Loopback Examples: Access Control

How to install and run the Access Control example app:

Clone the project and install the server dependencies

git clone [email protected]:strongloop/loopback-example-access-control.git
cd loopback-example-access-control/server
npm install

Run the app

Make sure you are in the server directory!

node app

How to build the Access Control example app:

0. Make sure you have slc version >= 2.1.0.

To install the latest version of slc:

npm install strong-cli -g

To check your version of slc:

slc version

Should print something similar to:

slc v2.1.0 (node v0.10.22)

1. Create the application using the slc command line tool.

mkdir -p access-control/client
cd access-control
slc lb project server

2. Define a Bank model to store a set of Banks in the database.

cd server
slc lb model bank

3. Define an Account model to store user's bank accounts.

slc lb model account

4. Define a Transaction model to store user transactions.

slc lb model transaction

5. Setup relations between banks / accounts / users and transactions.

See the models.json file for the relations. Below is an example.

  ...

  "user": {
    "options": {
      "base": "User",
      "relations": {
        "accessTokens": {
          "model": "accessToken",
          "type": "hasMany",
          "foreignKey": "userId"
        },
        "account": {
          "model": "account",
          "type": "belongsTo"
        },
        "transactions": {
          "model": "transaction",
          "type": "hasMany"
        }
      },

  ...

6. Secure all the APIs.

slc lb acl --all-models --deny --everyone

7. Open up specific APIs

slc lb acl --allow --everyone --read --model bank
slc lb acl --allow --everyone --method create --model user
slc lb acl --allow --owner --all --model user
slc lb acl --allow --owner --read --model account
slc lb acl --allow --owner --write --model account

8. Define the angular services for intergrating with LoopBack.

See the actual source. Below is a basic example.

// in client/js/services.js
angular.module('starter.services', ['ngResource'])
  .factory('User', ['$resource', function($resource) {
    return $resource('/api/users/:id', {id: '@id'}, {
      login: {
        method: 'POST',
        url: '/api/users/login'
      },
      logout: {
        method: 'POST',
        url: '/api/users/logout'
      }
    });
  }])
  .config(function ($httpProvider) {
    $httpProvider.interceptors.push('requestInterceptor');
  })
  .factory('requestInterceptor', function ($q, $rootScope) {
    return {
           'request': function (config) {
                console.log('config', config);
                if($rootScope.accessToken) {
                  config.headers.authorization = $rootScope.accessToken;
                }
                return config || $q.when(config);
            }
        }
    });

9. Create an Angular Controller for logging in and registering users.

See the full source. Below is a basic login / register controller.

.controller('LoginCtrl', function($rootScope, $scope, $routeParams, User, $location) {
  $scope.registration = {};
  $scope.credentials = {};

  $scope.login = function() {
    $scope.loginResult = User.login($scope.credentials,
      function() {
        $rootScope.accessToken = $scope.loginResult.id;
        $rootScope.currentUserId = $scope.loginResult.userId;
        $location.path('/');
      },
      function(res) {
        $scope.loginError = res.data.error;
      }
    );
  }

  $scope.register = function() {
    $scope.user = User.save($scope.registration,
      function() {
        // success
      },
      function(res) {
        $scope.registerError = res.data.error;
      }
    );
  }
});

10. Implement the application views and controllers.

• See the source for angular controllers
• See the source for angular views / templates