Nodewood 0.17.0 is here, and it's a doozy!  Aside from the first release, this is the biggest one yet!


Nodewood now supports teams and has a robust permissions system!  Users can be granted a role (like "Billing Manager"), and that role can have multiple permissions (like "Manage Subscriptions").  Then, both in the API back-end and UI front-end, you can check to see if the current user has access like so:

  if (! req.role.hasPermissions(['access_secret_area'])) {
    throw new Error('NOPE');

And you can also block off access to API routes directly when setting up the route itself:

const requireTopSecret = this.requirePermissions(['top_secret']);

this.router.get('/secrets/:id', requireTopSecret, this.showSecrets.bind(this));

Users without the top_secret route will be sent a 401 - Unauthorized response, instead.

In the UI, Nodewood now comes with an easy-to-use team listing and management page, accessible from the User menu in the top-right.  Users with the manage_team permission will be able to invite and manage users from there, changing their roles, re-sending invites, or removing them from the team from there.

There's a lot more to explore, so check out the Teams page in the documentation for more!

Improved Fields

This release sees a new FieldEmail field that allows you to add linkable email fields to your models, as well as an isHtml property for fields that you want to be able to display HTML content inside of. The email fields in the built-in UserModel have been changed to use the new FieldEmail object, so you can view that change there.

For more information about how fields work, including the new FieldEmail field, check out the "Aliasing fields" section in the documentation.

Improved Validation

You can now alias a field in a Validator, so that it can have a different name in a form than in the Validator.  This makes it easy to use multiple Validators to process a single form (since the single form may be used to create, for example, a User entry and a Team entry).  In addition, you can now pass multiple Validators to a Controller's validate function, for just such an occasion!

For more information about how and why to alias fields in Validators, check out the "Aliasing fields" section in the documentation.

Tons Of Little Quality Of Life Fixes!

  • Adds helpful error message for find in Services when an Object is used (you probably want to use findBy in these cases).
  • Refactors AdminUserController's list() function to be more-easily extendable.
  • Adds keyValue() function to Model so that the model's value for a particular key can be overridden to allow for fields that build their values from complex model attributes.
  • Adds instance parameter to all Fields, so the instance of the model being examined is available to the fields if necessary.
  • DropdownMenuItems now close their parent DropdownMenus immediately when clicked.
  • And more!

For a full list of changes in this version, check out the Release Notes in the documentation.

This has been a really big release, requiring a lot of fundamental changes to the data models that Nodewood relies on.  For the most part, these changes shouldn't require a lot of work from developers to upgrade to, as the included migration files take existing database layouts into account and create teams and roles for any existing user entries, and most changes you'll need to make can be done with a global find/replace.

These changes put Nodewood in a really good place going forward, though, making it a lot easier to add functionality in later releases that is enabled for users in a simple and straightforward way.

As always, if you run into any issues, please create an entry on the Nodewood Issues Github page, and if you have any questions, please don't hesitate to email me!