... | ... | @@ -176,9 +176,19 @@ The default behavior of `getExpandedIncludes()` is to append any values from the |
|
|
|
|
|
`getExpandedIncludes()` is defined on the inLegaue base Quick entity.
|
|
|
|
|
|
#### Expandables with custom authorization
|
|
|
By default, there are no authorization checks performed when requesting expandables; the API assumes that, if you have access to the endpoint invoking the expandable, you have access to the expandable. A simple, additional mechanism is available by specifying a value in the `expandableAuth` struct on the memento whose key matches the expandable name, e.g.
|
|
|
|
|
|
```
|
|
|
this.memento.expandable = [ "transactions" ]
|
|
|
this.memento.expandableAuth = { 'transactions' : 'Registrar' }
|
|
|
```
|
|
|
|
|
|
This will ignore the transactions expandable for any non-registrar user.
|
|
|
|
|
|
#### Expandables that alter the object query
|
|
|
|
|
|
The `qInvoiceInstance` example adds additional database queries, because the expanded objects are loaded separately, after the memento call. If an expandable needs to invoke a Quick scope to alter the initial query rather than performing additional queries, it can do so by passing `.withExpandables( rc.expand )` to the `getInstance` call prior to `.get()` or `.first()`. See `user.cfc:_view()` for an example: if `isSafeHavenCertified` is passed through the `expand` paramter, the inLeague Base Entity will check for a `scopeWithIsSafeHavenCertified` function on the entity and invoke it as part of the `.withExpandables()` call.
|
|
|
The `qInvoiceInstance` example adds additional database queries, because the expanded objects are loaded separately, after the memento call. If an expandable needs to invoke a Quick scope to alter the initial query rather than performing additional queries, it can do so by passing `.withExpandables( rc.expand )` to the `getInstance` call prior to `.get()` or `.first()`. See `user.cfc:_view()` for an example: if `isSafeHavenCertified` is passed through the `expand` parameter, the inLeague Base Entity will check for a `scopeWithIsSafeHavenCertified` function on the entity and invoke it as part of the `.withExpandables()` call.
|
|
|
|
|
|
Only explicitly named expandables will be invoked, and only if `.withExpandables( rc.expand )` is present in the object getter. The naming convention of `scopeWith{Expandable}` must be obeyed.
|
|
|
|
... | ... | |