Filtering Results of the Built-in End Points Based Upon Logged in User

[Christopher Moffatt]

I'm real new to Loopback and I really like it but it seems to be difficult to find great examples of how to do things that are a little more complex.

Anyway, we want to be able to limit the data returned (or the ability to modify data) to users based upon the role they are logged in as.  For example, say we have an organization that has users which are in a role of organizationUser.  Say also that the organization has members and customers.  A logged in user of the organization currently would be able to query the entire members and customers collections.  We only want them to be able to see their members and customers.

How is the best way to go about doing this?

[Raymond Feng]

Have you checked out https://github.com/strongloop/loopback-example-access-control? 

If you want to constrain the query based on the logged in user id, remote hooks can help:

http://docs.strongloop.com/display/LB/Remote+hooks

Thanks,

---

Raymond Feng

Co-Founder and Architect @ StrongLoop, Inc.

StrongLoop makes it easy to develop APIs in Node, plus get DevOps capabilities like monitoring, debugging and clustering.

--
You received this message because you are subscribed to the Google Groups "LoopbackJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to loopbackjs+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.