我有一个带有付款ID的模型,当我执行GET请求时,它会返回列入黑名单的项目
WorkOrder.create({
id: 1,
requestedDate: new Date(),
user: user[0],
product: product[0],
paid: true,
paymentID: 'abcd12'
})
当我对/ workOrder / 1
进行简单的调用时 it('should not return the paymentID to the registered user', function(){
return request
.get('/workOrder/1')
.expect(200)
.then(function(res){
console.log(res.body)
return expect(res.body.paymentID).to.equal(undefined)
})
})
它返回带有效负载的paymentID
{ user: 322,
product: 733,
id: 1,
requestedDate: '2016-11-06T15:04:41.174Z',
paid: true,
paymentID: 'abcd12',
createdAt: '2016-11-06T15:04:41.179Z',
updatedAt: '2016-11-06T15:04:41.179Z' }
即使在bootstrap.js中我也有
ok = ok.then(function(){
return PermissionService.grant({
role: 'registered',
model: 'WorkOrder',
action: 'read',
criteria: {blacklist: ['paymentID']}
})
})
和标准
帆> Criteria.find({})。then(function(r){console.log(r)})
Promise {
_bitField: 0,
_fulfillmentHandler0: undefined,
_rejectionHandler0: undefined,
_promise0: undefined,
_receiver0: undefined }
sails> [
{ permission: 11953,
blacklist: [ 'paymentID' ],
createdAt: '2016-11-06T15:11:52.648Z',
updatedAt: '2016-11-06T15:11:52.648Z',
id: 46 } ]
和权限
帆> Permission.find({id:11953})。填充(' model')。填充(' role')。then(function(r){console.log(r)})
Promise {
_bitField: 0,
_fulfillmentHandler0: undefined,
_rejectionHandler0: undefined,
_promise0: undefined,
_receiver0: undefined }
sails> [ { model:
{ name: 'WorkOrder',
identity: 'workorder',
attributes:
...
id: 2029 },
role:
{ name: 'registered',
active: true,
createdAt: '2016-11-06T15:11:51.522Z',
updatedAt: '2016-11-06T15:11:51.522Z',
id: 572 },
action: 'read',
relation: 'role',
createdAt: '2016-11-06T15:11:52.640Z',
updatedAt: '2016-11-06T15:11:52.642Z',
id: 11953 } ]
答案 0 :(得分:1)
在WorkOrder模型中,在文件末尾附近添加此toJSON函数(仍在module.exports内)。基本上它的作用是在模型被解析为JSON之前,它删除了paymentID
// Remove the password when sending data to JSON
toJSON: function() {
var obj = this.toObject();
delete obj.paymentID;
return obj;
},
This link to the Sails Docs更详细地解释了这个概念以及更多的例子。