search

loopbackers / loopback-advanced-models

The aim of this project is to experiment with loopback models and to serve as an example for fellow developers.
https://gitter.im/loopbackers/loopback-advanced-models
MIT License
0 stars 2 forks source link

How to call findById for a related model from angular? #4

Open pulkitsinghal opened 9 years ago

pulkitsinghal commented 9 years ago

I don't think there are any examples on github right now or any docs that show: How to call findById for a related model from angular.

We should figure it out and cover that.

pulkitsinghal commented 9 years ago

As an example, imagine this situation which I believe throws off a lot of users including myself: you are logged into your angular client and you want to fetch a model owned by your user and also get at its related models.

Sample Scenario: UserModel hasMany ReportModel(s) ReportModel has many LineItemModel(s)

  1. Now anyone who starts with: ReportModel.findById({id: reportId}) will hit the wall where currently (today is April 15, 2015) there is no way to use the include filter with findById()
  2. Next folks might try: ReportModel.find({where:{id:reportId}, include:['lineitemModels']}) but that too will fail with a 403

  3. The only way this is going to work is via a very specific syntax which starts at the UserModel and leverages the fact that ReportModel is related to it ... to finally get at the resources we want!

    UserModel.reportModels.findById({
 id: LoopBackAuth.currentUserId,
 fk: reportId,
 filter:{
   include:'lineitemModels'
 }
})

    Why does it have to be so contrived? This is how it was explained to me: https://groups.google.com/d/msg/loopbackjs/T5FJnqXomd8/CdziNmDOloIJ

    At the moment, LoopBack ACLs are enforced prior to the target method invocation. Only the knowledge from the request context is used. For example, the $owner role uses the ‘id’ to check if the target instance is ‘owned’ by the logged in user. There were discussions to extend ACL checks post the method invocation. We’re working toward that in steps.

pulkitsinghal commented 9 years ago

By the way, pending https://github.com/strongloop/loopback/pull/1306, the filter include inside findById is a no-op!

pulkitsinghal commented 9 years ago

An enlightening comment from @jasonaden:

Wait, are you trying to secure everything to the $owner? You will have a lot of difficulty doing that. $owner can only go one level deep, and only works against the User model, so it's not really all that useful.

pulkitsinghal commented 9 years ago

https://github.com/strongloop/loopback/pull/1306 was released for "loopback": "2.16.0" and I tested that it works with the followign syntax on the angular side:

return ReportModel.findById({
  id:1,
  filter:{
    include:'lineitemModels'
  }
})
.$promise.then(function(...){...});

But while that wasn't working I had also taken @doublemarked's suggestion to implement a remote method so for what its worth that approach may be worth demoing too.

bajtos commented 9 years ago

FWIW, I would not recommend the solution described in https://github.com/loopbackers/loopback-advanced-models/issues/4#issuecomment-93622066 as it may stop working once we fix https://github.com/strongloop/loopback/issues/960

UserModel.reportModels.findById({
  id: LoopBackAuth.currentUserId,
  fk: reportId,
  filter:{
    include:'lineitemModels'
  }
})