Loopback Examples: Access Control
How to install and run the Access Control example app:
Clone the project and install the server dependencies
git clone [email protected]:strongloop/loopback-example-access-control.git
cd loopback-example-access-control/server
npm install
Run the app
Make sure you are in the server directory!
node app
How to build the Access Control example app:
slc
version >= 2.1.0.
0. Make sure you have To install the latest version of slc
:
npm install strong-cli -g
To check your version of slc
:
slc version
Should print something similar to:
slc v2.1.0 (node v0.10.22)
slc
command line tool.
1. Create the application using the mkdir -p access-control/client
cd access-control
slc lb project server
Bank
model to store a set of Bank
s in the database.
2. Define a cd server
slc lb model bank
Account
model to store user's bank accounts.
3. Define an slc lb model account
Transaction
model to store user transactions.
4. Define a slc lb model transaction
5. Setup relations between banks / accounts / users and transactions.
See the models.json file for the relations. Below is an example.
...
"user": {
"options": {
"base": "User",
"relations": {
"accessTokens": {
"model": "accessToken",
"type": "hasMany",
"foreignKey": "userId"
},
"account": {
"model": "account",
"type": "belongsTo"
},
"transactions": {
"model": "transaction",
"type": "hasMany"
}
},
...
6. Secure all the APIs.
slc lb acl --all-models --deny --everyone
7. Open up specific APIs
slc lb acl --allow --everyone --read --model bank
slc lb acl --allow --everyone --method create --model user
slc lb acl --allow --owner --all --model user
slc lb acl --allow --owner --read --model account
slc lb acl --allow --owner --write --model account
8. Define the angular services for intergrating with LoopBack.
See the actual source. Below is a basic example.
// in client/js/services.js
angular.module('starter.services', ['ngResource'])
.factory('User', ['$resource', function($resource) {
return $resource('/api/users/:id', {id: '@id'}, {
login: {
method: 'POST',
url: '/api/users/login'
},
logout: {
method: 'POST',
url: '/api/users/logout'
}
});
}])
.config(function ($httpProvider) {
$httpProvider.interceptors.push('requestInterceptor');
})
.factory('requestInterceptor', function ($q, $rootScope) {
return {
'request': function (config) {
console.log('config', config);
if($rootScope.accessToken) {
config.headers.authorization = $rootScope.accessToken;
}
return config || $q.when(config);
}
}
});
9. Create an Angular Controller for logging in and registering users.
See the full source. Below is a basic login / register controller.
.controller('LoginCtrl', function($rootScope, $scope, $routeParams, User, $location) {
$scope.registration = {};
$scope.credentials = {};
$scope.login = function() {
$scope.loginResult = User.login($scope.credentials,
function() {
$rootScope.accessToken = $scope.loginResult.id;
$rootScope.currentUserId = $scope.loginResult.userId;
$location.path('/');
},
function(res) {
$scope.loginError = res.data.error;
}
);
}
$scope.register = function() {
$scope.user = User.save($scope.registration,
function() {
// success
},
function(res) {
$scope.registerError = res.data.error;
}
);
}
});