Created
October 12, 2016 21:12
-
-
Save jhyland87/b4ad1a3e4a7142c6bd86acee7174829f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var Hunt = require('hunt'), | |
| hrw = require('hunt-mongo-rest'), | |
| hunt = Hunt({ | |
| 'disableCsrf': true, | |
| 'huntKey': true, | |
| 'mongoUrl': 'mongodb://localhost/hrw_dev' | |
| }); | |
| hunt.extendModel('Articles', function(core){ | |
| var ArticleSchema = new core.mongoose.Schema({ | |
| 'name': { type: String, unique: true }, | |
| 'content': String, | |
| 'author': { type: core.mongoose.Schema.Types.ObjectId, ref: 'User' } | |
| }); | |
| ArticleSchema.index({ | |
| 'name': 1, | |
| 'author': 1 | |
| }); | |
| //some statics method, corresponding to Active Record Collection | |
| ArticleSchema.statics.doSmth = function (user, payload, callback) { | |
| callback(null, { | |
| 'user': user, | |
| 'body': payload | |
| }); | |
| }; | |
| //some instance method, corresponding to this particular item of Active Record collection | |
| ArticleSchema.methods.doSmth = function (user, payload, callback) { | |
| callback(null, { | |
| 'article': this, | |
| 'user': user, | |
| 'body': payload | |
| }); | |
| }; | |
| //ACL check for what fields can user list and filter | |
| ArticleSchema.statics.canCreate = function (user, callback) { | |
| if (user) { | |
| //only authorized user can create new article, the setter of `author` with current user's id is set | |
| callback(null, true, 'author'); | |
| } else { | |
| callback(null, false); | |
| } | |
| }; | |
| //ACL check for what fields can user list and filter | |
| ArticleSchema.statics.listFilter = function (user, callback) { | |
| if (user) { | |
| if (user.root) { | |
| //root can list all documents! | |
| callback(null, {}, ['id', 'name', 'content', 'author'], ['author']); | |
| } else { | |
| //non root user can see documents, where he/she is an owner | |
| callback(null, {'author': user._id}, ['id', 'name', 'content']); | |
| } | |
| } else { | |
| //non authorized user cannot list anything! | |
| callback(null, false); | |
| } | |
| }; | |
| //ACL check for readable fields | |
| ArticleSchema.methods.canRead = function (user, callback) { | |
| if (user) { | |
| if (user.root) { | |
| //root can list all documents and all document fields, with populating author | |
| callback(null, true, ['id', 'name', 'content', 'author'], ['author']); | |
| } else { | |
| //non root user can see documents, where he/she is an owner | |
| callback(null, (this.author == user.id), ['id', 'name', 'content']); | |
| } | |
| } else { | |
| callback(null, false); //non authorized user cannot read anything! | |
| } | |
| }; | |
| //ACL check for ability to update some fields in this current document | |
| ArticleSchema.methods.canUpdate = function (user, callback) { | |
| if (user) { | |
| if (user.root) { | |
| //root can edit all documents and all document fields | |
| callback(null, true, ['name', 'content', 'author']); | |
| } else { | |
| //non root user can edit `name` and `content` of | |
| //documents, where he/she is an owner | |
| callback(null, this.author == user.id, ['name', 'content']); | |
| } | |
| } else { | |
| callback(null, false); //non authorized user cannot edit anything! | |
| } | |
| }; | |
| //ACL check for ability to delete this particular document | |
| ArticleSchema.methods.canDelete = function (user, callback) { | |
| var document = this; | |
| if (user) { | |
| if (user.root) { | |
| //root can delete every document | |
| callback(null, true); | |
| } else { | |
| //non root user can delete documents, where he/she is an owner | |
| callback(null, document.author == user.id); | |
| } | |
| } else { | |
| callback(null, false); //non authorized user cannot edit anything! | |
| } | |
| }; | |
| //some validations | |
| ArticleSchema.path('author').validate(function (value, respond) { | |
| return core.model.User.findById(value, function (error, authorFound) { | |
| if (error) { | |
| throw error; | |
| } else { | |
| respond(authorFound ? true : false); | |
| } | |
| }); | |
| }, 'Unable to find Author!'); | |
| //this step is very important - bind mongoose model to current mongo database connection | |
| // and assign it to collection in mongo database | |
| return core.mongoConnection.model('Article', ArticleSchema); | |
| }); | |
| //do some magic | |
| hrw(hunt, { | |
| 'mountPount' : '/api/v1/articles', | |
| 'modelName': 'Article', | |
| 'statics': ['doSmth'], | |
| 'methods':['doSmth'] | |
| }); | |
| Hunt.startWebServer(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment