It's up to you to filter and validate the input. (ok, mongoose has
some basic validation but that won't help you here).
here's what I do. Hope that helps:
```javascript
// User.UPDATE_ATTRS is an array of the permitted attributes
// for updating.
//
// filter returns an object with only those keys
var attrs = filter(req.body, User.UPDATE_ATTRS)
// the second parameter is an array of the keys I want
// to validate for. (its not User.UPDATE_ATTRS because
// I want to validate only what's present in this request)
var err = validators.user(attrs, Object.keys(attrs))
if (err) {
return next(err)
}
User.update({ _id: ... }, attrs, ...)
```
On 02/22/2013 08:01 AM, smak wrote:
> Note: I am new to the Node stack and am still in the learning
> stages.
>
> Setup: Node / Express / Mongoose / MongoDB for a web application.
>
>
> Issue: How does one prevent the updating of a field in a
> document. i.e. createdAt or userName. In theory, some values
> should be created and then be read only [under most circumstances].
> As best I can tell if a value is passed back from the UI it gets
> mapped to the schema and updated in the database.
>
> It looks like there are some options in the schema to prevent
> values being passed back on the query side but nothing to block on
> the update side.
>
> Can anyone point to an example or documentation that would help
> solve the issue.
>
> Thanks,
>
> smak
>
> -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>
>
You received this message because you are subscribed to the Google
> Groups "nodejs" group. To post to this group, send email to
> [email protected] To unsubscribe from this group, send email
> to [email protected] For more options, visit this
> group at http://groups.google.com/group/nodejs?hl=en?hl=en
>
> --- You received this message because you are subscribed to the
> Google Groups "nodejs" group. To unsubscribe from this group and
> stop receiving emails from it, send an email to
> [email protected]. For more options, visit
> https://groups.google.com/groups/opt_out.
>
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
