In loopback Role.getRoles(context, callback) they refer to the context in the docs as "The security context" in this link.
What is the security context and how to pass it to get user roles for example?
Аs stated in the documentation, LoopBack’s access control system is built around a few core concepts. Among them "Principal" - an entity that can be identified or authenticated. There are three base "principalType" - APP(LICATION), USER, ROLE. Each specific principal object have an "principalId" - ID of the principal - such as appId, userId or roleId.
The getRoles function takes as a parameter context as instanceof AccessContext or cast to it (http://apidocs.loopback.io/loopback/#accesscontext) and list roles for a given principal.
The AccessContext function (for cast) also accepts a single principal defined with the following properties:
{ principalType: 'USER', principalId: '2' }
In the same way we can define context when requesting roles:
Role.getRoles({ principalType: 'USER', principalId: '2' }, (err, roles) => {
if (err) console.log(err);
console.log(roles);
});
And get an array of role IDs (including dynamic) for user with id "2".