Correct PrinciplaType for multiple extension of User models

[akki-ng]

Get the polymorphic PrincipalType while creating pricipal when multiple extensions of User model is used

The app configuration follows the multiple user models setup as described in http://ibm.biz/setup-loopback-auth The built-in role resolver $owner is not currently compatible with this configuration and should not be used in production.

With this pull request $owner can be used.

[slnode]

Can one of the admins verify this patch? To accept patch and trigger a build add comment ".ok\W+to\W+test."

[slnode]

Can one of the admins verify this patch?

[slnode]

Can one of the admins verify this patch?

[slnode]

Can one of the admins verify this patch?

[slnode]

Can one of the admins verify this patch?

[ebarault]

hi @akki-ng,

thanks for trying to fix this.
Could you unskip this test and check if your fix passes it ?

cc: @lehni

[lehni]

@ebarault I'm not part of the LB efforts anymore... I've switched to a selection of smaller components, mainly Koa2 and Objection.js, and so far it's going really well...

[akki-ng]

Hi @ebarault
I checked this test and its failing

              // multiple owners on a single model instance with a classic
              // belongsTo relation, we need to use belongsTo with polymorphic
              // discriminator to distinguish between the 2 models

I'm not sure if the fix is causing it to fail. But I believe the above fix was not to solve this test case rather to put the correct principalType while adding a principal. Please correct me if I am wrong.

[ebarault]

hi @akki-ng
the PR description states: "With this pull request $owner can be used", so this test needs to pass to comply with this expectation.

knowing the root cause, i was suspecting this PR wouldn't be enough to fix it, but i wanted to give it a try.

that being said, as it does not fix this test, i'm wondering what the PR fixes, which I can't tell until more tests are added.

although it might be a step forward to the solution, without knowing the added value or the side effects, we cannot move on with this PR as is i'm afraid.

[akki-ng]

Hi @ebarault,

After seeing this test I understand that its a not a complete solution to said problem.

With this pull request $owner can be used.

By this statement I meant that I could user $owner successfully on the extended User model.
For example, lets us assume that we extend 3 UserModels for an e-commerce platform

1. BusinessUser - InternalUser($businessAdmin, $businessOperation are the roles)
2. Retailer - People who bring their shop online on the platform($retailOwner is role)
3. StoreUser - Users which belong to a particular online store($storeManager, $storeOperations, $storeDeliveryGuy)

A Retailer user can be added by BusinessUser only and can be modified by $owner and BusinessUser so acls can user $owner

A StoreUser can be added by BusinessUser and Retailer but can be modified by $owner $businessOperation $retailOwner $retailOwner can be a dynamic role to check if effected storeUser instance belongs to a retail shop whose owner is in the current accessContext

In this cases getting the correct PrincipalType in role resolver will give information about the current logged in User and such decision over the role of $retailOwner can be calculated

Perhaps With this pull request $owner can be used. was not the right phrase to highlight thi PR. Better words could be correct PrincipalType in roleResolver

@ebarault Let me know if this PR makes any sense else we can close it down.

[ebarault]

I think it is a step forward to the solution, but i would need to dive in the code again to make sure the objective is met the proper way.
Would you like to try fixing the built-in $owner role all the way down? then I could assist in reviewing.

[akki-ng]

@ebarault I would love to solve the issue completely. Can you help me with some of the use-cases of test case with example. And how exactly belongsTo relation configuration being changed to support polymorphic behaviour and is there any config which says 'isOwner' in belongsTo config? These info will help me get started.

[Mr-Wiredancer]

@akki-ng Thanks for the fix. I have the same problem of having multiple extended models of User, and the app doesn't properly set principalType. But I don't understand why this cannot be merged.

[akki-ng]

@Mr-Wiredancer Welcome :-) This fix will solve many use-cases. But I believe the real issue is a bigger one where a single entity may have many belongsto relationship with multiple extended user models with the support of multiple owners/co-owners. So probably maintainers decided to wait for the complete bug fix before merging this PR.

I was busy earlier so could not do a complete fix. I'll try to fix the real issue and submit a PR soon.

[akki-ng]

@Mr-Wiredancer looks like the bigger problem is already solved. Have a look.
#3644

[bajtos]

@akki-ng

This change looks very reasonable to me 👍 and I am ok with landing it as an incremental improvement.

However, I need you to add a test that fails on the current master, passes with your fix in place - this will verify your fix and prevent regressions in the future.

[akki-ng]

@bajtos Please follow on #3823

[bajtos]

I think this can be shortened by using token instead of accessToken?

Also please use const instead of var in new code - see http://loopback.io/doc/en/contrib/style-guide.html#variable-declarations

const userPrincipalType = token.principalType || Principal.USER;

[akki-ng]

I'll complete the patch soon.

[MartinCerny-awin]

@akki-ng Hello akki, how does it look like with the patch?

[akki-ng]

@MartinCerny-awin @bajtos @Mr-Wiredancer Guys, please follow up on new PR #3823
New PR has complete patch and the test case for which will fail without the patch.

[bajtos]

See #3883