enhancementhelp wanted
描述
Summary
Due to the (by default) schemaless nature of MongoDB, ideally we would treat the entity schema at the application level.
A common practice to control the entity schema/fields when using the ActiveRecord pattern is to controll Mass Assigment.
Today there is no way to declare which fields of entity can be Mass Assigned.
Resources
About the subject and how other ORMs/ODMs behaves
https://en.wikipedia.org/wiki/Mass_assignment_vulnerability https://code.tutsplus.com/tutorials/mass-assignment-rails-and-you--net-31695 https://orator-orm.com/docs/master/orm.html#mass-assignment https://github.com/leroy-merlin-br/mongolid/blob/master/docs/basics.md#mass-assignment
What would be the ideal
- To have a simple way to declare for each entity what are the fields are available for Mass Assigment (blacklist and/or whitelist)
- This behavior should only takes place for Mass Assigment (
user.set(<object>)), it should not affect single field assigment, i.e.:user.set('createdAt', new Date())should work even if the 'createdAt' field is not fillable with Mass Assigment
@vadimdemedes what are you tought on this matter?