fix (server) Makes secure works in sub schema

mchapman · mchapman · commit 052a54c8b6ee · 2015-08-05T13:48:07.000-06:00
diff --git a/server/data_form.js b/server/data_form.js
diff --git a/server/data_form.ts b/server/data_form.ts
@@ -659,7 +659,7 @@ DataForm.prototype.reportInternal = function (req, resource, schema, options, ca
               if (dateTest) {
                 obj[prop] = new Date(dateTest[1] + 'Z');
               } else {
-                var objectIdTest : Array<string> = /^([0-9a-fA-F]{24})$/.exec(obj[prop]);
+                var objectIdTest = /^([0-9a-fA-F]{24})$/.exec(obj[prop]);
                 if (objectIdTest) {
                   obj[prop] = new mongoose.Types.ObjectId(objectIdTest[1]);
                 }
@@ -832,8 +832,16 @@ DataForm.prototype.saveAndRespond = function (req, res, hiddenFields) {
         doc2 = doc2.toObject();
         for (var hiddenField in hiddenFields) {
           if (hiddenFields.hasOwnProperty(hiddenField) && hiddenFields[hiddenField]) {
-            if (doc2.hasOwnProperty(hiddenField)) {
-              delete doc2[hiddenField];
+            var parts = hiddenField.split('.');
+            var lastPart = parts.length - 1;
+            var target = doc2;
+            for (var i = 0; i < lastPart; i++) {
+              if (target.hasOwnProperty(parts[i])) {
+                target = target[parts[i]];
+              }
+            }
+            if (target.hasOwnProperty(parts[lastPart])) {
+              delete target[parts[lastPart]];
             }
           }
         }
diff --git a/test/api/CRUD-APISpec.js b/test/api/CRUD-APISpec.js
@@ -209,7 +209,7 @@ describe('API', function () {
       });
     });
 
-    it('should not be transmitted in an edit', function (done) {
+    it('should not be transmitted in an entity get', function (done) {
       var mockReq = {
         url: 'c_subdoc_example/519aaaaab320153869b175e0',
         params: {
@@ -243,8 +243,7 @@ describe('API', function () {
           assert.equal(data.weight, 124);
           assert.equal(data.passwordHash, undefined);
           assert.equal(data.interview.score, 97);
-// TODO: Get this working
-//          assert.equal(data.interview.interviewHash, undefined);
+          assert.equal(data.interview.interviewHash, undefined);
           var resource = fng.getResource('c_subdoc_example');
           resource.model.findById('519aaaaab320153869b175e0', function (err, dataOnDisk) {
             if (err) { throw err; }
