$Populate

1- You need to allow $populate at service level

  module.exports = function (app) {
    const Model = createModel(app);
    const paginate = app.get('paginate');
    const options = {
      Model,
      paginate,
      whitelist: '$populate',
    }
  }

2- You need to allow $populate at rule level

  const options = {
    Model,
    paginate,
    whitelist: '$populate',
    serviceRules: [
      {
        'actions': ['manage'],
        'roles': ['admin'],
        'populateWhitelist': ['categories'] // Alow admin to populate categories
      },
    ],
  };

3 - deep populate

from "versions": "1.9.0"

you can controlled deep populate from rule.populateWhitelist

rule example:

  const options = {
    Model,
    paginate,
    whitelist: '$populate',
    serviceRules: [
      // rule example that allow the user to populate posts and post tags
      {
        actions: ['read'],
        populateWhitelist: ['post', 'post.tags']
      },
      // rule example that allow the user to populate and post tags but select only the tag name
      {
        actions: ['read'],
        populateWhitelist: ['post', {path: 'post.tags', select: ['name']}]
      },
    ],
  };

'$populate' examples:

$populate: ['post','tag'];
$populate: [{path: 'post', select: 'name', populate: 'tag'}];
$populate: [{path: 'post', select: 'name', populate: {path: 'tag', select: 'name'}];

request example:

const {callingParamsPersistUser} = require('feathers-mongoose-casl');

// We use callingParamsPersistUser to persist user abilities when the request call from the server

// in this user get response with the populate post, and each tag inside the post will be populate but he
// will get only the name fields
// user will not be populate , it is now allowed by the populateWhitelist
const res = await context.app.service('some-service').find(callingParamsPersistUser(context.params, {
  query: {
    '$populate':
    [{
      path: 'post',
      'populate': {
        path: 'tags',
        select: 'name, rating'
      }
    },
    'user'
    ]
  }
}));

simple Request example

http://localhost:3030/products?$limit=5&$populate=categories,colors

4- Optional - Dashboard configuration-

To populate filed inside dashboard screen add this:

  // Inside product service
  const options = {
    Model,
    paginate,
    serviceRules: [
      {
        'actions': ['manage'],
        'roles': ['admin'],
        'populateWhitelist': ['categories'] // Alow admin to populate categories
      },
    ],
    dashboardConfig: {
      populate: ['categories'] // add categories to dashboard populate query
    },
  };

Important - security issue in version before 1.9.0 When you enable $populate your service is not full secure, for now we did't handle security for populate as object, for example:

request with this query fill fetch users

$populate: {
          path: 'posts',
          select: 'gates',
          populate: {
            path: 'users',
            populate: {
              path: 'office'
            }
          }
}

Need to populate collection of private files ? check this guide:

PreviousDefault value NextUpload service

Last updated 6 years ago

Was this helpful?