I'm using loopback to create an API. So far I've been able to set up all the models that I require. How can we set up these endpoints so that they show the data for only the user that has been logged in?
For example, user A adds some data in the database and user B adds some other data in the database. Now if user A is logged in, I only want to get the data that was added by A. As of now I'm getting all the data present in the database together.
My model JSON is as follows:
{
"name": "IPs",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"identifier": {
"type": "string"
},
"IP": {
"type": "array"
},
"type": {
"type": "string"
},
"plugins": {
"type": "array"
}
},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "DENY"
}
],
"methods": {}
}
and JS is as follows:
module.exports = function(IPs) {
};
Change principalId of the model from $unauthenticated to $owner
Note from loopback documentation:
To qualify a $owner, the target model needs to have a belongsTo relation to the User model (or a model that extends User) and property matching the foreign key of the target model instance. The check for $owner is performed only for a remote method that has ‘:id’ on the path, for example, GET /api/users/:id.