Parse-Server 防止自动添加字段

Parse-Server prevent fields from being added automatically

现在,如果我向 Parse 对象添加一个字段然后保存它,新列将显示在 Parse 仪表板中。

例如运行之后:

let media = new Parse.Object("Media");
media.set("foo", "bar");
await media.save();

我将有一个名为 foo 的新专栏。

是否可以避免这种情况的发生?

您必须为每个 classes 添加一个 beforeSave 触发器,保留所有键的架构,迭代 request.object 的键,并查看是否有任何不属于您的模式的。然后您可以 un-set 他们并调用 response.success(),或者您可以调用 response.error() 来完全阻止保存,最好用一条消息指出违规字段。 

const approvedFields = ["field1", "field2", "field3"];

Parse.Cloud.beforeSave("MyClass", function(request, response) {
    let object = request.object;
    for( var key in object.dirtyKeys() ) {
        if( approviedFields.indexOf(key) == -1 ) return response.error(`Error: Attempt to save invalid field: ${key});
    }
    response.success();
});

编辑:

由于这引起了一些关注,我想我要补充一点,您可以获得 class 的当前架构。来自文档:https://docs.parseplatform.org/js/guide/#schema

// create an instance to manage your class
const mySchema = new Parse.Schema('MyClass');

// gets the current schema data
mySchema.get();

目前还不清楚这是否是异步的(你必须自己测试,一旦知道就随时评论更新答案!)

但是,一旦您拥有架构,它就会有一个字段 属性,它是一个对象。检查 link 以了解它们的外观。

您可以通过遍历对象的键来验证对象,并查看 schema.fields 是否具有 属性:

Parse.Cloud.beforeSave('MyClass', (request, response) => {
    let object = request.object;
    for( var key in object.dirtyKeys() ) {
        if( !schema.fields.hasOwnProperty(key) ) < Unset or return error >
    }
    response.success();
}

对于刚从 Parse-Server 开始的任何人的最新版本的强制性说明,请求方案已更改为不再使用响应对象。你只是 return 结果。所以,记住这一点。

是的。这可以使用 class-level permissions 来完成,它允许您防止将字段添加到 类.

Parse lets you specify what operations are allowed per class. This lets you restrict the ways in which clients can access or modify your classes.

...

Add fields: Parse classes have schemas that are inferred when objects are created. While you’re developing your app, this is great, because you can add a new field to your object without having to make any changes on the backend. But once you ship your app, it’s very rare to need to add new fields to your classes automatically. You should pretty much always turn off this permission for all of your classes when you submit your app to the public.