feathers-mongoose-casl
Version 2.1.2
Version 2.1.2
  • feathers-mongoose-casl
  • Docs
    • Migrating
    • START A NEW PROJECT
      • Generate a new project.
      • install feathers-mongoose-casl
      • feathers-logger
      • Update config
      • Add mongoose
      • Email service
      • App hooks
      • Import required services
      • Verify user and filter user fields
      • Swagger, Logger, BodyParser
      • Email templates
      • public HTML
      • Run the server
      • Create you first user
      • vs code snippet extension
      • Test Login
      • Dashboard
      • Create a new Service with casl&Dashboard
      • Posts Postman snippet
      • Add Admin role
      • Done!
    • Advanced
      • Security - eslint-plugin-security
      • Security - rate limiting
      • Development tools
    • Guides
      • Throw errors
      • Auth Flow
      • Authentication
      • Authouriztion
      • /me
      • Rules Cache
      • Create a new service
      • Custom service validtor client data
      • validators
        • Example of use
        • Types
        • Mongoose schema
      • Default value
      • $Populate
      • Upload service
      • Upload files
        • Create upload service
        • Sign File After Populate
        • Storage support
          • Google-cloud
      • Error
      • feathers Client examples
      • Dashboard
        • Dashboard Config
          • Field configuration
          • doc Layout
          • custom Fields
            • customElements
        • Online dashboard
        • Add to your react app
      • customized feathers-mongoose-casl/services
      • Redis - in progress
      • S3
      • Postman
      • Swagger
      • debug
    • Production
      • ENV
    • Feathers wiki
      • Good links
    • utils
      • send email example
      • Async For Each
      • Create heroku server
      • pick
      • vs code snippet extension
      • Persist user request
    • Ecosystem
    • TODO
    • Versions updates
Powered by GitBook
On this page
  • 1- You need to allow $populate at service level
  • 2- You need to allow $populate at rule level
  • 3 - deep populate
  • 4- Optional - Dashboard configuration-

Was this helpful?

  1. Docs
  2. Guides

$Populate

1- You need to allow $populate at service level

  module.exports = function (app) {
    const Model = createModel(app);
    const paginate = app.get('paginate');
    const options = {
      Model,
      paginate,
      whitelist: '$populate',
    }
  }

2- You need to allow $populate at rule level

  const options = {
    Model,
    paginate,
    whitelist: '$populate',
    serviceRules: [
      {
        'actions': ['manage'],
        'roles': ['admin'],
        'populateWhitelist': ['categories'] // Alow admin to populate categories
      },
    ],
  };

3 - deep populate

from "versions": "1.9.0"

you can controlled deep populate from rule.populateWhitelist

rule example:

  const options = {
    Model,
    paginate,
    whitelist: '$populate',
    serviceRules: [
      // rule example that allow the user to populate posts and post tags
      {
        actions: ['read'],
        populateWhitelist: ['post', 'post.tags']
      },
      // rule example that allow the user to populate and post tags but select only the tag name
      {
        actions: ['read'],
        populateWhitelist: ['post', {path: 'post.tags', select: ['name']}]
      },
    ],
  };

'$populate' examples:

$populate: ['post','tag'];
$populate: [{path: 'post', select: 'name', populate: 'tag'}];
$populate: [{path: 'post', select: 'name', populate: {path: 'tag', select: 'name'}];

request example:

const {callingParamsPersistUser} = require('feathers-mongoose-casl');

// We use callingParamsPersistUser to persist user abilities when the request call from the server

// in this user get response with the populate post, and each tag inside the post will be populate but he
// will get only the name fields
// user will not be populate , it is now allowed by the populateWhitelist
const res = await context.app.service('some-service').find(callingParamsPersistUser(context.params, {
  query: {
    '$populate':
    [{
      path: 'post',
      'populate': {
        path: 'tags',
        select: 'name, rating'
      }
    },
    'user'
    ]
  }
}));

simple Request example

4- Optional - Dashboard configuration-

To populate filed inside dashboard screen add this:

  // Inside product service
  const options = {
    Model,
    paginate,
    serviceRules: [
      {
        'actions': ['manage'],
        'roles': ['admin'],
        'populateWhitelist': ['categories'] // Alow admin to populate categories
      },
    ],
    dashboardConfig: {
      populate: ['categories'] // add categories to dashboard populate query
    },
  };

Important - security issue in version before 1.9.0 When you enable $populate your service is not full secure, for now we did't handle security for populate as object, for example:

request with this query fill fetch users

$populate: {
          path: 'posts',
          select: 'gates',
          populate: {
            path: 'users',
            populate: {
              path: 'office'
            }
          }
}

Need to populate collection of private files ? check this guide:

PreviousDefault valueNextUpload service

Last updated 5 years ago

Was this helpful?

olors

http://localhost:3030/products?$limit=5&$populate=categories,c