Set disableInclude for User->AccessToken relation

See #386

Author: Raymond Feng

common/models/user.json

@@ -90,7 +90,10 @@
     "accessTokens": {
       "type": "hasMany",
       "model": "AccessToken",
-      "foreignKey": "userId"
+      "foreignKey": "userId",
+      "options": {
+        "disableInclude": true
+      }
     }
   }
 }

test/fixtures/access-control/app.json

@@ -1,4 +1,5 @@
 {
   "port": 3000,
-  "host": "0.0.0.0"
+  "host": "0.0.0.0",
+  "legacyExplorer": false
 }

test/fixtures/simple-app/app.json

@@ -1,4 +1,5 @@
 {
   "port": 3000,
-  "host": "127.0.0.1"
+  "host": "127.0.0.1",
+  "legacyExplorer": false
 }

test/fixtures/simple-integration-app/app.json

@@ -10,5 +10,6 @@
     "urlencoded": {
       "limit": "8kb"
     }
-  }
+  },
+  "legacyExplorer": false
 }

test/fixtures/user-integration-app/app.js

@@ -0,0 +1,14 @@
+var loopback = require('../../../');
+var boot = require('loopback-boot');
+var path = require('path');
+var app = module.exports = loopback();
+app.enableAuth();
+boot(app, __dirname);
+app.use(loopback.favicon());
+app.use(loopback.cookieParser({secret: app.get('cookieSecret')}));
+app.use(loopback.token({model: app.models.myAccessToken}));
+var apiPath = '/api';
+app.use(apiPath, loopback.rest());
+app.use(loopback.static(path.join(__dirname, 'public')));
+app.use(loopback.urlNotFound());
+app.use(loopback.errorHandler());

test/fixtures/user-integration-app/app.json

@@ -0,0 +1,15 @@
+{
+  "port": 3000,
+  "host": "0.0.0.0",
+  "cookieSecret": "2d13a01d-44fb-455c-80cb-db9cb3cd3cd0",
+  "remoting": {
+    "json": {
+      "limit": "1kb",
+      "strict": false
+    },
+    "urlencoded": {
+      "limit": "8kb"
+    }
+  },
+  "legacyExplorer": false
+}

test/fixtures/user-integration-app/datasources.json

@@ -0,0 +1,10 @@
+{
+  "db": {
+    "defaultForType": "db",
+    "connector": "memory"
+  },
+  "mail": {
+    "defaultForType": "mail",
+    "connector": "mail"
+  }
+}

test/fixtures/user-integration-app/models.json

@@ -0,0 +1,71 @@
+{
+  "email": {
+    "dataSource": "mail",
+    "public": false,
+    "options": {
+      "base": "Email"
+    }
+  },
+  "myUser": {
+    "dataSource": "db",
+    "public": true,
+    "options": {
+      "base": "User",
+      "relations": {
+        "accessTokens": {
+          "model": "myAccessToken",
+          "type": "hasMany",
+          "foreignKey": "userId",
+          "options": {
+            "disableInclude": true
+          }
+        },
+        "blogs": {
+          "model": "blog",
+          "type": "hasMany",
+          "foreignKey": "userId"
+        }
+      },
+      "acls": [
+        {
+          "permission": "ALLOW",
+          "principalType": "ROLE",
+          "principalId": "$owner"
+        }
+      ]
+    }
+  },
+  "myAccessToken": {
+    "dataSource": "db",
+    "public": true,
+    "options": {
+      "base": "AccessToken",
+      "relations": {
+        "user": {
+          "model": "myUser",
+          "type": "belongsTo",
+          "foreignKey": "userId"
+        }
+      }
+    }
+  },
+  "blog": {
+    "base": "PersistedModel",
+    "dataSource": "db",
+    "public": true,
+    "properties": {
+      "title": {
+        "type": "string"
+      },
+      "content": {
+        "type": "string"
+      }
+    },
+    "relations": {
+      "user": {
+        "type": "belongsTo",
+        "model": "myUser"
+      }
+    }
+  }
+}

test/user.integration.js

@@ -0,0 +1,89 @@
+/*jshint -W030 */
+
+var loopback = require('../');
+var lt = require('loopback-testing');
+var path = require('path');
+var SIMPLE_APP = path.join(__dirname, 'fixtures', 'user-integration-app');
+var app = require(path.join(SIMPLE_APP, 'app.js'));
+var expect = require('chai').expect;
+
+describe('users - integration', function() {
+
+  lt.beforeEach.withApp(app);
+
+  before(function(done) {
+    app.models.myUser.destroyAll(function(err) {
+      if (err) return done(err);
+      app.models.blog.destroyAll(done);
+    });
+  });
+
+  after(function(done) {
+    app.models.blog.destroyAll(done);
+  });
+
+  var userId;
+  var accessToken;
+
+  it('should create a new user', function(done) {
+    var url = '/api/myUsers';
+
+    this.post(url)
+      .send({username: 'x', email: '[email protected]', password: 'x'})
+      .expect(200, function(err, res) {
+        if (err) {
+          return done(err);
+        }
+        expect(res.body.id).to.exist;
+        userId = res.body.id;
+        done();
+      });
+  });
+
+  it('should log into the user', function(done) {
+    var url = '/api/myUsers/login';
+
+    this.post(url)
+      .send({username: 'x', email: '[email protected]', password: 'x'})
+      .expect(200, function(err, res) {
+        if (err) {
+          return done(err);
+        }
+        expect(res.body.id).to.exist;
+        accessToken = res.body.id;
+        done();
+      });
+  });
+
+  it('should create blog for a given user', function(done) {
+    var url = '/api/myUsers/' + userId + '/blogs?access_token=' + accessToken;
+    this.post(url)
+      .send({title: 'T1', content: 'C1'})
+      .expect(200, function(err, res) {
+        if (err) {
+          console.error(err);
+          return done(err);
+        }
+        expect(res.body.title).to.be.eql('T1');
+        expect(res.body.content).to.be.eql('C1');
+        expect(res.body.userId).to.be.eql(userId);
+        done();
+      });
+  });
+
+  it('should prevent access tokens from being included', function(done) {
+    var url = '/api/blogs?filter={"include":{"user":"accessTokens"}}';
+    this.get(url)
+      .expect(200, function(err, res) {
+        if (err) {
+          return done(err);
+        }
+        expect(res.body).to.have.property('length', 1);
+        var blog = res.body[0];
+        expect(blog.user).to.have.property('username', 'x');
+        expect(blog.user).to.not.have.property('accessTokens');
+        done();
+      });
+  });
+
+});