something went wrong'}))
                    }
                })
            }
        }

 };
diff --git a/g_express_handler.js b/g_express_handler.js
 'use strict';

 var Joi = require('joi');

 module.exports = function (harvester) {

    var category = harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    // retrieve express from app namespace
    var app = harvester.app;
    
    app.get('/categories', category.get().handler());
    app.get('/categories/:id', category.getById().handler());
    app.get('/categories/changes/stream', category.getChangeEventsStreaming().handler());
    app.delete('/categories', category.delete().handler());

 };
diff --git a/immutable_readonly.js b/immutable_readonly.js
   
   harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })
    .immutable() // only POST and GETs are allowed
    .register();
    
    harvester
        .resource('categories', {
            name: Types.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        })
    .readonly() // only GETs are allowed
    .register();
	'use strict';

	var Joi = require('joi');

	module.exports = function (harvester) {

	harvester
	.resource('categories', {
	name: Types.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	})

	// register all routes :
	// GET /categories, GET /categories/:id, GET /categories/changes/stream, POST /categories,
	// PUT /categories/:id, DELETE /categories/:id,

	// all of these are bootstrapped with the default authorization function, swagger spec and validation
	// the Joi schema attributes are used to evaluate body or query params depending on the verb

	.register();

	};
	'use strict';
	var Joi = require('joi');
	var Promise = require('bluebird');
	module.exports = function (harvester) {

	harvester
	.resource('categories', {
	name: Types.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	})

	.get().authorize(false)
	.getById().authorize(false)

	.delete().before(function(req) {
	var resource = this;
	return dynamicAuthorizeDelete(req).then(function() {
	return resource;
	});
	})

	.register();

	function dynamicAuthorizeDelete(req) {
	var _category;
	return Promise.resolve()
	.then(function(){
	harvester.adapter.find('category',req.params.id)
	})
	.then(function(category){
	_category = category;
	// lookup identity with whoamIfunction
	return $http.get('/whoami') //header should have authentication
	})
	.then(function(resp) {
	if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
	return true;
	}else{
	throw new JSONAPI_Error({403, 'something went wrong'}))
	}
	})
	}
	}

	};
	'use strict';

	var Joi = require('joi');
	var roles = require('./roles');

	module.exports = function (harvester) {

	harvester
	.resource('categories', {
	name: Types.string().required().description('a name'),
	links: {
	brand: 'brands'
	}
	})
	.roles([roles.dealerRegular])

	// the values expressed in the .roles declaration clause will override/replace values defined at a higher level (e.g. .resource({}).roles(...))

	// declaring disableAuthorization() in a route causes the authorization strategy function to be skipped
	// a roles definition is required for every route unless disableAuthorization() is used
	// this definition can be either inherited through the .resource({}).roles definition, or be expressed on the route itself
	.get().disableAuthorization().validate({query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}})
	.getById().disableAuthorization().docs({summary: 'all the lovely categories by id'})

	.delete().roles([roles.dealerAdmin, roles.dealerRegular]).before(function(req) {
	var resource = this;
	return dynamicAuthorizeDelete(req).then(function() {
	return resource;
	});
	})

	.register();

	function dynamicAuthorizeDelete(req) {
	var _category;
	return Promise.resolve()
	.then(function(){
	harvester.adapter.find('category',req.params.id)
	})
	.then(function(category){
	_category = category;
	// lookup identity with whoamIfunction
	return $http.get('/whoami') //header should have authentication
	})
	.then(function(resp) {
	if (resp.dealerUser && dealerUser.id==_category.links.dealerUser){
	return true;
	}else{
	throw new JSONAPI_Error({403, 'something went wrong'}))
	}
	})
	}
	}

	};