Loopback: Support properties white-list in model.json

Created on 30 Jul 2015  路  8Comments  路  Source: strongloop/loopback

The converse of the 'hidden' property: a means to specify which properties should be returned HTTP responses.

Use case: I have a model with a large number of fields, most of which this particular application should not expose so I have removed those properties from the model.json file. Trouble is, the data returned via REST continues to include them. I could add them to the 'hidden' property but that would involve a lot of work up front and will not catch any further fields added to by others in the future.

picture jmkgreen

Most helpful comment

Another option is to override your model's toJSON() to only include the allowed fields. For example,

var fields = ['name', 'id'];
MyModel.prototype.toJSON = function() {
  var obj = this.toObject(false, true, false);
  var json = {};
  for(var p in obj) {
     if(fields.indexOf(p) === -1) continue;
     json[p] = obj[p];
  }
  return json;
}
picture raymondfeng on 30 Jul 2015
👍2

All 8 comments

Have you tried to set up the default scope for your model with a fields filter, for example:

{
  "name": "Product",
  "properties": {
    ...
  }
  "scope": {
    "fields": ["name", "id"]
  }
}

http://docs.strongloop.com/display/LB/Model+definition+JSON+file#ModeldefinitionJSONfile-Defaultscope

raymondfeng picture raymondfeng on 30 Jul 2015

I had not considered this as an approach - I will try and update the documentation with a reference to this as an idea.

jmkgreen picture jmkgreen on 30 Jul 2015

Another option is to override your model's toJSON() to only include the allowed fields. For example,

var fields = ['name', 'id'];
MyModel.prototype.toJSON = function() {
  var obj = this.toObject(false, true, false);
  var json = {};
  for(var p in obj) {
     if(fields.indexOf(p) === -1) continue;
     json[p] = obj[p];
  }
  return json;
}
raymondfeng picture raymondfeng on 30 Jul 2015
👍2

Have updated the confluence page accordingly.

jmkgreen picture jmkgreen on 30 Jul 2015

How can I make use of overriding model's toJSON() if I need to hide/whitelist properties for certain operations?

For example, I need to hide createdAt, createdBy properties from the POST method, as the user is not supposed post these properties when creating a new object since they are handled at the background, but they should be included in the GET method, as I need to be able to provide these values to the user.

celalo picture celalo on 30 Jan 2017

Please see the code snippet above.

raymondfeng picture raymondfeng on 30 Jan 2017

How can I blacklist and whitelist a model property in LB4?

adesege picture adesege on 12 Feb 2019
👍1

Yes, How to hide certain model props from response body in LB4?

tootis picture tootis on 10 Mar 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bryannaegele picture bryannaegele  路  4Comments
futurus picture futurus  路  3Comments
Overdrivr picture Overdrivr  路  4Comments
htmlauthor picture htmlauthor  路  3Comments
bajtos picture bajtos  路  4Comments