Last active
December 5, 2019 10:18
-
-
Save danmo/d5971093c7eb435cb0dd365336746b91 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
userSchema = { | |
firstName, | |
lastName, | |
workspaceId: <-- eagerly loaded to worspace | |
} | |
applyAccessFilters() | |
regular -> 'find.books' -> you should only 'workspace.name' | |
fields = '// workspace.name' //'workspace' | |
RULE: | |
I should be able to limit first level and eager/second level fields that are visible | |
BLACKLIST APPROACH: where you forcefully deny fields | |
ex: regular findOne.users -> blacklist: ['worskape.id', 'workspace.secretKey', ...]; | |
WHITELIST APPROACH: where you allow a limited set of fields | |
ex: regular findOne.users -> whitelist: ['worskape.name']; | |
BOTH APPROACHES CAN WORK AT THE SAME TIME: | |
1. you have a blacklist | |
- deny those fields | |
2. you have a whitelist | |
- you will allow only those fields | |
3. you have both a blacklist and a whitelist | |
- whitelist is dominant | |
find({ query, offset, limit, fields }) { | |
// this.eagerMap = ['workspace']; | |
// we have to type of fields to limit: first level fields and eagerly loaded fields | |
// fields needs to reflect both | |
const fields = ['firstName','lastName', 'workspaceId', 'workspace', 'workspace.name']; | |
const firstLevelFields = fields.filter(f => !this.eagerMap.find(f)); | |
const secondLevelFields = fields.filter(f => this.eagerMap.find(f)); | |
if (firstLevelFields.length) { | |
// limit query result fields to this list | |
} | |
return new GenericQuery(query).toKnex( | |
this.ormModel | |
.query() | |
.eager(secondLevelFields) | |
.skipUndefined() | |
.offset(offset) | |
.limit(limit) | |
); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment