The project is generated by LoopBack.
create the Application add the mongodb connector and datasource
npm install loopback-connector-mongodb --save slc loopback:datasource topblogger-loopback
edit datasources.json with correct credentials
create the models and properties build the relationships
[topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Blog ? Relation type: belongs to ? Choose a model to create a relationship with: User ? Enter the property name for the relation: author ? Optionally enter a custom foreign key: [topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Blog ? Relation type: has many ? Choose a model to create a relationship with: Comment ? Enter the property name for the relation: comments ? Optionally enter a custom foreign key: ? Require a through model? No
[topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Comment ? Relation type: belongs to ? Choose a model to create a relationship with: User ? Enter the property name for the relation: author ? Optionally enter a custom foreign key:
- View list of blogs
- View blog with comments and tags
- Create new blog -- DONE
- Publish a blog where they are the author -- DONE
- Edit blog where the are the owner -- DONE
- Comment on blog -- DONE
- Upvote blogs not owned by them (only once) -- DONE
- Downvote blogs not owned by them (only once) -- DONE
- Like a comment they did not create -- DONE
- Dislike a comment they did not create -- DONE
- Mark the blog as viewed where they are not the author
- Mark as inappropriate blogs not owned by them
Everything is centered around blogs. Any one can view a blog. Once logged in via Oauth, a user can create new blogs, edit their existing authored blogs, comment on blogs and vote on blogs. Users should be able to mark a blog as inappropriate and vote it up or down (only once).
See this repo for an example.
// restrict everything -- added ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: All (match all types) ? Select the role: All users ? Select the permission to apply: Explicitly deny access
// let all users read -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Read ? Select the role: All users ? Select the permission to apply: Explicitly grant access
// only authenticated can create -- DONE ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Write ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access
// admins can update anything
// let owners update -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Write ? Select the role: The user owning the object ? Select the permission to apply: Explicitly grant access
// deny access for everyone for upvoting -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: upvote ? Select the role: All users ? Select the permission to apply: Explicitly deny access
// allow any authenticated permission to upvote -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: upvote ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access
// deny access for everyone for downvoting -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: downvote ? Select the role: All users ? Select the permission to apply: Explicitly deny access
// allow any authenticated permission to downvote -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: downvote ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access
// only allows record owners to publish blogs -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: publish ? Select the role: The user owning the object ? Select the permission to apply: Explicitly grant access
// restrict access to everyone to comments -- done ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: All (match all types) ? Select the role: All users ? Select the permission to apply: Explicitly deny access
// allow anyone to read comments -- DONE ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: Read ? Select the role: All users ? Select the permission to apply: Explicitly grant access
// only authenticated can create/edit ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: All methods and properties ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access
See the Loopback Testing repo
npm install loopback-testing --save-dev
{ "content": "My first blog. So pretty!", "title": "Hello Blog Again", "authorId": "5589e23ab61c6c55fddaeb12" }
{ "email": "[email protected]", "password": "password" }
http://docs.strongloop.com/display/public/LB/PersistedModel+REST+API
Start app with NODE_ENV=test nodemon server/server.js
716 api/controller/blog.js 156 api/routes/api.js 63 api/routes/user_auth.js 337 api/services/blog.js 1,272
85 api/test/auth.js 993 api/test/blog.js 521 api/test/getBlogs.js 1,599
140 common/models/blog.js 113 common/models/comment.js 24 server/boot/routes.js 37 server/boot/setup.js 314
153 test/authenticated.js 110 test/setup.js 117 test/unauthenticated.js 380
314 = 25% of 1,272 of code 380 = 24% of 1,599