Loopback: updateAll should honour strict mode
Bug/Feature request
See https://github.com/strongloop/loopback/issues/742#issuecomment-277486024
When user makes a POST /update request (calls updateAll in node API terms), the backend will happily persist (yes, actually persist, not just a wrong in-memory representation) random properties to MongoDB through an updateAll even though strict mode is enabled for the model.
Expected result
updateAll honours strict mode and rejects request with extra properties not described by the model.
Additional information
The scope of this issue is to fix strict mode only. Enforcing all property validations is covered by https://github.com/strongloop/loopback-datasource-juggler/issues/771.
bajtos
All 4 comments
@bajtos will this be backported to v.2?
fabien
on 6 Feb 2017
will this be backported to v.2?
Should it be? I labelled this issue as a feature (semver-minor), which means it won't be backported.
What's your opinion?
bajtos
on 6 Feb 2017
I'd prefer to see it backported, because to me it doesn't appear like a feature. The semantics of strict were a far cry from actually being strict up until now, if you know what I mean.
An option like that (with a name that implies a serious restriction) should behave as expected at all times, to avoid the issues (even security related) mentioned, wouldn't you agree?
fabien
on 6 Feb 2017
This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 6 Sep 2017
Related issues
Overdrivr
路
4Comments
devotox
路
4Comments
Overdrivr
路
3Comments
rkmax
路
3Comments
imasif
路
3Comments
Most helpful comment
I'd prefer to see it backported, because to me it doesn't appear like a feature. The semantics of
strictwere a far cry from actually being strict up until now, if you know what I mean.An option like that (with a name that implies a serious restriction) should behave as expected at all times, to avoid the issues (even security related) mentioned, wouldn't you agree?