如何设置ACL以仅允许用户访问特定记录? [英] How to set up ACLs to allow users to access only specific records?
问题描述
我打算使用Loopback创建一个应用程序,使用户只能访问特定记录.
I'm planning to use Loopback to create an application where users will be able to access only specific records.
假设我们有一个具有2条记录的Projects
模型:
Let's say we have a Projects
model, with 2 records:
{
"projects": [
{
"project_name": "foo",
"project_start_date": "2012-10-29T18:25:43.511Z"
},
{
"project_name": "bar",
"project_start_date": "2012-10-30T18:25:43.511Z"
}
]
}
,我有2个用户,分别是joe
和katie
.
and that I have 2 users, joe
and katie
.
我希望joe
仅能够访问项目foo
,并且katie
仅能够访问项目bar
.
I want joe
to be able to access only project foo
, and katie
to be able to access only project bar
.
这有可能吗?如果是这样,我应该如何设置ACL?
Is this possible at all? If so, how should I go about setting up the ACLs?
推荐答案
目前,声明性ACL不支持您的用例.您需要创建afterRemote挂钩以进一步检查响应.参见 http://docs.strongloop.com/display/LB/Remote+hooks.
At the moment, the declarative ACL doesn't support your use case. You need to create afterRemote hook to further check the response. See http://docs.strongloop.com/display/LB/Remote+hooks.
这篇关于如何设置ACL以仅允许用户访问特定记录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!