There are three models in consideration with relevant fields to this question are as below -
User - id
Project - id, project_name
ProjectMember - id, user_id, project_id
When I am calling "find", its listing all the projects which is fine for user who are "admin" but for a "non admin" user, I want to show only their project.
What is the best way to achieve this in loopback 3 ? Do I need to override the "find" or is there any loopback way to do it which I am missing?
I would go for before remote hook:
Project.beforeRemote( 'find', function( ctx, next) {
// here you can modify your query by adding a role based filter to your query
next();
});
Or even better access operational hook:
Project.observe('access', function( ctx, next) {
// here you can modify your query by adding a role based filter to your query
next();
});
There you can run additional queries to check if a given user has access to the given project instance.