Sequelize Attribute Roles
Attribute blacklisting with roles for Sequelize.
Inspired by ssacl-attribute-roles
npm install --save sequelize-attribute-roles
What does it do?
sequelize-attribute-roles adds a hook to sequelize models that allows it to intercept the attributes used in query when retrieving the model from the database. It checks the original model's attribute definitions for the 'access' key, which can be a boolean or object containing keys that correspond to your roles, with a boolean value to designate whether or not that role should be allowed to view this attribute.
You can enable guarding for all models of a Sequelize instance, or for individual models.
Currently, sequelize-attribute-roles only prevents the attributes from being retrieved and viewed, it does NOT prevent these attributes from being altered.
It does not currently prevent foreign key attributes from being retrieved.
It does not support whitelisting yet, and will only hide attributes that have access control defined.
To receive the benefits of attribute guarding, you MUST specify a role in your query options. Otherwise, all attributes will be allowed through.
var sequelizeAttributeRoles =sequelize = ;// Guard attributes on all models of a Sequelize instance;var User = sequelize;// Guard attributes of an individual model;user // No role specified, will include all attributesuser // Will include email but not passworduser // Will include email but not passworduser // Will not include email or password