Skip to content

Commit 6d3c187

Browse files
author
Tom Kirkpatrick
committed
Update docs
1 parent 61f65cd commit 6d3c187

File tree

4 files changed

+53
-12
lines changed

4 files changed

+53
-12
lines changed

README.md

Lines changed: 45 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,8 @@
1-
# Loopback Component Access
1+
# Loopback Component Group Access
22

3-
This loopback component enables you to add multi-tenant style access controls to a loopback application. It enables you
4-
to restrict access to model data based on a users roles within a specific context.
3+
This loopback component enables you to add multi-tenant style access controls to a loopback application. It enables you to restrict access to model data based on a users roles within a specific context.
54

6-
## Usage
7-
8-
**Installation**
5+
### Installation
96

107
1. Install in you loopback project:
118

@@ -23,7 +20,48 @@ to restrict access to model data based on a users roles within a specific contex
2320
}
2421
```
2522

26-
**Configuration**
23+
4. Create a middleware.json file in your server folder (if you don't already have one).
24+
25+
5. Enable the `loopback#context`, `loopback#token` and `user-context` middleware.
26+
27+
```json
28+
{
29+
"initial:before": {
30+
"loopback#context": {},
31+
"loopback#token": {},
32+
"loopback-component-group-access#user-context": {}
33+
},
34+
}
35+
```
36+
37+
### Usage
38+
39+
In order to use this component you will need to create group access model that can be used to link users to groups and assign group roles. A user can have have multiple roles within the context of a group and each role can define different access grants to REST resources. The *Group Access Model* must have the following three properties:
40+
41+
- userId
42+
- groupId (configurable foreign key)
43+
- role
44+
45+
Additionally you will need to designate one of your models the *Group Model*. This model will act as parent or container for related group content.
46+
47+
Any other models that have a belongsTo relationship to your Group Model will be considered as Group Content. Access grants for Group Content is determined by the user's roles within the context of the group as defined in the Group Access Model.
48+
49+
For example:
50+
51+
- **Group Model:** Store (id, name, desxription)
52+
- **Group Access Model:** StoreUsers (userid, storeId, role)
53+
- **Group Content Models:** Product, Invoice, Transaction, etc.
54+
55+
You can have multiple stores.
56+
Each store can have multiple StoreUsers.
57+
Each StoreUser can have one or more Store Roles (eg, store manager, store administrator).
58+
Only Store Managers of Store A can create and edit products for Store A.
59+
Only Store Managers of Store B can create and edit products for Store B.
60+
Only Store Administrators of Store A can download transaction details for Store A.
61+
Only Store Administrators of Store B can download transaction details for Store B.
62+
etc.
63+
64+
### Configuration
2765

2866
Options:
2967

TODO.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
### TODOs
22
| Filename | line # | TODO
33
|:------|:------:|:------
4-
| lib/utils.js | 138 | Should we allow the access group model to be treated as a group content model too?
5-
| lib/utils.js | 280 | Use promise cancellation to abort the chain early.
6-
| lib/utils.js | 338 | Cache this result so that it can be reused across each ACL lookup attempt.
7-
| lib/utils.js | 345 | Atempt to follow relationships in addition to the foreign key.
4+
| lib/index.js | 25 | Create Group Access model automatically if one hasn't been specified
5+
| lib/utils.js | 139 | Should we allow the access group model to be treated as a group content model too?
6+
| lib/utils.js | 281 | Use promise cancellation to abort the chain early.
7+
| lib/utils.js | 339 | Cache this result so that it can be reused across each ACL lookup attempt.
8+
| lib/utils.js | 346 | Attempt to follow relationships in addition to the foreign key.

lib/index.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,7 @@ module.exports = function loopbackComponentAccess(app, options) {
2020

2121
// Set up role resolvers.
2222
accessUtils.setupRoleResolvers();
23+
// Set up model opertion hooks
2324
accessUtils.setupModels();
25+
// TODO: Create Group Access model automatically if one hasn't been specified
2426
};

lib/utils.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -343,7 +343,7 @@ module.exports = class AccessUtils {
343343
skipAccess: true
344344
})
345345
.then(item => {
346-
// TODO: Atempt to follow relationships in addition to the foreign key.
346+
// TODO: Attempt to follow relationships in addition to the foreign key.
347347
if (item) {
348348
debug(`determined group id ${item[this.options.foreignKey]} from existing model %o`, item);
349349
groupId = item[this.options.foreignKey];

0 commit comments

Comments
 (0)