Improve auth-setup instructions #304
Conversation
crandmck
left a comment
crandmck
left a comment
There was a problem hiding this comment.
I made some wording edits in your branch. I had one specific comment. Otherwise LGTM.
| "relations": { | ||
| "user": { | ||
| "type": "belongsTo", | ||
| "model": "user", |
There was a problem hiding this comment.
Would it be better to use a model named "customer" or "myUser" or anything other than "user" which is confusingly close to "User", the name of the built-in model....?
There was a problem hiding this comment.
I agree that user is confusingly close to User. On the other hand, using user model is a common workaround for the fact that LoopBack does not provide any easy way how to customise the built-in User model.
@ebarault Unless you object, I will change "user" to "Customer".
There was a problem hiding this comment.
BTW : while being a good practice in any case: is this absolutely required for single user model scenario since you've fixed the possibility of the missing relation with user here ?
There was a problem hiding this comment.
is this absolutely required for single user model scenario
Well, it's not absolutely required, but only as long as we don't introduce another place that relies of this relation being correctly set up.
In strongloop/loopback#3231, I added a big warning that's printed when this relation is not configured, to prevent situations like that to reappear in the future.
| " %} | ||
|
|
||
| #### Access control with a single user model | ||
| #### Access control with a single user model and built-in AccessToken model |
There was a problem hiding this comment.
I would then suppress this sub-section at the root of the
Preparing access control models section.
And i'd isolate the following text
In the most common scenario, an application uses only one model that extends the built-in
Usermodel and uses the built-inAccessTokenmodel
in a
Access control with a single user model
section, adding a note like : "you're all set-up!'
This way we preserve 2 formal sections for single user model / multiple user models, which IMO gives more confidence to people on whether they've done right or have missed something
There was a problem hiding this comment.
I'll change this L4 heading to Access control with a single user model and then change the heading Customizing the AccessToken model to L5.
|
|
||
| A more complex situation is when the different types of users differ not just in their properties, but also by their access rights and relations with other models. For example, applications where the concept of an _organization_ is involved, creating intertwined layers of relationships and thus of access control. | ||
| Such circumstances require the application to manage the different user types in separate models. | ||
| If however the different types of users have different access rights and relations with other models, |
There was a problem hiding this comment.
'+ or if they basically different too greatly by their properties
| "relations": { | ||
| "user": { | ||
| "type": "belongsTo", | ||
| "model": "user", |
|
Updated, PTAL. |
|
I will go over the setup once again based on these instructions later today |
|
just pushed one commit to add more clarity (hopefully) and align code syntax in json model excerpts. |
|
|
||
| Normally you should have already implemented at least one custom user model, extending the built-in `User` model, as described in [Using built-in models](Using-built-in-models.html#user-model). | ||
| The best practice is to implement at least one custom user model extending the built-in `User` model instead of using the built-in `User` model as-is, as described in [Using built-in models](Using-built-in-models.html#user-model). | ||
|
|
There was a problem hiding this comment.
i just wanted here to avoid the repetition
- normally you ..
- usually you ..
and tried to be a bit more directive so do get developers' confidence
|
|
||
| This is achieved by changing the **hasMany** relation from `User` to `AccessToken` and the **belongsTo** relation from `AccessToken` to `User` by their [polymorphic](Polymorphic-relations.html) equivalents, in which the `principalType` property is used as a _discriminator_ to resolve which of the potential `user` model instance an 'accessToken' instance belongs to. | ||
| This is achieved by changing the **hasMany** relation from `User` to `AccessToken` and the **belongsTo** relation from `AccessToken` to `User` by their [polymorphic](Polymorphic-relations.html) equivalents, in which the `principalType` property is used as a _discriminator_ to resolve which of the potential `user` model instance an 'accessToken' instance belongs to. In addition to having custom user models this requires you also define a **custom AccessToken** model extending the built-in `AccessToken` model. | ||
|
|
There was a problem hiding this comment.
i added this part for the sake a clarity
"In addition to having custom user models this requires you also define a custom AccessToken model extending the built-in AccessToken model"
|
LGTM |
While finalizing strongloop/loopback#3231, I realised the instructions added by #297 are not entirely correct. See also strongloop/loopback#3215 (comment) and next few comments following after that.
This pull request fixes the instructions to what I believe is correct.
cc @beeman
Connect to strongloop/loopback#3215