Closed wzup closed 8 years ago
It looks to me like the listProjects
endpoint omits the balance
field when returning the results. The alternative to creating a new endpoint that does this is to modify the default endpoint and then create a new endpoint that does what the original endpoint does.
Another alternative would be to alter the shape of the data based on credentials, but that would interfere with caching.
@crandmck ^ I will continue with the triage once we confirm the docs are correct.
@superkhau That section of the doc comes directly from the README. AFAIK it is correct -- history shows that you wrote the original, so you tell me ;-)
@crandmck LOL, it's been awhile since I've seen this. ;) But you are right, I don't see an issue with the docs.
@wzup This is not a "best" practice doc, its just simply showing you can omit the balance field using the existing build-in find, which is wrapped in the listProjects
remote method. ie) @rmg's answer above is correct.
Closing as there is no issue to resolve here.
I'm reading Access control concepts of Loopback (https://docs.strongloop.com/display/public/LB/Controlling+data+access). And I don't understand why they duplicate
find()
.Here is a text from docs:
That custom remote
listProjects()
method still uses default REST API'sfind()
internally.So, what I see here is that
admin
is forced to use a default LB's REST APIfind()
, and all other users are forced not to use LB's REST API, but only to use custom remote methodlistProjects()
. Why?Why do they close default REST API for all users? What genius idea is behind this approach? Is it some kind of LB's best practices to forbid to use default REST API for all users? Where can I read more about this?