1.0.1
This commit is contained in:
parent
ce8107afbb
commit
d42172986a
5 changed files with 47 additions and 8 deletions
|
@ -1,2 +1,5 @@
|
||||||
|
# 1.0.1
|
||||||
|
* Fix flaw where clients could remove all records, even if `allowRemoveAll` were `false`.
|
||||||
|
|
||||||
# 1.0.0
|
# 1.0.0
|
||||||
* First release.
|
* First release.
|
|
@ -1,3 +1,4 @@
|
||||||
|
include: package:pedantic/analysis_options.yaml
|
||||||
analyzer:
|
analyzer:
|
||||||
strong-mode:
|
strong-mode:
|
||||||
implicit-casts: false
|
implicit-casts: false
|
|
@ -15,7 +15,7 @@ class SembastService extends Service<String, Map<String, dynamic>> {
|
||||||
final bool allowQuery;
|
final bool allowQuery;
|
||||||
|
|
||||||
SembastService(this.database,
|
SembastService(this.database,
|
||||||
{String store, this.allowRemoveAll: false, this.allowQuery: true})
|
{String store, this.allowRemoveAll = false, this.allowQuery = true})
|
||||||
: this.store =
|
: this.store =
|
||||||
(store == null ? database.mainStore : database.getStore(store)),
|
(store == null ? database.mainStore : database.getStore(store)),
|
||||||
super();
|
super();
|
||||||
|
@ -151,12 +151,16 @@ class SembastService extends Service<String, Map<String, dynamic>> {
|
||||||
@override
|
@override
|
||||||
Future<Map<String, dynamic>> remove(String id,
|
Future<Map<String, dynamic>> remove(String id,
|
||||||
[Map<String, dynamic> params]) async {
|
[Map<String, dynamic> params]) async {
|
||||||
if (id == null ||
|
if (id == null || id == 'null') {
|
||||||
id == 'null' &&
|
// Remove everything...
|
||||||
(allowRemoveAll == true ||
|
if (!(allowRemoveAll == true ||
|
||||||
params?.containsKey('provider') != true)) {
|
params?.containsKey('provider') != true)) {
|
||||||
await store.deleteAll(await store.findKeys(new Finder()));
|
throw AngelHttpException.forbidden(
|
||||||
return {};
|
message: 'Clients are not allowed to delete all items.');
|
||||||
|
} else {
|
||||||
|
await store.deleteAll(await store.findKeys(new Finder()));
|
||||||
|
return {};
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return database.transaction((txn) async {
|
return database.transaction((txn) async {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
name: angel_sembast
|
name: angel_sembast
|
||||||
description: package:sembast-powered CRUD services for the Angel framework.
|
description: package:sembast-powered CRUD services for the Angel framework.
|
||||||
homepage: https://github.com/angel-dart/sembast
|
homepage: https://github.com/angel-dart/sembast
|
||||||
version: 1.0.0
|
version: 1.0.1
|
||||||
author: Tobe O <thosakwe@gmail.com>
|
author: Tobe O <thosakwe@gmail.com>
|
||||||
environment:
|
environment:
|
||||||
sdk: ">=2.0.0-dev <3.0.0"
|
sdk: ">=2.0.0-dev <3.0.0"
|
||||||
|
@ -11,5 +11,6 @@ dependencies:
|
||||||
dev_dependencies:
|
dev_dependencies:
|
||||||
angel_http_exception: ^1.0.0
|
angel_http_exception: ^1.0.0
|
||||||
logging:
|
logging:
|
||||||
|
pedantic: ^1.0.0
|
||||||
test: ^1.0.0
|
test: ^1.0.0
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
import 'dart:collection';
|
import 'dart:collection';
|
||||||
|
import 'package:angel_framework/angel_framework.dart';
|
||||||
import 'package:angel_http_exception/angel_http_exception.dart';
|
import 'package:angel_http_exception/angel_http_exception.dart';
|
||||||
import 'package:angel_sembast/angel_sembast.dart';
|
import 'package:angel_sembast/angel_sembast.dart';
|
||||||
import 'package:sembast/sembast.dart';
|
import 'package:sembast/sembast.dart';
|
||||||
|
@ -76,6 +77,35 @@ main() async {
|
||||||
expect(await service.index(), isEmpty);
|
expect(await service.index(), isEmpty);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('cannot remove all unless explicitly set', () async {
|
||||||
|
expect(() => service.remove(null, {'provider': Providers.rest}),
|
||||||
|
throwsA(const TypeMatcher<AngelHttpException>()));
|
||||||
|
expect(
|
||||||
|
() => service.remove(null, {'provider': Providers.rest}),
|
||||||
|
throwsA(predicate((x) => x is AngelHttpException && x.statusCode == 403,
|
||||||
|
'throws forbidden')));
|
||||||
|
expect(() => service.remove('null', {'provider': Providers.rest}),
|
||||||
|
throwsA(const TypeMatcher<AngelHttpException>()));
|
||||||
|
expect(
|
||||||
|
() => service.remove('null', {'provider': Providers.rest}),
|
||||||
|
throwsA(predicate((x) => x is AngelHttpException && x.statusCode == 403,
|
||||||
|
'throws forbidden')));
|
||||||
|
});
|
||||||
|
|
||||||
|
test('can remove all on server side', () async {
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.remove(null);
|
||||||
|
expect(await service.index(), isEmpty);
|
||||||
|
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.create({'bar': 'baz'});
|
||||||
|
await service.remove('null');
|
||||||
|
expect(await service.index(), isEmpty);
|
||||||
|
});
|
||||||
|
|
||||||
test('remove nonexistent', () async {
|
test('remove nonexistent', () async {
|
||||||
expect(() => service.remove('440'),
|
expect(() => service.remove('440'),
|
||||||
throwsA(const TypeMatcher<AngelHttpException>()));
|
throwsA(const TypeMatcher<AngelHttpException>()));
|
||||||
|
|
Loading…
Reference in a new issue