hiro/grapher
1
0
Fork 0
mirror of https://github.com/vale981/grapher synced 2025-03-06 01:51:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
grapher/lib/namedQuery
History
jens d818b23656 update to aldeed:collectdion2-core and aldeed:node-simple-schema
2017-02-06 14:33:33 +01:00
..
expose update to aldeed:collectdion2-core and aldeed:node-simple-schema 2017-02-06 14:33:33 +01:00
testing added and cleaning options for the client, added .createNamedQuery at collection level, added more tests 2016-10-25 10:52:16 +03:00
createNamedQuery.js added and cleaning options for the client, added .createNamedQuery at collection level, added more tests 2016-10-25 10:52:16 +03:00
extension.js added and cleaning options for the client, added .createNamedQuery at collection level, added more tests 2016-10-25 10:52:16 +03:00
namedQuery.base.js added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00
namedQuery.client.js fixed #93 - fetchOne now works as expected for non-reactive queries 2017-01-04 11:11:48 +02:00
namedQuery.js decoupled query code, added metadata for inversed links 2016-10-14 10:57:26 +03:00
namedQuery.server.js 1.2.3 - paginate true, exporting function for grapher live, fixed package implying 2016-11-07 18:44:09 +02:00
README.md added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00
store.js added and cleaning options for the client, added .createNamedQuery at collection level, added more tests 2016-10-25 10:52:16 +03:00

README.md

A secure query is a query in which the form of it is locked on the server. Frozen queries are regarded as trusted code, the exposure from other collections will not affect them. Only the firewall.

The reason behind this concept:

  • You may have an Order for a Customer and to that order is an employee assigned
  • You want to expose all employees to admin via user exposure
  • Now, because exposures are linked you may need to add extra logic to user exposure, and it will eventually turn into a mess
  • It gets hard to validate/invalidate fields links.

This is the reason why you should construct your secure query and offer control over it via params. That can be used and manipulated in $filter function.


const query = createNamedQuery('testList', {
    tests: {
        $filter({
            filters, 
            options, 
            params
        }) {
                
        },
        title: 1,
        endcustomer: {
            profile: 1
        }
    }
})

// In the same file or in a server-side file only:
query.expose({
    firewall(userId, params) {
         // throw exception if not allowed 
    },
    body: { // merges deeply with your current body, so you can filter without showing the client how you do it to avoid exposing precious data
        tests: {
            $filter({filters, options, params})
        }
    }
})

// You must have your collections and queries imported already.
// Client side
createQuery({
    testListQuery: {
        endcustomer: Meteor.userId()
    }
})