I don't have much experience with Strongloop but maybe someone can put me in the right direction.
In my model I have information of Clients. The Client must have access to their own record but not to the record of other Clients. How can I achieve this?
Strongloop ACL can be easily defined in model JSON definition:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "EXECUTE",
"permission": "ALLOW",
"principalType": "ROLE",
"principalId": "$owner",
"property": "findById"
}
]
The ACL definition denies everyone to access the model, and allow the owner to read it.
Please note that there must be a model column userId to get the buit-in $owner principal id work.
ACL definition document: https://docs.strongloop.com/display/public/LB/Model+definition+JSON+file#ModeldefinitionJSONfile-ACLs
Official example project for advanced ACL control: https://github.com/strongloop/loopback-example-access-control