39 lines
1.2 KiB
JavaScript
39 lines
1.2 KiB
JavaScript
module.exports = {
|
|
meta: {
|
|
docs: {
|
|
description: "Service without `@requires/restrict` should not expose fields `createdBy` and `modifiedBy`.",
|
|
version: "1.0.0"
|
|
},
|
|
fixable: "code",
|
|
model: "inferred"
|
|
},
|
|
create: function (context) {
|
|
return { entity: checkForExposedFields };
|
|
|
|
function checkForExposedFields(e) {
|
|
const services = context.getModel().services;
|
|
const unauthorizedServices = services
|
|
.map((s) => {
|
|
if (!s["@requires"] && !s["@restrict"]) {
|
|
return s.name;
|
|
}
|
|
})
|
|
.filter((item) => !!item);
|
|
const found = Object.keys(e.elements).find((r) => ["createdBy", "modifiedBy"].indexOf(r) >= 0);
|
|
const isUnauthorizedService = unauthorizedServices.some((r) => {
|
|
if (e.name.includes(r)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
});
|
|
if (found && isUnauthorizedService) {
|
|
context.report({
|
|
message: `Danger - exposed field '${found}' with '${e.name}' Either remove these or add add \`@restrict/requires\`.`,
|
|
node: context.getNode(e),
|
|
file: e.$location.file
|
|
});
|
|
}
|
|
}
|
|
}
|
|
};
|