Closed wzup closed 8 years ago
rmg
commented
8 years ago It looks to me like the listProjects endpoint omits the balance field when returning the results. The alternative to creating a new endpoint that does this is to modify the default endpoint and then create a new endpoint that does what the original endpoint does.
Another alternative would be to alter the shape of the data based on credentials, but that would interfere with caching.
superkhau
commented
8 years ago @crandmck ^ I will continue with the triage once we confirm the docs are correct.
crandmck
commented
8 years ago @superkhau That section of the doc comes directly from the README. AFAIK it is correct -- history shows that you wrote the original, so you tell me ;-)
superkhau
commented
8 years ago @crandmck LOL, it's been awhile since I've seen this. ;) But you are right, I don't see an issue with the docs.
@wzup This is not a "best" practice doc, its just simply showing you can omit the balance field using the existing build-in find, which is wrapped in the listProjects remote method. ie) @rmg's answer above is correct.
Closing as there is no issue to resolve here.
I'm reading Access control concepts of Loopback (https://docs.strongloop.com/display/public/LB/Controlling+data+access). And I don't understand why they duplicate
find().Here is a text from docs:
That custom remote
listProjects()method still uses default REST API'sfind()internally.So, what I see here is that
adminis forced to use a default LB's REST APIfind(), and all other users are forced not to use LB's REST API, but only to use custom remote methodlistProjects(). Why?Why do they close default REST API for all users? What genius idea is behind this approach? Is it some kind of LB's best practices to forbid to use default REST API for all users? Where can I read more about this?