loopbackjs

I'm currently evaluating loopback.io for developing the API portion of a new project, and I'm having problems with setting the correct ACL entries. What I wish to accomplish is given an auth token, the GET endpoints should only return objects owned by the user. For example, a request to /Shows?access_token=xxxxxx should return only objects owned by the user. Below is my shows.json file, and my User model is named Podcaster. Any help would be appreciated. { "name": "Show", "base": "PersistedModel", "idInjection": true, "options": { "validateUpsert": true }, "properties": { "title": { "type":

I am developing a NodeJS application using Loopback. I am pretty new to both nodejs and REST APIs, so please correct me if I am conceptually wrong. Loopback automatically builds CRUD REST APIs, which is a feature I would like to use in order to avoid to write APIs by myself, but I need to limit users to be able to see only their data. For example, imagine there are 3 tables in my DB, user , book and a relation table user_book . So for example: table user id | name --------- 1 | user1 2 | user2 3 | user3 table book id | title | author ------------------- 1 | title1 | author1 2 | title2 |

In my loopback application, once i create the access token (after login), it remains valid in my application unless application stops. when application restarted it is not allowing previous access token. How can i make previous access token validate even after restarting the application? Your access token is getting stored by default in loopback memory . Therefore, it persists only until the application is restarted. open server/model-config.json "AccessToken": { "dataSource": "db", "public": false } This is the initial configuration of the Access Tokens . See here the storage datasource is db

I'm planning to use Loopback to create an application where users will be able to access only specific records. Let's say we have a Projects model, with 2 records: { "projects": [ { "project_name": "foo", "project_start_date": "2012-10-29T18:25:43.511Z" }, { "project_name": "bar", "project_start_date": "2012-10-30T18:25:43.511Z" } ] } and that I have 2 users, joe and katie . I want joe to be able to access only project foo , and katie to be able to access only project bar . Is this possible at all? If so, how should I go about setting up the ACLs? At the moment, the declarative ACL doesn't

Is it possible to hide the id attribute in a method in swagger-ui generated by explorer in Strongloop Loopback? I don want the user to create a new resource and send the id attribute. I know that if the user send the id it can be ignored but I want to hide it in the explorer. In order to hide the 'id' attribute, you need declare this field as hidden. In YOUR_MODEL.json file: { "name": "YOUR_MODEL", . . . "properties": { // your custom properties }, "hidden": ["id"], // this attribute specifies which attributes need to be hidden . . . } Be aware when a property declared as hidden: It's not

I'm using Strongloop's loopback tool to create a REST service. I'm wondering how to define what related entities to return when requesting a model. I see in the docs that you can send a request like GET /api/members?filter[include]=posts and that will return the related post models, and I discovered that you can make a request like GET /api/members?filter[include]=posts&filter[include]=comments to get posts and comments, but is there a way to define either in code or the generated json file that you'd like a certain relation to always be returned when requesting a model? The preset filter

We are developing a REST service but we already have an infrastructure in place to manage users. But we want to leverage the authentication and authorization mechanism of Loopback. The requirement is to Add a remote method and receive the user credentials Manually verify the credentials through stored procedure call Generate the access token through Loopback Going forward use Loopback authorization mechanisms such as roles in the application Should I be implementing a custom login service provider using Loopback's third party login support ? I couldn't find a very good resource on this area.

Is there somewhere complete, consistent and well documented source of information on error handling in loopback? Things like error codes and their meaning, relation with http statuses. I've already read their docs and have not found anything like this. I would like to translate all the messages to add multi language support to my app. I would also like to add my custom messages, with their code and to use it consistently with other loopback errors. In order to achieve this, I need to intercept all the errors (I've done this already) and to know all the possible different codes, so I can

I'm writing a remote method that would be greatly enhanced by running an aggregation pipeline query. To do that I need to get the actual mongodb connection and work with it directly. How can I run something along the lines of module.exports = function(ZipCodes) { ZipCodes.pipeline = function (cb) { //Get the MongoDB Connection var mongodbConnection = ***whatever magic*** var result = mongodbConnection.db.zipcodes.aggregate( { $group : { _id : "$state", totalPop : { $sum : "$pop" } } }, { $match : {totalPop : { $gte : 10*1000*1000 } } } ); cb(result); }; ZipCodes.remoteMethod('pipeline', {