Mongoose Schema secured field

Question

Short and clear: is there any way to prevent setting a schema field but allowing to get the value?

I've been around the Mongoose Documentation but can't find what I'm looking for.

Answer 1

Define the field as a virtual getter instead of a traditional field.

For example, say you wanted to make the pop field of your collection read-only when accessed via Mongoose:

var schema = new Schema({
    city: String,
    state: String
});

schema.virtual('pop').get(function() {
    return this._doc.pop;
});

By accessing the private _doc member of your model instance it's possible this may break in the future, but this worked fine when I tested it just now.

Answer 2

An alternative if you want to set a default value that can never be changed:

var schema = new Schema({
  securedField: {
    type: String,
    default: 'Forever',
    set: function (val) { return this.securedField; }
});

Answer 3

Since mongoose 5.6 you can do: immutable: true

var schema = new Schema({
  securedField: {
    type: String,
    default: 'Forever',
    immutable: true
  }
});