search

strongloop / loopback-example-access-control

An example demonstrating LoopBack access control mechanisms.
Other
370 stars 168 forks source link

How to override models and their ACL? #50

Closed mbenaissa closed 8 years ago

mbenaissa commented 9 years ago

I have setup the example with success.

PB :

Now, I want to give only to the admin role to create "users"

1- Solution 1 : Copy the "User" Loopback model in common/models/ and I change it as I want. Then I configure a Grunt task that copy it again to the loopback/models/

2- Solution 2 : I use "user" model that inherit the "User" LoopBack model. I add the following ACL { "principalType": "ROLE", "principalId": "$everyone", "permission": "DENY", "property": "create" } Now my problem is : I can't create a "user" but I can create a "User".

Question :

How can I override the default model of "User" (properties, method, relations, ACL...) without copying it in my application? expl : user model : { "name":"User", "override/mix": true }

Thx

ghost commented 9 years ago

I think you shouldn't override build-in models but maybe if you haven't try yet you can set public to false in model-config.json like this :

"User": { "dataSource": "db", "public": false }

wesleymilan commented 9 years ago

Hi mbenaissa,

I'm not sure that is the best practice todo but I'm copying every .json and .js files from modules that I want to override from /node_modules/loopback/common/models/ and pasting into my common/models/ folder. But you have to copy both files, than loopback will load from your folder.

It's working for me

faridnsh commented 9 years ago

@wesleymilan Do note that the problem with that approach is that, when you upgrade your loopback, you have to manually update the built-in models.

richardpringle commented 8 years ago

Hey @mbenaissa,
for future reference, please post questions at https://groups.google.com/forum/#!forum/loopbackjs. See https://github.com/strongloop/loopback/wiki/Questions for more details.

1- Solution 1 : Copy the "User" Loopback model in common/models/ and I change it as I want. You should not override the default User model. 2- Solution 2 : I use "user" model that inherit the "User" LoopBack model. You should extend the default User model, then it really depends on what you're trying to accomplish. By the looks of it, you just want an admin with the ability to POST users. Checkout the docs on the admin role.

Hope that helps!

bajtos commented 8 years ago

Possibly related: https://github.com/strongloop/loopback/issues/2270