This repository has been archived by the owner on Apr 18, 2020. It is now read-only.
Fine-grained access control: What does "not fully support" mean? #65
Comments
|
This issue has two parts:
I believe 1) is supported via Few examples to get you started: LocalTodo.replicate(since, RemoteTodo, { filter: { where: { completed: false } } }, cb);
// Assuming relation "Order belongsTo User"
LocalOrder.replicate(since, RemoteOrder, { filter: { where: { userId: currentUserId } } }, cb);We don't have a solution for 2) now. I have created a new GH issue to keep track of this missing feature: strongloop/loopback#1427 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Sadly I found the following sentence at end of the Synchronization docs.
Known issues
LoopBack does not fully support fine-grained access control to a selected subset of model instances, therefore it is not possible to replicate models where the user can access only a subset of instances (for example only the instances the user has created).
I implement a role based access control were groups of users have access on resources. Users can be members of different groups. I solved this by extra fields in the desired models via a mixin and a role resolver. As @fabien proposed here ( strongloop/loopback#238 ) I used applyScope to make sure that only the necessary amount of data is load from datasource. Normal API requests works as expected.
BUT when it comes to synchronization it seems there is no way to separate only some resources. Especially for mobile applications it makes no sense to synchronize all data of a datasource not only because of the amount of data also because of data security concerns.
How can I reduce the "changes" (and diff and checkpoint) requests only to that resources that are stored in LocalStorage or those remote resources which are accessible for the actual user?
Can someone give me an advice which approach I should use to solve this?
The text was updated successfully, but these errors were encountered: