training.shoppinpal.com
  • Introduction
  • 1. The Ideal Workspace
    • The Perfect Machine
      • For Biz Team
      • For Developers
      • For Designers
    • Setup a machine in the cloud
      • Solution
      • Setup box on Azure
        • Create a machine on Azure
        • Test drive your remote machine
        • Setup Dropbox On Azure
      • Setup box on DigitalOcean
        • Setup UI
        • Shared FileSystem
          • Dropbox
            • Use locally developed node modules in another project
          • sshfs
        • Long Running Sessions
      • Feedback
  • 2. Learning Git
    • Static Code Analysis
  • 3. The Backend
    • Use Containers
    • Setup a loopback project
    • Lockdown
    • Build a better mousetrap
    • The abyss stares back
    • Built-in models
    • Extending built-in models
    • Understanding UserModel
    • Boot Scripts
    • Promises
    • Find roles for current user
    • Loopback Console
    • Current User
  • 4. Multi-tenancy With Loopback
    • What is Multi-Tenancy
    • Architecting with Loopback
    • Define scope for Roles
    • Role Resolvers
    • Access Control For Tenants
    • Better Programming with multi-tenancy
  • 5. The Frontend
    • The Browser
    • Unit Testing
      • Motivation behind this blog
      • How to write a test
      • Karma and Jasmin
      • Writing Tests
    • End-2-End Testing
    • Angular 1.x
    • Angular 2
      • Testing
  • 6. ElasticSearch
    • Better Search with NGram
    • NGram with Elasticsearch
    • Fun with Path Hierarchy Tokenizer
    • Working with Mappings and Analyzers
  • 7. Promises
    • What are Promises
    • Promise Implementations
    • Nuances
    • What should we use
  • 8. Learning Docker
    • Docker Swarm
  • 9. Queues & Workers
    • PHP workers in AWS EBS
    • NodeJS workers in AWS EBS
      • SQS Daemon by AWS
      • SQS Daemon in NodeJS
      • SQS polling by worker
    • Gearman
  • 10. Docker
    • Capabilities
  • Appendix
    • Bug in WebStorm deployments
    • The Perfect Terminal
    • Scalable App Deployment with AWS
    • Chrome Tips & Tricks
    • Host your own Gitbook
    • Gitbook Tips & Tricks
    • How to handle support incidents
    • Dev Resources
    • Debug e2e Tests on CircleCI
    • Logging
    • Authentication Principles
    • Mac
    • nvm
    • Unify testing with npm
      • Debugging Mocha
    • Sequence Diagrams
    • Project Sync via IDE
      • SFTP with WebStorm
      • SFTP with Visual Studio
    • Soft Linking
    • NodeJS Profiling
      • How to find node.js performance optimization killers
    • Setup Packer on Azure
Powered by GitBook
On this page
  1. 4. Multi-tenancy With Loopback

Role Resolvers

Use Role.registerResolver() to set up a custom role handler in a boot script. This function takes two parameters:

  1. String name of the role in question.

  2. Function that determines if a principal is in the specified role. The function signature must be function(role, context, callback).

Example

module.exports = function(app) {
  var _ = require('underscore');
  var Role = app.models.Role;
  Role.registerResolver(adminForOrg, function(role, context, cb) {
    function reject(err) {
      if(err) {
        return cb(err);
      }
      cb(null, false);
    }
    if(context.modelName !== 'Organisation'){
      // return error if target model is not organisation
      return reject();
    }
    var currentUserId = context.accessToken.userId;
    var currentOrg = context.modelId;
    if(!currentUserId){
      // Do not allow unauthenticated users to proceed
      return reject();
    }
    if(!currentOrg){
      return reject();
    }
    else {
      app.models.User.findById(currentUserId, {include:
        {
          relation:'roles',
          scope : {
            fields: ['name'] // only include the role name and id
          }
        }
      })
      .then(function(userModelInstance){
       var isAdmin = _.findWhere(currentUserRoles,{name: 'orgAdmin'});
        if(!_.isEqual(userModelInstance.organisationId.toString(),currentOrg.toString()) || !isAdmin){
          return reject(); // reject if the user's org isn't the current org
        }
        else {
          return cb(null,true);
        }
      })
      .catch(function(error){
        cb(error);
      });
    }
  });
});
PreviousDefine scope for RolesNextAccess Control For Tenants

Last updated 7 years ago