Chinese Documentation : Restricting access to related models

When two models have a relationship between them, LoopBack automatically creates a set of related model methods corresponding to the API routes defined for the relationship.  

In the following list, modelName is the name of the related model and modelNamePlural is the plural form of the related model name. 

belongsTo:

  • __get__relatedModelName

hasOne:

  • __get__relatedModelName

hasMany:

  • __count__relatedModelNamePlural
  • __create__relatedModelNamePlural
  • __delete__relatedModelNamePlural
  • __destroyById__relatedModelNamePlural
  • __findById__relatedModelNamePlural
  • __get__relatedModelNamePlural
  • __updateById__relatedModelNamePlural

hasManyThrough:

  • __count__relatedModelNamePlural
  • __create__relatedModelNamePlural
  • __delete__relatedModelNamePlural
  • __destroyById__relatedModelNamePlural
  • __exists__relatedModelNamePlural (through only)
  • __findById__relatedModelNamePlural
  • __get__relatedModelNamePlural
  • __link__relatedModelNamePlural (through only)
  • __updateById__relatedModelNamePlural
  • __unlink__relatedModelNamePlural (through only)

You can use these related model methods to control access to the related routes.  For example, if a User hasMany projects, LoopBack creates these routes (among others) and the corresponding related model methods:

  • /api/users/count - standard method is count
  • /api/users/:id/projects - related model method is __get__projects
  • /api/users/:id/projects/count - related model method is __count__projects

To configure access control to such routes, set the permission on the related model methods in the model definition JSON file.  For example, the ACL for the User model definition JSON file (user.json) for these routes might look like this, for example:

/common/models/user.json
"acls": [{
 "principalType": "ROLE",
 "principalId": "$authenticated",
 "permission": "ALLOW",
 "property": "count"
},
{
 "principalType": "ROLE",
 "principalId": "$owner",
 "permission": "ALLOW",
 "property": "__get__projects"
},
{
 "principalType": "ROLE",
 "principalId": "$authenticated",
 "permission": "ALLOW",
 "property": "__count__projects"
}]