Javascript 如何在环回框架中禁用PersistedModel的某些HTTP方法(例如POST)
在环回框架中创建模型时,可以从PersistedModel类继承。通过这种方式生成所有HTTP方法。我想知道如何禁用某些HTTP方法Javascript 如何在环回框架中禁用PersistedModel的某些HTTP方法(例如POST),javascript,loopbackjs,Javascript,Loopbackjs,在环回框架中创建模型时,可以从PersistedModel类继承。通过这种方式生成所有HTTP方法。我想知道如何禁用某些HTTP方法 一个选项是用空逻辑覆盖PersistedModel中的函数,但希望该方法从Swagger API explorer中消失。在文档中找到答案。 例如,这将禁用PersistedModel.deleteById: var isStatic = true; MyModel.disableRemoteMethod('deleteById', isStatic); 因此,
一个选项是用空逻辑覆盖PersistedModel中的函数,但希望该方法从Swagger API explorer中消失。在文档中找到答案。 例如,这将禁用PersistedModel.deleteById:
var isStatic = true;
MyModel.disableRemoteMethod('deleteById', isStatic);
因此,看起来您不可能同时禁用所有删除操作。例如,在给定的示例中,PersistedModel.deleteAll方法仍然是可访问的
开发人员必须显式禁用类中的每个相关方法
章节:
- 隐藏方法和REST端点
- 隐藏相关模型的端点
唯一需要额外注意的是禁用自定义模型方法(如User.login)。您需要在explorer中间件之前调用disableRemoteMethod:我也遇到了同样的问题 我的第一个解决方案是手动更新
服务器/模型配置.json
中的“public”:true
项,但只要我使用Swagger工具刷新环回API(使用项目根目录中的slc LoopBack:Swagger myswaggerfilename
命令),它就会被覆盖
我终于写了一个Grunt任务作为可靠的解决方法
- 在生成
之后或在运行API live之前运行它李>slc环回:swagger
- 您只需在javascript数组
列表\u of_REST\u path\u to_expose中指定我要公开的路径的名称即可
- 并确保您对原始
文件的备份文件夹满意/server/model config.json
module.exports = function (grunt) {
grunt.registerTask('unexpose_rest_path_for_swagger_models_v1', function (key, value) {
try {
// Change the list below depending on your API project :
// list of the REST paths to leave Exposed
var list_of_REST_path_to_EXPOSE =
[
"swagger_example-api_v1",
"write_here_the_paths_you_want_to_leave_exposed"
];
// Location of a bakup folder for modified model-config.json (change this according to your specific needs):
var backup_folder = "grunt-play-field/backups-model-config/";
var src_folder = "server/";
var dest_folder = "server/";
var src_file_extension = ".json";
var src_file_root_name = "model-config";
var src_filename = src_file_root_name + src_file_extension;
var dest_filename = src_file_root_name + src_file_extension;
var src = src_folder + src_filename;
var dest = dest_folder + dest_filename;
var free_backup_file = "";
if (!grunt.file.exists(src)) {
grunt.log.error("file " + src + " not found");
throw grunt.util.error("Source file 'model-config.json' does NOT exists in folder '" + src_folder + "'");
}
// timestamp for the backup file of model-config.json
var dateFormat = require('dateformat');
var now = new Date();
var ts = dateFormat(now, "yyyy-mm-dd_hh-MM-ss");
// backup model-config.json
var root_file_backup = src_file_root_name + "_bkp" + "_";
var root_backup = backup_folder + root_file_backup;
free_backup_file = root_backup + ts + src_file_extension;
if (!grunt.file.exists(root_file_backup + "*.*", backup_folder)) {
//var original_file = grunt.file.read(src);
grunt.file.write(free_backup_file, "// backup of " + src + " as of " + ts + "\n");
//grunt.file.write(free_backup_file, original_file);
grunt.log.write("Creating BACKUP"['green'] + " of '" + src + "' " + "to file : "['green'] + free_backup_file + " ").ok();
} else {
grunt.log.write("NO BACKUP created"['red'] + " of '" + src + "' " + "because file : " + free_backup_file + " ALREADY EXISTS ! "['red']).error();
throw grunt.util.error("Destination backup file already exists");
}
// load model-config.json
var project = grunt.file.readJSON(src);//get file as json object
// make modifications in model-config.json
for (var rest_path in project) {
if (rest_path.charAt(0) === "_") {
grunt.log.write("SKIPPING"['blue'] + " the JSON item '" + rest_path + "' belonging to the " + "SYSTEM"['blue'] + ". ").ok();
continue; // skip first level items that are system-related
}
if (list_of_REST_path_to_EXPOSE.indexOf(rest_path) > -1) { //
project[rest_path]["public"] = true;
grunt.log.write("KEEPING"['green'] + " the REST path '" + rest_path + "' " + "EXPOSED"['green'] + ". ").ok();
} else {
project[rest_path]["public"] = false;
grunt.log.writeln("HIDING"['yellow'] + " REST path '" + rest_path + "' : it will " + "NOT"['yellow'] + " be exposed.");
}
}
}
我想隐藏PATCH方法,但当我试图隐藏它时,我也隐藏了PUT方法,我使用了这一行:
Equipment.disableRemoteMethod('updateAttributes', false);
但后来我发现了一种只隐藏补丁方法的方法,这条线非常适合我
Equipment.sharedClass.find('updateAttributes', false).http = [{verb: 'put', path: '/'}];
上面的行覆盖了updateAttributes方法拥有的原始http
[{动词:'put',路径:'/'},{动词:'patch',路径:'/'}]
我在model.js文件中做了如下操作,如下所示。这使表成为只读的
module.exports = function(model) {
var methodNames = ['create', 'upsert', 'deleteById','updateAll',
'updateAttributes','createChangeStream','replace','replaceById',
'upsertWithWhere','replaceOrCreate'
];
methodNames.forEach(function(methodName) {
disableMethods(model,methodName)
});
}
function disableMethods(model,methodName)
{
if(methodName!='updateAttributes')
model.disableRemoteMethod(methodName, true);
else
model.disableRemoteMethod(methodName, false);
}
Santhosh Hirekerur的更新要使其隐藏LB3上的所有内容,请停止使用已弃用的模型。disableRemoteMethod方法,以及隐藏更新属性的更智能的方法,以及任何其他将来可能起同样作用的方法
我检查该方法是否在原型上,如果在原型上,则在名称前面加上prototype.
前缀,然后再禁用RemoteMethodByName
:
module.exports = function (model) {
var methodNames = [
'create',
'upsert',
'deleteById',
'updateAll',
'updateAttributes',
'patchAttributes',
'createChangeStream',
'findOne',
'find',
'findById',
'count',
'exists',
'replace',
'replaceById',
'upsertWithWhere',
'replaceOrCreate'
];
methodNames.forEach(function (methodName) {
if (!!model.prototype[methodName]) {
model.disableRemoteMethodByName('prototype.' + methodName);
} else {
model.disableRemoteMethodByName(methodName);
}
});
}
我将上述代码放在服务器/中间件/禁用方法.js
中,并从如下模型调用它:
var disableMethods = require('../../server/middleware/disable-methods');
module.exports = function (Model) {
disableMethods(Model);
}