hunt
Version:
High level nodejs framework build on top of expressjs, mongoose, sequilize, socketio and passportjs
79 lines (67 loc) • 2.97 kB
JavaScript
;
/**
* @method ExportModelToRestParameters#canDelete
* @param {User} User
* @param {function} callback - function(error, canDeleteBoolean){...}
* @fires Hunt#REST:collectionName:DELETE:itemId
* @description
* Model instance method, that is called to determine, does the current authenticated user have rights to delete this particular entity.
* Fires `REST:collectionName:DELETE:itemCreatedId` event on successefull entity creation.
* @example
* //ACL check for ability to delete this particular document
* TrophySchema.methods.canDelete = function (user, callback) {
* var document = this;
* callback(null, (user && document.owner == user.id));
* };
*/
var
int = require('./../interface.js'),
winston = require('winston');
module.exports = exports = function (core, parameters, router) {
router.delete(/^\/([0-9a-fA-F]{24}||\d+)$/, core.preload(parameters.modelName), function (request, response) {
if (request.preload.canDelete === true) {
int.delete(request.model[request.preload.modelName], request.preload.model, function (error) {
if (error) {
throw error;
}
/**
* @event Hunt#REST:collectionName:DELETE:itemId
* @property {string} ip - ip address of remote host
* @property {string} ips - proxy chain if present - {@link http://expressjs.com/api.html#req.ips}
* @property {string} modelName - name of model being deleted
* @property {Object} document - document being deleted
* @property {User} user - user who did this request, and you can blaim him/her for breaking things
*/
request.huntEmit(['REST', request.preload.modelName, 'DELETE', request.preload.model.id], {
'ip': request.ip,
'ips': request.ips,
'userAgent': request.headers['user-agent'],
'user': request.user,
'modelName': request.preload.modelName,
'document': request.preload.model
});
winston.log('verbose', 'REST:%s:DELETE:%s', parameters.modelName, request.preload.model.id, {
'ip': request.ip,
'ips': request.ips,
'userAgent': request.headers['user-agent'],
'userId': request.user ? request.user.id : null,
'user': request.user ? request.user.toString() : null,
'userKeychain': request.user ? JSON.stringify(request.user.keychain) : null,
'modelName': parameters.modelName,
'documentId': request.preload.model.id,
'document': request.preload.model.toString()
});
request.huntEmit('broadcast', {'type': parameters.genSub(request.preload.model), 'delete': 'delete'});
response
.status(200)
.json({'code': 200, 'status': 'Deleted'});
});
} else {
if (request.user) {
core.errorResponses.error403(response);
} else {
core.errorResponses.error401(response);
}
}
});
};