0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
ghost/core/server/models/app.js
David Arvelo 87cda81c84 Sanitize models' attributes/options before passing to bookshelf/knex
closes #2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
2014-05-06 23:02:49 -04:00

47 lines
1.3 KiB
JavaScript

var ghostBookshelf = require('./base'),
AppSetting = require('./appSetting'),
App,
Apps;
App = ghostBookshelf.Model.extend({
tableName: 'apps',
permissions: function () {
// Have to use the require here because of circular dependencies
return this.belongsToMany(require('./permission').Permission, 'permissions_apps');
},
settings: function () {
return this.belongsToMany(AppSetting, 'app_settings');
}
}, {
/**
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
* @param {String} methodName The name of the method to check valid options for.
* @return {Array} Keys allowed in the `options` hash of the model's method.
*/
permittedOptions: function (methodName) {
var options = ghostBookshelf.Model.permittedOptions(),
// whitelists for the `options` hash argument on methods, by method name.
// these are the only options that can be passed to Bookshelf / Knex.
validOptions = {
findOne: ['withRelated']
};
if (validOptions[methodName]) {
options = options.concat(validOptions[methodName]);
}
return options;
}
});
Apps = ghostBookshelf.Collection.extend({
model: App
});
module.exports = {
App: App,
Apps: Apps
};