在未提供身份验证时从 Loopback 获取限制响应
Getting a limit response from Loopback, when no authentication is provided
我在文档中找不到执行此操作的方法,我也在 Stack Overflow 上进行了调查。我想在用户登录之前向用户展示我的 JSON 来自 API 响应的有限视图。
例如,我有一本电子书想在线销售。我希望他们在未登录时只看到本书的预览 link (epubFile.notAuthoried),在登录时看到完整的 link (epubFile.authorized)。两个 link 都在相同的 table.
中表示
[
{
"title": "string",
"subTitle": "string",
"isPublished": true,
"publicationDate": "2017-10-20T11:07:31.258Z",
"epubFile": {
"notAuthorized": "filename-noauth.epub"
"authorized": "filename-auth.epub"
}
"id": "string",
"createdOn": "2017-10-20T11:07:31.258Z",
"updatedOn": "2017-10-20T11:07:31.258Z"
}
]
甚至可以从回送中的 API 端点过滤掉字段吗?
还是我需要构建一个新的自定义 API 端点?
首先,您必须将 find 和 findById 方法的权限设置为 $everyone,以便授权和未授权用户都可以调用它们
{
"name": "eBook",
"base": "PersistedModel",
[...]
"acls": [
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property":["find", "findById]
]
}
接下来,您必须连接到远程方法并根据用户是否登录修改响应
const previewProperites = ['title', 'subTitle', etc...]
Ebook.afterRemote('find', (ctx, ebooks, next) => {
// pseudo code
if(!ctx.options.accessToken){
// no user logged in, only keep preview properties
ebooks.forEach(book => {
// get the properties of the book
var eBookProperties = Object.keys(book.__data);
eBookProperties.forEach(bookProp =>{
if(!previewProperties.some(pProp => pProp === bookProp)){
// ebook property not in preview list, so remove it
delete book.__data[bookProp]; // .__data is where loopback keeps its actual data
}
});
});
}
next();
}
我在文档中找不到执行此操作的方法,我也在 Stack Overflow 上进行了调查。我想在用户登录之前向用户展示我的 JSON 来自 API 响应的有限视图。
例如,我有一本电子书想在线销售。我希望他们在未登录时只看到本书的预览 link (epubFile.notAuthoried),在登录时看到完整的 link (epubFile.authorized)。两个 link 都在相同的 table.
中表示[
{
"title": "string",
"subTitle": "string",
"isPublished": true,
"publicationDate": "2017-10-20T11:07:31.258Z",
"epubFile": {
"notAuthorized": "filename-noauth.epub"
"authorized": "filename-auth.epub"
}
"id": "string",
"createdOn": "2017-10-20T11:07:31.258Z",
"updatedOn": "2017-10-20T11:07:31.258Z"
}
]
甚至可以从回送中的 API 端点过滤掉字段吗? 还是我需要构建一个新的自定义 API 端点?
首先,您必须将 find 和 findById 方法的权限设置为 $everyone,以便授权和未授权用户都可以调用它们
{
"name": "eBook",
"base": "PersistedModel",
[...]
"acls": [
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property":["find", "findById]
]
}
接下来,您必须连接到远程方法并根据用户是否登录修改响应
const previewProperites = ['title', 'subTitle', etc...]
Ebook.afterRemote('find', (ctx, ebooks, next) => {
// pseudo code
if(!ctx.options.accessToken){
// no user logged in, only keep preview properties
ebooks.forEach(book => {
// get the properties of the book
var eBookProperties = Object.keys(book.__data);
eBookProperties.forEach(bookProp =>{
if(!previewProperties.some(pProp => pProp === bookProp)){
// ebook property not in preview list, so remove it
delete book.__data[bookProp]; // .__data is where loopback keeps its actual data
}
});
});
}
next();
}