training.shoppinpal.com
  • Introduction
  • 1. The Ideal Workspace
    • The Perfect Machine
      • For Biz Team
      • For Developers
      • For Designers
    • Setup a machine in the cloud
      • Solution
      • Setup box on Azure
        • Create a machine on Azure
        • Test drive your remote machine
        • Setup Dropbox On Azure
      • Setup box on DigitalOcean
        • Setup UI
        • Shared FileSystem
          • Dropbox
            • Use locally developed node modules in another project
          • sshfs
        • Long Running Sessions
      • Feedback
  • 2. Learning Git
    • Static Code Analysis
  • 3. The Backend
    • Use Containers
    • Setup a loopback project
    • Lockdown
    • Build a better mousetrap
    • The abyss stares back
    • Built-in models
    • Extending built-in models
    • Understanding UserModel
    • Boot Scripts
    • Promises
    • Find roles for current user
    • Loopback Console
    • Current User
  • 4. Multi-tenancy With Loopback
    • What is Multi-Tenancy
    • Architecting with Loopback
    • Define scope for Roles
    • Role Resolvers
    • Access Control For Tenants
    • Better Programming with multi-tenancy
  • 5. The Frontend
    • The Browser
    • Unit Testing
      • Motivation behind this blog
      • How to write a test
      • Karma and Jasmin
      • Writing Tests
    • End-2-End Testing
    • Angular 1.x
    • Angular 2
      • Testing
  • 6. ElasticSearch
    • Better Search with NGram
    • NGram with Elasticsearch
    • Fun with Path Hierarchy Tokenizer
    • Working with Mappings and Analyzers
  • 7. Promises
    • What are Promises
    • Promise Implementations
    • Nuances
    • What should we use
  • 8. Learning Docker
    • Docker Swarm
  • 9. Queues & Workers
    • PHP workers in AWS EBS
    • NodeJS workers in AWS EBS
      • SQS Daemon by AWS
      • SQS Daemon in NodeJS
      • SQS polling by worker
    • Gearman
  • 10. Docker
    • Capabilities
  • Appendix
    • Bug in WebStorm deployments
    • The Perfect Terminal
    • Scalable App Deployment with AWS
    • Chrome Tips & Tricks
    • Host your own Gitbook
    • Gitbook Tips & Tricks
    • How to handle support incidents
    • Dev Resources
    • Debug e2e Tests on CircleCI
    • Logging
    • Authentication Principles
    • Mac
    • nvm
    • Unify testing with npm
      • Debugging Mocha
    • Sequence Diagrams
    • Project Sync via IDE
      • SFTP with WebStorm
      • SFTP with Visual Studio
    • Soft Linking
    • NodeJS Profiling
      • How to find node.js performance optimization killers
    • Setup Packer on Azure
Powered by GitBook
On this page
  • Define models and their base
  • Relationships
  • Sample Queries
  • Invalid or disabled Queries
  1. 4. Multi-tenancy With Loopback

Architecting with Loopback

PreviousWhat is Multi-TenancyNextDefine scope for Roles

Last updated 7 years ago

We define for achieving multi tenancy, such that every Model passes through organization model and the data accessible is only specific to particular organization.

We restrict access to all direct methods for each model and only make them accessible through organization model. This way, only org specific data could be returned.

Define models and their base

Since user model is the most restrictive and protected model, it is difficult to hack into unauthorized data, we chose it to be the base for our organization model.

Relationships

  • Users -> Belongs To - Organization

  • Organization -> Has Many - Users

  • Products -> Belongs To - Organization

  • Organization -> Has Many - Products

  • Catalog -> Belongs To - Organization

  • Organization -> Has Many - Catalog

  • Orders -> Belongs To - Organization

  • Organization -> Has Many - Orders

Sample Queries

  1. Create product for Organization

    Organization.product.create({
     name: "Product-A",
     desc: "This product belongs to org-a"
    })
    .then(function(success){
     ...
    })
    .catch(function(err){
     ...
    });
  2. Fetch product for Organization

    Organization.prodcut.find({
     where:{
         name: "Product-A"
     } 
    })
    .then(function(success){
     ...
    })
    .catch(function(err){
     ...
    });

Invalid or disabled Queries

Following samples will give 401 Authorization Required error as these should be disabled from the backend.

  1. Create product for Organization

    Product.create({
     name: "Product-A",
     desc: "This product belongs to org-a"
    })
  2. Fetch product for Organization

    Prodcut.find({
     where:{
         name: "Product-A"
     } 
    }}

Why? Remember, earlier we decided to:

restrict access to all direct methods for each model and only make them accessible through organization model. This way, only org specific data can be returned.

In loopback when you create a model with the model generator, you choose a base model, that is, the model that your model will “extend” and from which it will inherit methods and properties.

Also the of $owner ACLs only works for user models and its inheritors, so that is a huge technical reason for picking this model as well.

To read more about how to disable methods in loopback you can refer to this .

Read more about models
concept
article
loopback models