Module: loopback

Class: ACL

ACL

A Model for access control meta data.

System grants permissions to principals (users/applications, can be grouped into roles).

Protected resource: the model data and operations (model/property/method/relation/…)

For a given principal, such as client application and/or user, is it allowed to access (read/write/execute) the protected resource?

Class Properties
Name Type Description
model String

Name of the model.

property String

Name of the property, method, scope, or relation.

accessType String

Type of access being granted: one of READ, WRITE, or EXECUTE.

permission String

Type of permission granted. One of:

  • ALARM: Generate an alarm, in a system-dependent way, the access specified in the permissions component of the ACL entry.
  • ALLOW: Explicitly grants access to the resource.
  • AUDIT: Log, in a system-dependent way, the access specified in the permissions component of the ACL entry.
  • DENY: Explicitly denies access to the resource.
principalType String

Type of the principal; one of: Application, Use, Role.

principalId String

ID of the principal - such as appId, userId or roleId.

settings Object

Extends the Model.settings object.

settings.defaultPermission String

Default permission setting: ALLOW, DENY, ALARM, or AUDIT. Default is ALLOW. Set to DENY to prohibit all API access by default.

ACL.checkAccessForContext(context, callback)

Check if the request has the permission to access.

Arguments
Name Type Description
context Object

See below.

callback Function

Callback function

context
Name Type Description
principals Array.<Object>

An array of principals.

model String or Model

The model name or model class.

id

The model instance ID.

property String

The property/method/relation name.

accessType String

The access type: READ, REPLICATE, WRITE, or EXECUTE.

ACL.checkAccessForToken(token, model, modelId, method, callback)

Check if the given access token can invoke the method

Arguments
Name Type Description
token AccessToken

The access token

model String

The model name

modelId

The model id

method String

The method name

callback Function

Callback function

Callback
Name Type Description
err String or Error

The error object

allowed Boolean

is the request allowed

ACL.checkPermission(principalType, principalId, model, property, accessType, callback)

Check if the given principal is allowed to access the model/property

Arguments
Name Type Description
principalType String

The principal type.

principalId String

The principal ID.

model String

The model name.

property String

The property/method/relation name.

accessType String

The access type.

callback Function

Callback function.

Callback
Name Type Description
err String or Error

The error object

result AccessRequest

The access permission

ACL.getMatchingScore(rule, req)

Calculate the matching score for the given rule and request

Arguments
Name Type Description
rule ACL

The ACL entry

req AccessRequest

The request

Returns
Name Type Description
result Number

ACL.isMappedToRole(principalType, principalId, role, cb)

Check if the given principal is mapped to the role

Arguments
Name Type Description
principalType String

Principal type

principalId String

Principal id/name

role String

Role id/name

cb Function

Callback function

ACL.resolvePrincipal(type, id, cb)

Resolve a principal by type/id

Arguments
Name Type Description
type String

Principal type - ROLE/APP/USER

id String or Number

Principal id or name

cb Function

Callback function

aCL.score(req)

Get matching score for the given AccessRequest.

Arguments
Name Type Description
req AccessRequest

The request

Returns
Name Type Description
result Number

score