Admin roles with Loopback and AngularJS

Question

I need to provide the functionality to the end user to administrate roles. Those roles have to securely restrict the endpoints, and i also have to show/hide the elements on the frontend (i am using AngularJS). I know that i have to create a role and the ACL for every role. However i couldn't find a good pattern to do it.

For example: Suppose i need to create a role which can list all the users but it must not be able to edit those users. The should be something like this:

I hope that I am clear in this. Thanks.

score -1 · Answer 1 · answered Mar 02 '17 at 06:05

The best thing about loopback is the robustness it provides to do anything in a much simpler way and with less lines of code.

Considering Employee being one of your model and you want to assign the role such that it is able to fetch only the users, you can add ACL to employee.json

Here is a code snippet which does that :-

{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "employee",
  "permission": "ALLOW",
  "property": "__get__users"
}

Do deny the same to this particular role you need to add this to employee.json

{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "employee",
  "permission": "DENY",
  "property": "__create__users"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "employee",
  "permission": "DENY",
  "property": "__updateById_users"
},

the question is about implementing dynamic ACL while your answer is about static ACL configuration — Yohanes Gultom, Mar 02 '17 at 06:26

Admin roles with Loopback and AngularJS

1 Answers1