Added hidden fields support to autocrud.

lib/autocrud.js

@@ -1,7 +1,8 @@
 var sys = require('sys'),
     events = require('events'),
     ObjectID = require('mongodb').ObjectID,
-    jsonSchema = require('json-schema');
+    jsonSchema = require('json-schema'),
+	schemaTools = require('./schema-tools');
 
 function Autocrud(options) {
     if (!(this instanceof Autocrud)) return new Autocrud(options);
@@ -15,6 +16,9 @@ function Autocrud(options) {
         path = options.path,
         schema = options.schema;
 
+	//	Generate alternate schemas and mongo projections
+	var projection = schemaTools.getMongoProjection(schema);
+
     //  Selection of which routes to create
     var getCreate = (options.getCreate) ? options.getCreate : true,
         postCreate = (options.postCreate) ? options.postCreate : true,
@@ -66,7 +70,7 @@ function Autocrud(options) {
     //  GET
 
     this.getRouteFn = function (req, res) {
-        var cursor = collection.find(createQuery(req)),
+        var cursor = collection.find(createQuery(req), projection),
             sort = req.param('sort'),
             limit = req.param('limit'),
             skip = req.param('skip');
@@ -100,7 +104,7 @@ function Autocrud(options) {
     this.getIdRouteFn = function (req, res) {
         try {
             var _id = new ObjectID(req.params.id);
-            collection.findOne(createQuery(req, {_id: _id}), function (err, document) {
+            collection.findOne(createQuery(req, {_id: _id}), projection, function (err, document) {
                 if (err) return res.json(500, err);
                 if (!document) return res.send(404);
                 res.json(document);

test/base.js

@@ -174,6 +174,21 @@ function defineAPI(done) {
 		ownerSelf: true
 	});
 
+	autocrud({
+		app: app,
+		collection: mongo.schema,
+		name: 'schema',
+		path: '/api',
+		schema: {
+			type: 'object',
+			properties: {
+				username: {type:'string', required:true},
+				password: {type:'string', required:true, hidden:true}
+			},
+			additionalProperties: false
+		}
+	});
+
     app.post('/login', passport.authenticate('local'), function (req, res) {
         res.json(200, {success: true});
     });
@@ -214,35 +229,39 @@ before(function (done) {
 							conn.collection('owned', function(err, owned) {
 								if (err) return done(err);
 								mongo.owned = owned;
-
-	                            //  Insert valid test data to mongo
-	                            widget.insert(validPool, function (err, result) {
-	                                if (err) return console.log(err);
-	                                result.forEach(function (resObj) {
-	                                    resObj._id = resObj._id.toString();
-	                                    committedPool.push(resObj);
-	                                });
-	                                committedPool = _.sortBy(committedPool, '_id');
+								conn.collection('schema', function(err, schema) {
+									if (err) return done(err);
+									mongo.schema = schema;
 
-	                                defineAPI(done);
-		                        });
+		                            //  Insert valid test data to mongo
+		                            widget.insert(validPool, function (err, result) {
+		                                if (err) return console.log(err);
+		                                result.forEach(function (resObj) {
+		                                    resObj._id = resObj._id.toString();
+		                                    committedPool.push(resObj);
+		                                });
+		                                committedPool = _.sortBy(committedPool, '_id');
+
+		                                defineAPI(done);
+			                        });
 
-	                            // Insert valid users to mongo
-	                            user.insert({
-	                                username: 'andrew',
-	                                password: '12345',
-	                                roles: ['customer']
-	                            }, function (err, result) {
-	                                if (err) return console.log(err);
-								});
+		                            // Insert valid users to mongo
+		                            user.insert({
+		                                username: 'andrew',
+		                                password: '12345',
+		                                roles: ['customer']
+		                            }, function (err, result) {
+		                                if (err) return console.log(err);
+									});
 
-							    user.insert({
-						            username: 'root',
-					                password: '12345',
-				                    roles: ['administrator']
-			                    }, function (err, result) {
-		                            if (err) return console.log(err);
-	                            });
+								    user.insert({
+							            username: 'root',
+						                password: '12345',
+					                    roles: ['administrator']
+				                    }, function (err, result) {
+			                            if (err) return console.log(err);
+		                            });
+								});
 							});
                         });
                     });

test/schema-tools.js

@@ -0,0 +1,42 @@
+var _ = require('underscore'),
+	assert = require('assert'),
+	getMongoProjection = require('../lib/schema-tools').getMongoProjection;
+
+var sampleSchema = {
+	type: 'object',
+	additionalProperties: false,
+	properties: {
+		username: {type:'string', required: true},
+		password: {type:'string', required: true, hidden: true},
+		stripe: {
+			type: 'object',
+			additionalProperties: false,
+			properties: {
+				stripeId: {type:'string', required: true},
+				stripeKey: {type:'string', required: true, hidden: true}
+			}
+		},
+		subUsers: {
+			type: 'array',
+			items: {
+				type: 'object',
+				additionalProperties: false,
+				properties: {
+					username: {type:'string', required: true},
+					password: {type:'string', required: true, hidden: true}
+				}
+			}
+		}
+	}
+};
+
+describe('Schema Manipulation', function() {
+	it('should generate a mongo projection', function() {
+		var projection = getMongoProjection(sampleSchema);
+		assert(_.isEqual(projection, {
+			'password': 0,
+			'stripe.stripeKey': 0,
+			'subUsers.password': 0
+		}));
+	});
+});

test/schema.js

@@ -1,42 +1,24 @@
-var _ = require('underscore'),
-	assert = require('assert'),
-	getMongoProjection = require('../lib/schema').getMongoProjection;
+var assert = require('assert'),
+	rest = require('restler'),
+	_ = require('underscore');
 
-var sampleSchema = {
-	type: 'object',
-	additionalProperties: false,
-	properties: {
-		username: {type:'string', required: true},
-		password: {type:'string', required: true, hidden: true},
-		stripe: {
-			type: 'object',
-			additionalProperties: false,
-			properties: {
-				stripeId: {type:'string', required: true},
-				stripeKey: {type:'string', required: true, hidden: true}
-			}
-		},
-		subUsers: {
-			type: 'array',
-			items: {
-				type: 'object',
-				additionalProperties: false,
-				properties: {
-					username: {type:'string', required: true},
-					password: {type:'string', required: true, hidden: true}
-				}
-			}
-		}
-	}
-};
-
-describe('Schema Manipulation', function() {
-	it('should generate a mongo projection', function() {
-		var projection = getMongoProjection(sampleSchema);
-		assert(_.isEqual(projection, {
-			'password': 0,
-			'stripe.stripeKey': 0,
-			'subUsers.password': 0
-		}));
+describe('Schema Modification', function() {
+	describe('Projection', function() {
+		it('should not return hidden fields in GET calls', function(done) {
+			rest.json(callPrefix + '/schema', {
+				username: 'testuser',
+				password: 'pass'
+			}, null, 'POST')
+				.on('complete', function(data, res) {
+					assert(res.statusCode === 200);
+
+					rest.json(callPrefix + '/schema/' + data._id, null, null, 'GET')
+						.on('complete', function(data, res) {
+							assert(data.username);
+							assert(!data.password);
+							done();
+						});
+				});
+		});
 	});
 });