如何在sailjs中限制rest api结果中的指定 [英] how can I limit specify filed in rest api result in sailjs

问题描述

我在sailsjs中使用restapi，我有一个用户模型:

I'm using restapi in sailsjs , I have a user model:

module.exports = {

  schema: true,

  attributes: {

    username : { type: 'string' },    

    real_name : { type: 'string' },

    encrypted_password: {
      type: 'string'
    },

    id_card : { type: 'string' },

    is_verify : { type : 'boolean' } ,

    email : { type: 'string' },

    phone : {
      type: 'string'
    } 

  },
};

我想公开一些 rest api ，但我只允许 findOne 方法，更重要的是:

I would like to expose some rest api , but I only allow findOne method , and what's more :

我不希望结果包含 id_card ，因为这是一种私人信息.

I DON'T want the result contains id_card , because it's kind of private info.

Sailsjs 没有 beforeFindOne 或 afterFindOne.

Sailsjs doesn't has beforeFindOne or afterFindOne.

我能做什么?

此外:

我想公开一个rest api，例如更新.但我只想要休息 api 只允许更新电话 &电子邮件，而不是 real_name &is_verify .

I would like to expose a rest api , such as update. But I only want rest api to just allow update phone & email, rather than real_name & is_verify .

我可以通过 beforeupdate 方法来限制提交的更新.

I can do it in beforeupdate method to limit the update filed.

beforeUpdate: function(values, cb) {
    // accessing the function defined above the module.exports
    FilterUpdateField(function() {
      cb();
    })
  }

但是这些代码行不会很优雅.有些人可能宁愿编写自己的 api 来覆盖它.

But these lines of code would NOT be elegant. Some may rather write their own api to override it.

那么，在这两种情况下，编写自己的 api 来覆盖其余 api 是否合适?

So, Would it be properly to write my own api to override the rest api in this two situations?

推荐答案

对于您的第一个问题:

我不希望结果包含 id_card ，因为这是一种私人信息.

I DON'T want the result contains id_card , because it's kind of private info.

您应该简单地将选项 protected: true 添加到模型属性中，如:

You should simply add the option protected: true to the model attribute, as in:

attributes:{
  id_card : { 
    type: 'string',
    protected: true 
  }, 
}

对于您的第二个问题:我真的不知道有什么方法可以保护要更新的属性，而不是您已经在使用的 beforeUpdate.

For your second question: I don't really know a way to protect an attribute to update rather than the beforeUpdate you are already using.

PD:您可能应该为每个问题创建不同的线程.

PD: you should probably create different threads for each question you have.

这篇关于如何在sailjs中限制rest api结果中的指定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！