A Bookshelf plugin that provides fillable and guarded properties on the model to prevent certain properties from being mass-assignable. Inspired by Laravel's Eloquent ORM.
Install the module from npm:
npm install bookshelf-mass-assignment
Initialize the plugin with:
const bookshelf = require('bookshelf');
bookshelf.plugin('bookshelf-mass-assignment');Then in your Bookshelf models, you can use the fillable or guarded properties.
const User = bookshelf.Model.extend({
tableName: 'users',
// Specifies that only these user properties are mass-assignable.
fillable: ['email', 'first_name', 'last_name']
});The fillable property serves as a list of whitelisted user attributes that can be assigned to the model. Alternatively, you can use the guarded property to specify a blacklist of user attributes that cannot be assigned:
const User = bookshelf.Model.extend({
tableName: 'users',
// Specifies that these properties are not mass-assignable.
guarded: ['id', 'is_admin']
});Then save the model as usual:
new User().save({ first_name: 'Bob', is_admin: true })
.then(user => console.log('Successfully saved user!'))
.catch(err => console.log(err.message)); // Outputs: "Couldn't save model! Attributes are invalid."If you don't want a hard error to be thrown when protected attributes are present, then add silent: true to the options object in save. This will ignore any attributes not in fillable if fillable is provided, or will ignore any attributes in guarded if guarded is provided:
new User().save({ first_name: 'Bob', is_admin: true }, { silent: true })
.then(user => console.log('Successfully saved user!')) // Only saved { first_name: 'Bob' }.
.catch(err => console.log(err.message));Note that you can only use either fillable or guarded, not both.
Licensed under the terms of the MIT License.