V8 field level security

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsV8 field level security
(Created page with "Count usage of a particular service, saving history in a database table. Each time a GET call is made on an API endpoint, write the transaction details to a 'TransactionHistor...")
 
Line 1: Line 1:
Count usage of a particular service, saving history in a database table. Each time a GET call is made on an API endpoint, write the transaction details to a 'TransactionHistory' table. Record the username, application key, and timestamp.
+
Always remove some fields depending on the current role. API call returns 'social_security_number' and 'date_of_birth' from the database. Before returning JSON content to the client, remove tax_identifier and date_of_birth. For this change to take effect you have to enable modification of response in admin console script editor. Checkbox label is 'Allow script to modify request (pre-process) or response (post-process)'.
  
 
<source lang="javascript">
 
<source lang="javascript">
// Always remove some fields depending on the current role. API call returns 'social_security_number' and 'date_of_birth' from the database. Before returning JSON content to the client, remove tax_identifier and date_of_birth.
 
 
 
// get.post_process
 
// get.post_process
  
Line 10: Line 8:
 
lodash._.each(event.response.content.resource, function (record) {
 
lodash._.each(event.response.content.resource, function (record) {
  
     if (record.tax_identifier) {
+
     if (platform.sesssion.role.name !== 'admin') {
        delete record.tax_identifier;
+
 
    }
+
        if (record.tax_identifier) {
 +
            delete record.tax_identifier;
 +
        }
 
      
 
      
    if (record.date_of_birth) {
+
        if (record.date_of_birth) {
        delete record.date_of_birth;
+
            delete record.date_of_birth;
 +
        }
 
     }
 
     }
 
});
 
});
 
</source>
 
</source>

Revision as of 18:45, 29 June 2016

Always remove some fields depending on the current role. API call returns 'social_security_number' and 'date_of_birth' from the database. Before returning JSON content to the client, remove tax_identifier and date_of_birth. For this change to take effect you have to enable modification of response in admin console script editor. Checkbox label is 'Allow script to modify request (pre-process) or response (post-process)'.

// get.post_process
 
var lodash = require('lodash.min.js');
 
lodash._.each(event.response.content.resource, function (record) {
 
    if (platform.sesssion.role.name !== 'admin') {
 
        if (record.tax_identifier) {
            delete record.tax_identifier;
        }
 
        if (record.date_of_birth) {
            delete record.date_of_birth;
        }
    }
});