I was trying to find it in docs or anywhere on the web but I did not find.
What I am asking about? I am building website for multiple users. Frontend is not important, back backend API is being build in Loopback. Every user will be assigned to some, let's name it GROUP. Group content will be then exposed on subdomain but it is not important now. Users will be kind of admins of their group. I will have plenty of different models, but I will always have to protect user from accessing elements which not belongs to his group.
How should I do it? I think it will be some middleware but I do not know how to do it properly. Of course, every user and every element have field "group_id".
I am also trying to find a good solution... I did find this npm package that looks worth a try: https://www.npmjs.com/package/loopback-component-access-groups
Here is a short description of what the package is used for:
"This loopback component enables you to add multi-tenant style access controls to a loopback application. It enables you to restrict access to model data based on a user's roles within a specific context."