* Added privateAttributes globally and per model
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Added tests for sanitizeEntity
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Fixed broken test
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Added privateAttributes to GraphQL responses
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Added docs for privateAttributes
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Refactored and fixed PR comments
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Merged tests and fixed broken tests from merge
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Updated documentation for new option
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Refactored GraphQL implementation
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Fixed PR comments
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Fixed tests for sanitize-entity
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Removed code and tests for ignorePrivateFor
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Exported getPrivateAttributes for GraphQL plugin
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
* Removed ignorePrivateFor from docs
Signed-off-by: Diego Albitres <diego.albitres@gmail.com>
Forbid empty arrays as fields for permissions (on ability creation)
Differentiate input from output sanitizing
Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds