json - Apply Access restriction to properties inside a model in loopback [Strongloop] -

-

i have model named employee , it's properties 

"name":"", "dob":"", "location":""

some of default roles in loopback frameworks 

$authenticated $everyone

i wanted to

1.allow $authenticated roles on accessing model employee[read , write].

2.allow $everyone role [read] model properties except location property [location allowed read role $authenticated]. ,

i added below config in employee.json, did't work.

{       "accesstype": "read",       "principaltype": "role",       "principalid": "$everyone",       "permission": "allow"     },     {       "accesstype": "read",       "principaltype": "role",       "principalid": "$everyone",       "permission": "deny",       "property": "location"     }

searched lot, not able find code.

what think can question 1) in employee.json:

... "acls": [     {       "accesstype": "*",       "principaltype": "role",       "principalid": "$everyone",       "permission": "deny"     },     {       "accesstype": "read",       "principaltype": "role",       "principalid": "$authenticated",       "permission": "allow"     },     {       "accesstype": "write",       "principaltype": "role",       "principalid": "$authenticated",       "permission": "allow"     }   ] …

concerning question number 2) - think not possible in loopbackjs (not sure).

the property attribute accessing custom methods (the remotemethods names) define in employee.js file - not model's attributes.


Comments

Post a Comment

Popular posts from this blog

php - How to display all orders for a single product showing the most recent first? Woocommerce -

-
i have password protected page on frontend. on page, want display full list of purchases associated single woocommerce product id. option 1: i've looked through woocommerce docs , , found: wc_cli_order , list_( $args, $assoc_args ) function lists orders. presumably, orders can filtered product id [--=] filter orders based on order property. line item fields (numeric array, started index zero): line_items.0.product_id option 2: i found article , based on customer id. i've modified code based on guesses meta_key , meta_value. $customer_orders = get_posts( array( 'numberposts' => -1, 'meta_key' => '_product', 'meta_value' => get_product_id(), 'post_type' => wc_get_order_types(), 'post_status' => array_keys( wc_get_order_statuses() ), ) ); how display orders single product showing recent order first? here solution put based on these articles: http://www.w...
Read more

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

-
i'm having difficult time , hope guys can help. using helicon isapi rewrite version 3.1.0.104 on our iis server. edit http.conf file , have tried , still fail. this trying do: redirect url: https://www.domain.com/switch-by-version?version=2.8.5.2594 to: https://test.domain.com/load/load.aspx?tver=2.8.5.2594 the version number @ end source url change, , need target url have same version number @ end of url example above shows. i tried following not work: rewritecond %{query_string} ^version=(\d\d?)\.(\d\d?)\.(\d\d?)\.(.*)$ [nc] rewriterule ^/switch-by-version(.*)$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l] any appreciated! thanks. if it's running in equivalent context of .htaccess , rule shouldn't start / . here's simpler version: rewritecond %{query_string} ^version=(\d+\.\d+\.\d+(?:\..+)?)$ [nc] rewriterule ^switch-by-version/?$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l]
Read more

angularjs - How restrict admin panel using in backend laravel and admin panel on angular? -

-
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps following tutorials, try write authentication restrict admin panel, didn't understood how can that. this admin panel, admin panel don't want show , request database unauthenticated users. my laravel-routes route::get('/admin',function(){ return view('index'); }); route::get('/api/v1/employees/{id?}', 'employees@index'); route::get('/api/v1/users/{id?}', 'employees@users'); route::post('/api/v1/employees', 'employees@store'); route::post('/api/v1/employees/{id}', 'employees@update'); route::delete('/api/v1/employees/{id}', 'employees@destroy'); route::group(['prefix' => 'api'], function() { route::resource('authenticate', 'authenticatecontroller', ['only' => ['index']]); route::post('authenticate', 'authentic...
Read more