mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-27 22:49:56 -05:00
87cda81c84
closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash
47 lines
1.3 KiB
JavaScript
47 lines
1.3 KiB
JavaScript
var ghostBookshelf = require('./base'),
|
|
AppSetting = require('./appSetting'),
|
|
App,
|
|
Apps;
|
|
|
|
App = ghostBookshelf.Model.extend({
|
|
tableName: 'apps',
|
|
|
|
permissions: function () {
|
|
// Have to use the require here because of circular dependencies
|
|
return this.belongsToMany(require('./permission').Permission, 'permissions_apps');
|
|
},
|
|
|
|
settings: function () {
|
|
return this.belongsToMany(AppSetting, 'app_settings');
|
|
}
|
|
}, {
|
|
/**
|
|
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
|
|
* @param {String} methodName The name of the method to check valid options for.
|
|
* @return {Array} Keys allowed in the `options` hash of the model's method.
|
|
*/
|
|
permittedOptions: function (methodName) {
|
|
var options = ghostBookshelf.Model.permittedOptions(),
|
|
|
|
// whitelists for the `options` hash argument on methods, by method name.
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
validOptions = {
|
|
findOne: ['withRelated']
|
|
};
|
|
|
|
if (validOptions[methodName]) {
|
|
options = options.concat(validOptions[methodName]);
|
|
}
|
|
|
|
return options;
|
|
}
|
|
});
|
|
|
|
Apps = ghostBookshelf.Collection.extend({
|
|
model: App
|
|
});
|
|
|
|
module.exports = {
|
|
App: App,
|
|
Apps: Apps
|
|
};
|