loopback/lib/models/acl.js

32 lines
708 B
JavaScript
Raw Normal View History

// Schema ACL options
// Object level permissions
// open: no protection
// none: always rejected
// owner: only the owner
// loggedIn: any logged in user
// roles: logged in users with the roles
// related: owner of the related objects
// Class level permissions
2013-07-15 21:07:17 +00:00
// blog posts
allow: ['owner', 'admin'] to: '*' // allow owner's of posts and admins to do anything
allow: '*' to: ['find', 'read'] // allow everyone to read and find
// comments
allow '*' to: ['find', 'read'] // read aka findById
allow 'user' to: ['create']
allow ['owner', 'admin'] to: '*'
// users only section
allow: '*' to: ['find', 'read', 'create']
allow: 'owner' to: ['*.destroy', '*.save']
// scopes
2013-07-15 21:07:17 +00:00
// URL level permissions