|
|
|
|
|
|
by eigenrick
4433 days ago
|
|
|
It looks like it handles Authentication and Authorization by providing a standard User model and passing tokens into the data layer. This is better than most REST SDKs, which tend to defer the entire problem to "something else". The downside is all of that unnecessary redundancy that we avoided in the demo now has to be created if we want proper access control. It would be nice to assign roles to users, and declaratively state which roles could access which verbs for which models. |
|
|
Here: http://docs.strongloop.com/display/DOC/Controlling+data+acce... is pretty much exactly what you asked for.