i have a model of messages and i want all users to access this model, both read and write,
but i want users to access only the instances that were created by themselves
and users of the same role. For instances created by themselves, the ACL can be
applied with the "$owner" principalId, but i want also users of the owner's role.
Is this possible in any way?
Also, this model has two "belongsTo" relations with the User model, one for the sender
of the message as the owner and another for the receiver as the owner, so a user can
get from the API both his outgoing and incoming messages.
Thanks in advance,
George.
I think the easiest way to achieve that is to create and register dynamic role resolver as it is shown in the documentation: https://loopback.io/doc/en/lb3/Defining-and-using-roles.html#dynamic-roles then you will have access to the user model and you can add your custom logic