Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Filter by ObjectIds #9

Open
kersten opened this Issue Jul 4, 2013 · 5 comments

Comments

Projects
None yet
3 participants

kersten commented Jul 4, 2013

Hello,

I have a collection where the documents are matched against a user_id. So my document looks something like this:

{
    "duration": "00:20",
    "name": "Samplename",
    "user_id": { "$oid" : "51d299b48e8ab7da3a000003" },
    "__v": 0,
    "_id": { "$oid" : "51d29c79579343a63b000003" }
}

Is there an easy way of just fetching documents where the user_id matches when I GET the documents? Filter doesn't work because you are using a RegEx which will not work with ObjectId fields.

Owner

jspears commented Jul 4, 2013

Creating a finder is the easiest way

Sent from my iPhone

On Jul 4, 2013, at 10:08 AM, Kersten Burkhardt notifications@github.com
wrote:

Hello,

I have a collection where the documents are matched against a user_id. So
my document looks something like this:

{
"duration": "00:20",
"name": "Samplename",
"user_id": { "$oid" : "51d299b48e8ab7da3a000003" },
"__v": 0,
"_id": { "$oid" : "51d29c79579343a63b000003" }
}

Is there an easy way of just fetching documents where the user_id matches
when I GET the documents? Filter doesn't work because you are using a RegEx
which will not work with ObjectId fields.


Reply to this email directly or view it on
GitHubhttps://github.com/jspears/mers/issues/9
.

kersten commented Jul 4, 2013

Ok, got that. But how would you implement security? You write that it should be a good place to use a transformer, but how would I get the currently logged in user? I cannot get the session object, or do I miss something?

Owner

jspears commented Jul 4, 2013

You can use a filter and capture the user. Due to nodes threading model
you can do things you wouldn't do in other frameworks. I use passport for
general security it works fine. For more granular security transformers and
filters should work.

Sent from my iPhone

On Jul 4, 2013, at 10:32 AM, Kersten Burkhardt notifications@github.com
wrote:

Ok, got that. But how would you implement security? You write that it
should be a good place to use a transformer, but how would I get the
currently logged in user? I cannot get the session object, or do I miss
something?


Reply to this email directly or view it on
GitHubhttps://github.com/jspears/mers/issues/9#issuecomment-20480078
.

gausie commented Sep 19, 2013

How can you use transformers for security? Surely all the user needs to do to circumvent it is make a request and strip any transformers or filters?

Owner

jspears commented Sep 20, 2013

well, you can override the transformers in the route preventing someone
from just injecting transformers in there.

req.get('/rest/api/*', function(req, res, next){

req.query.transformers = ['yourselecurity transformer'];
next();
});

On Thu, Sep 19, 2013 at 1:25 PM, Samuel Gaus notifications@github.comwrote:

How can you use transformers for security? Surely all the user needs to do
to circumvent it is make a request and strip any transformers or filters?


Reply to this email directly or view it on GitHubhttps://github.com/jspears/mers/issues/9#issuecomment-24757447
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment