how to exclude results in loopback based on related models - loopbackjs

I am using mongo connector.
I have a offers model which has a hasMany relation with my Users model via interested_users key. Basically the idea is that an user can mark an offer as interested or not_interested, and I need to exclude the not_interested offers. What is the best/efficient way to achieve this?

I am still not sure I fully understand your issue, but it is definitely related to querying data with loopback REST API, and especially where filter
If your model offer has a property someone_is_interested (boolean), then the following request could work for you
GET /api/offers/?filter[where][someone_is_interested]=true
But I have the feeling you want to use the relation to store all users that are interested in an offer. In this case, simply establish the relation between any interested user and the offer with this request (in the database, one instance of offer with id=1, and a user with id=2:
PUT /api/offers/1/interested_users/rel/2
And to remove the relation (just the relation, not the user or offer)
DELETE /api/offers/1/interested_users/rel/2
Then, you can simply query all related users of offer with id=1, which will give you all interested users on that offer
GET /api/offers/1/interested_users

Related

Loopback relationship nested $owner?

in order to own the model, you need put "belongTo" in the relationship to User model in json file.
I have a case, Customer is belong to User and CustomerMedical is belong to customer. I am keep getting 401 code when I try to access CustomerMedical. I set CustomerMedical "belongTo" Customer. Is there anyway loopback is smart enough to know CustomerMedical also belongTo this user?
Is there anyway loopback is smart enough to know CustomerMedical also belongTo this user?
Not unless you tell him also that CustomerMedical belongsTo user as well. You can add as many relations to a model as you want.
However, I don't know how you intend to use the User model, but your relation Customer belongsTo User is kind of weird, I have the feeling you may want to make Customer extend User (see extending built-in models)
Then should you just define CustomerMedical belongsTo Customer. (and use Customer for authentication as well).
Hope this helps.

How to reference a Model from within the User model

The overall use case is that I want to lookup the correct Business for an authenticated User at the start of each view function so that I can look up relevant info for the appropriate Business.
In my app, an User can only be mapped to one Business, and a Business can map to many Users. To create this mapping, I would like to put a foreign key for a Business in the User model. The Django documentation I've read states that creating a custom User model, which this would require, is not necessary for most applications.
Having such a mapping of an User to something else seems like a pretty common use case, so I'm wondering if there is a simpler way to do this that I'm not aware of.
One approach I thought of would be to have a BusinessUserMapping model, which would contain foreign keys to both Businesses and Users. I could then do a lookup of a BusinessUserMapping where the User foreign key matches the current User, but this seems somewhat convoluted.
Any advice on a better way to look up a Business based on the User?

Extend Django user model with custom fields, receivers and backend

I am designing a Django application (v1.6) and need to do several things with users:
Add custom fields, such as a foreign key for user department
Trigger database changes when certain fields change. For example, when the user's department changes I need to move inventory in another model out of the old department and into the new. I was planning to use a pre_save receiver to do this.
Define custom permissions, such as a user can only modify rows in a table that are associated with their department.
Eventually I want to integrate the application with our Active Directory server for authentication.
I looked at the options in the documentation and see that there are several options, from extending the user model with a one-to-one relationship to writing a custom user model.
What design should I use to meet all of the above goals?
Take a look at this blog post: it provides all the design principles to achieve your goals.
http://www.roguelynn.com/words/django-custom-user-models/
I would also take a look here for more information about Configurable User Models, if you want to have your own authentication scheme:
http://procrastinatingdev.com/django/using-configurable-user-models-in-django-1-5/
I also found the following reference helpful: http://www.sofokus.com/blogi/custom-user-model/

Django security

hope someone can help me.
I have a stack with Django and tasty pie (I use apikey to authenticate and authorize the users). Let me explain what Im trying to do.
I have several users who can only access their data, so imagine that a user through a rest service access all the rows of the model requestoffer, as follows.
http://127.0.0.1:8001/api/v1/requestoffer/?format=json&username=door1&api_key=84051c6fd1581ad60ffa96bcf5a50d3fc11ccdd3
But I dont want that user access all the requestoffers, I just want him to access the ones he is "proprietary".
Do you have any idea how to do this with either Django or Tastypie?
Did I make myself clear?
If every row belongs to one specific user then you can add it as a foreign key to requestoffer and filter the queryset by the user. Another approach would be to extend Authorization class and implement apply_limits.
class MyAuthorization(DjangoAuthorization):
def apply_limits(self, request, object_list):
if request and hasattr(request, 'user'):
return object_list.filter(requestoffer__user=request.user.id)
return object_list.none()
There are a lot of ways to achieve permission management. Which one suits your needs is totally up to you. One way to achieve this might be to create an 'ownership' relation with the model in question, then create a manager for that model only returning records based on the request. The documentation on model managers is pretty straight forward (and elegant).
To automate the record ownership you could create a CurrentUserField as described in Pro Django, there's also multiple ways to implement that. So a long story short, you should just learn by trial-and-error.

Tastypie - Queryset or filters

Im using tastypie and i just ran into a problem.
My problem:
Users can post messages and if other users are subscribed to that user they can see those message on their homepage. Its exactly like twitter users tweeting and followers looking at their tweets.
I have a public api for all messages.
I can filter a particular users messages using ?userid=1
Bad solution to problem:
I can filter multiple users messages (and thus solve the problem) using
?userid__in=1&userid__=5&...
But this is not a good way because the url length is going to increase to a possibly unallowed amount. (2000 characters)
Is there a better way of doing this?
Is there a way I can use request.user in a queryset to do a join?
Or should I use some sort of advanced filtering?
Thank YOU!
Tastypie already supports this via __in filtering (everything that ORM supports Tastypie exposes, except negations). No coding is necessary.
Look here: http://django-tastypie.readthedocs.org/en/v0.9.11/resources.html#basic-filtering
path/to/api/resource/?user_id__in=1,2,3,4,5,6
However, you can still have the problem of your URL becoming huge with someone subscribed to many users. What you can do instead is keep this information in the DB model (which user is subscribed to which user as a recursive ManyToMany relationship within the model through a separate joint model).
Then you could expose this through your resource without ever having to specify subscriptions through your URL as a parameter and/or filter. Instead your base queryset in the resource would be:
userids = request.user.subscription_userset.values(id)
provided that you have a self ManyToManyRelationship in your User model. Look here, and here.
What if you had someone pass in a list of user_ids they wanted to see updates for, and then filtered on that? Something like this:
URL: your/api/messages.json?user_ids=5,8,10,25
And then in the code you'd convert that into an actual list, and query:
Message.objects.filter(user__id__in=user_ids)