Include a way to specify disallowed columns/relations

[bentesha]

The Problem

Currently, it is possible to limit columns/relations that can be filtered/ordered via the allow method

findQuery(User).allow(['firstName', 'lastName', 'email']).build(query)

However, it is inconvenient when you want to restrict only a handful of columns/relations in a model with lots of columns. For instance, if we have a model with 20 columns and only want to restrict one column, currently, we have to list all 19 columns we want to allow

findQuery(SomeBigModel).allow(['column1', 'column2', 'column3', ...., 'column19']).build(query)

It would be more convenient if we could specify only the column we want to restrict instead

findQuery(User).disallow(['password']).build(query)

In certain cases, this might make more sense and can lead to concise code that is easier to follow and reason about.

Possible Solutions

There are a couple of ways this can be implemented

1. Add optional parameter in the allowAll method
An optional parameter can be added to specify exceptions

findQuery(User).allowAll(['password']).buid(query) // Allow all columns except password

2. Add disallow() method
A new method can be added to complement the allow method. This would be mutually exclusive and the opposite of the allow method

findQuery(User).disallow(['password']).build(query)

I am keen to know if this has been considered before

[caschbre]

I had a scenario where it was easier to disallow a field or two instead of allowing. I'm using the jsonSchema property in my models so I simply created a helper function that reads the properties from the jsonSchema and then creates the allowed list by filtering out the disallowed properties.