0.3.8 • Published 6 years ago
allowed-fields v0.3.8
allowed-fields
Description
This module lets developer define white listed and black listed database fields and provides a function to check whether given field is allowed.
Synopsis
TypeScript
import AllowedFields, { Fields } from "allowed-fields";
JavaScript
const AllowedFields = require("allowed-fields");
const fields = new AllowedFields({
whiteList: { "": "color", member: "*", company: "*", manager: ["name"] },
blackList: { member: ["salary"] },
});
// Field may be provided with single string as ('table.field').
fields.isAllowed("color"); // true (color is allowed without relation name)
fields.isAllowed("member.name"); // true (All fields (*) of member except 'salary' is allowed)
fields.isAllowed("manager.name"); // true (It is in white list)
fields.isAllowed("member.salary"); // false (It is in black list)
fields.isAllowed("zoo.name"); // false (It is not in white list)
fields.isAllowed("member.*"); // false (Member salary is black listed. All fields (*) except salary are allowed)
fields.isAllowed("company.*"); // true (All fields (*) of company is in white list)
// Field may be provided with two parameters as ('field', 'table')
fields.isAllowed("name", "member"); // true;
fields.isAllowed("salary", "member"); // false;
Details
This module is a utility for checking whether given fields are allowed according to simple blacklist and whitelist rules.
Blacklist and whitelist are provided using object. Keys are relation (table) names, values are field names. To allow
every field in a table *
API
Classes
Typedefs
Interfaces
AllowedFieldsConfig
Kind: global interface
Properties
Name | Type | Description |
---|---|---|
whiteList | Fields | List of allowed identifiers (entities and fields) to be used in query. |
blackList | Fields | List of identifiers which are prohibited to use in query. |
AllowedFields
Kind: global class
new AllowedFields(config)
Param | Type | Description |
---|---|---|
config | Object | Configuration |
config.whiteList | Fields | List of allowed identifiers (entities and fields) to be used in query. |
config.blackList | Fields | List of identifiers which are prohibited to use in query. |
allowedFields.isAllowed(fieldName, relationName) ⇒ boolean
Kind: instance method of AllowedFields
Returns: boolean -
Param | Type | Default | Description |
---|---|---|---|
fieldName | string | Field name to test. i.e 'name'. Also it may contain field name such as 'member.name' | |
relationName | string | "''" | Relation name which field belongs to. |
Example
allowedFields.isAllowed("member.name"); // Table and field as a single string.
allowedFields.isAllowed("name", "member"); // Field, Table.
Fields : Object.<string, (string|Array.<string>)>
Kind: global typedef
Example
const fields = {
"": "name", // Field name without table.
person: "name", // Single field from `person` table.
cart: ["name", "color"], // Some fields from `cart` table.
report: "*", // All fields from `report` table.
};