The project is generated by LoopBack.

create the Application add the mongodb connector and datasource

npm install loopback-connector-mongodb --save slc loopback:datasource topblogger-loopback

edit datasources.json with correct credentials

create the models and properties build the relationships

[topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Blog ? Relation type: belongs to ? Choose a model to create a relationship with: User ? Enter the property name for the relation: author ? Optionally enter a custom foreign key: [topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Blog ? Relation type: has many ? Choose a model to create a relationship with: Comment ? Enter the property name for the relation: comments ? Optionally enter a custom foreign key: ? Require a through model? No

[topblogger-api]$ slc loopback:relation ? Select the model to create the relationship from: Comment ? Relation type: belongs to ? Choose a model to create a relationship with: User ? Enter the property name for the relation: author ? Optionally enter a custom foreign key:

• View list of blogs
• View blog with comments and tags

• Create new blog -- DONE
• Publish a blog where they are the author -- DONE
• Edit blog where the are the owner -- DONE
• Comment on blog -- DONE
• Upvote blogs not owned by them (only once) -- DONE
• Downvote blogs not owned by them (only once) -- DONE
• Like a comment they did not create -- DONE
• Dislike a comment they did not create -- DONE
• Mark the blog as viewed where they are not the author
• Mark as inappropriate blogs not owned by them

Everything is centered around blogs. Any one can view a blog. Once logged in via Oauth, a user can create new blogs, edit their existing authored blogs, comment on blogs and vote on blogs. Users should be able to mark a blog as inappropriate and vote it up or down (only once).

See this repo for an example.

// restrict everything -- added ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: All (match all types) ? Select the role: All users ? Select the permission to apply: Explicitly deny access

// let all users read -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Read ? Select the role: All users ? Select the permission to apply: Explicitly grant access

// only authenticated can create -- DONE ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Write ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access

// admins can update anything

// let owners update -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: All methods and properties ? Select the access type: Write ? Select the role: The user owning the object ? Select the permission to apply: Explicitly grant access

// deny access for everyone for upvoting -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: upvote ? Select the role: All users ? Select the permission to apply: Explicitly deny access

// allow any authenticated permission to upvote -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: upvote ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access

// deny access for everyone for downvoting -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: downvote ? Select the role: All users ? Select the permission to apply: Explicitly deny access

// allow any authenticated permission to downvote -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: downvote ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access

// only allows record owners to publish blogs -- done ? Select the model to apply the ACL entry to: Blog ? Select the ACL scope: A single method ? Enter the method name: publish ? Select the role: The user owning the object ? Select the permission to apply: Explicitly grant access

// restrict access to everyone to comments -- done ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: All (match all types) ? Select the role: All users ? Select the permission to apply: Explicitly deny access

// allow anyone to read comments -- DONE ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: Read ? Select the role: All users ? Select the permission to apply: Explicitly grant access

// only authenticated can create/edit ? Select the model to apply the ACL entry to: Comment ? Select the ACL scope: All methods and properties ? Select the access type: All methods and properties ? Select the role: Any authenticated user ? Select the permission to apply: Explicitly grant access

See the Loopback Testing repo

npm install loopback-testing --save-dev

{ "content": "My first blog. So pretty!", "title": "Hello Blog Again", "authorId": "5589e23ab61c6c55fddaeb12" }

{ "email": "[email protected]", "password": "password" }

http://docs.strongloop.com/display/public/LB/PersistedModel+REST+API

Start app with NODE_ENV=test nodemon server/server.js

716 api/controller/blog.js 156 api/routes/api.js 63 api/routes/user_auth.js 337 api/services/blog.js 1,272

85 api/test/auth.js 993 api/test/blog.js 521 api/test/getBlogs.js 1,599

140 common/models/blog.js 113 common/models/comment.js 24 server/boot/routes.js 37 server/boot/setup.js 314

153 test/authenticated.js 110 test/setup.js 117 test/unauthenticated.js 380

314 = 25% of 1,272 of code 380 = 24% of 1,599