node.js - ACL troubles with loopback.io -
i'm evaluating loopback.io developing api portion of new project, , i'm having problems setting correct acl entries.
what wish accomplish given auth token, endpoints should return objects owned user. example, request /shows?access_token=xxxxxx should return objects owned user.
below shows.json file, , user model named podcaster. appreciated.
{ "name": "show", "base": "persistedmodel", "idinjection": true, "options": { "validateupsert": true }, "properties": { "title": { "type": "string", "required": true }, "description": { "type": "string" } }, "validations": [], "relations": { "episodes": { "type": "hasmany", "model": "episode", "foreignkey": "" }, "podcaster": { "type": "belongsto", "model": "podcaster", "foreignkey": "" } }, "acls": [ { "accesstype": "write", "principaltype": "role", "principalid": "$authenticated", "permission": "allow", "property": "create" }, { "accesstype": "*", "principaltype": "role", "principalid": "$owner", "permission": "allow" }, { "accesstype": "*", "principaltype": "role", "principalid": "$everyone", "permission": "deny" } ], "methods": {} }
it's not related acl's.
you want change business logic of method. best practice create new method getting shows owning current user.
if want work current owner acl, need create relation between user , show, , set ownerid in show model.
{ "name": "show", "base": "persistedmodel", "idinjection": true, "options": { "validateupsert": true }, "properties": { "title": { "type": "string", "required": true }, "description": { "type": "string" }, "description": { "type": "string" } "ownerid": { "type": "object" } }, "validations": [], "relations": { "owner": { "type": "belongsto", "model": "user", "foreignkey": "ownerid" }, .... 
Comments
Post a Comment