mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-14 09:52:09 +03:00
87cda81c84
closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash
55 lines
1.4 KiB
JavaScript
55 lines
1.4 KiB
JavaScript
var ghostBookshelf = require('./base'),
|
|
User = require('./user').User,
|
|
Role = require('./role').Role,
|
|
App = require('./app').App,
|
|
|
|
Permission,
|
|
Permissions;
|
|
|
|
Permission = ghostBookshelf.Model.extend({
|
|
|
|
tableName: 'permissions',
|
|
|
|
roles: function () {
|
|
return this.belongsToMany(Role);
|
|
},
|
|
|
|
users: function () {
|
|
return this.belongsToMany(User);
|
|
},
|
|
|
|
apps: function () {
|
|
return this.belongsToMany(App);
|
|
}
|
|
}, {
|
|
/**
|
|
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
|
|
* @param {String} methodName The name of the method to check valid options for.
|
|
* @return {Array} Keys allowed in the `options` hash of the model's method.
|
|
*/
|
|
permittedOptions: function (methodName) {
|
|
var options = ghostBookshelf.Model.permittedOptions(),
|
|
|
|
// whitelists for the `options` hash argument on methods, by method name.
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
validOptions = {
|
|
add: ['user']
|
|
};
|
|
|
|
if (validOptions[methodName]) {
|
|
options = options.concat(validOptions[methodName]);
|
|
}
|
|
|
|
return options;
|
|
},
|
|
});
|
|
|
|
Permissions = ghostBookshelf.Collection.extend({
|
|
model: Permission
|
|
});
|
|
|
|
module.exports = {
|
|
Permission: Permission,
|
|
Permissions: Permissions
|
|
};
|