1 00:00:03,550 --> 00:00:06,360 In the previous exercise, 2 00:00:06,360 --> 00:00:10,860 we have seen how easy it was for us to configure and then 3 00:00:10,860 --> 00:00:15,950 scaffold out a recipient server using the LoopBack framework. 4 00:00:15,950 --> 00:00:20,895 We see that this LoopBack framework supports an entire spectrum 5 00:00:20,895 --> 00:00:23,040 of the recipient endpoints and 6 00:00:23,040 --> 00:00:26,324 all the operations of the recipient endpoints automatically for us, 7 00:00:26,324 --> 00:00:28,590 when we scaffold out our application. 8 00:00:28,590 --> 00:00:31,755 In this exercise, we will look at how we can connect 9 00:00:31,755 --> 00:00:35,800 our LoopBack server to a back-end database, 10 00:00:35,800 --> 00:00:38,926 or MongoDB in this instance, 11 00:00:38,926 --> 00:00:45,565 and we'll also see how we can set up various access controls on the recipient endpoints. 12 00:00:45,565 --> 00:00:47,575 So using the access controls, 13 00:00:47,575 --> 00:00:52,010 we can specify what kind of operations can be carried out on the recipient endpoints, 14 00:00:52,010 --> 00:00:56,730 and who will be allowed to carry out those operations. 15 00:00:56,730 --> 00:01:02,385 So for example, an unauthenticated user or a guest can only 16 00:01:02,385 --> 00:01:08,666 access information or do a get operation on the recipient endpoints, 17 00:01:08,666 --> 00:01:13,484 an authenticated user would be able to also do the same, 18 00:01:13,484 --> 00:01:21,240 but only an administrator would be able to write data into my server. 19 00:01:21,240 --> 00:01:27,025 So, any put, post and delete operations can only be carried out by an administrator. 20 00:01:27,025 --> 00:01:32,535 Along the way we will also see how we can set up an admin account in our LoopBack server, 21 00:01:32,535 --> 00:01:35,250 and then configure it so that 22 00:01:35,250 --> 00:01:38,880 only the admin user will be allowed to perform these operations. 23 00:01:38,880 --> 00:01:42,246 So this is where LoopBack allows us to define something 24 00:01:42,246 --> 00:01:46,080 called roles associated with various users. 25 00:01:46,080 --> 00:01:48,645 So each user can be assigned a role. 26 00:01:48,645 --> 00:01:52,170 As an example, you can talk about an ordinary user, 27 00:01:52,170 --> 00:01:55,915 an administrator, a super admin and so on. 28 00:01:55,915 --> 00:02:00,675 So you can subdivide your set of users into various groups, 29 00:02:00,675 --> 00:02:03,793 and then assign various roles to them. 30 00:02:03,793 --> 00:02:09,885 Also we will look at how the built-in user model can be further customized, 31 00:02:09,885 --> 00:02:11,790 within our LoopBack application, 32 00:02:11,790 --> 00:02:16,290 and how we can build another model on top of the user model, 33 00:02:16,290 --> 00:02:19,710 and then use the user model as the base class 34 00:02:19,710 --> 00:02:23,400 and develop a higher level model called the Customer Model, 35 00:02:23,400 --> 00:02:27,060 which allows us to store additional information for each 36 00:02:27,060 --> 00:02:30,999 of the customers that will login to our site. 37 00:02:30,999 --> 00:02:38,040 So, let's explore some of these features of LoopBack in this exercise. 38 00:02:38,040 --> 00:02:40,830 To get started on this exercise, 39 00:02:40,830 --> 00:02:42,645 the first thing that I would like you to do, 40 00:02:42,645 --> 00:02:44,040 is to start up your MongoDB server. 41 00:02:44,040 --> 00:02:49,545 So here I am in another terminal tab in my MongoDB folder, 42 00:02:49,545 --> 00:02:52,950 where I configured my MongoDB server earlier, 43 00:02:52,950 --> 00:02:59,065 which was used by my Express Plus MongoDB server in the previous exercises. 44 00:02:59,065 --> 00:03:03,775 So let me start up the MongoDB server by typing 45 00:03:03,775 --> 00:03:11,190 MongoD minus D-B part data 46 00:03:11,190 --> 00:03:15,334 in this folder and then start up my MongoDB server. 47 00:03:15,334 --> 00:03:20,005 Now, I'm going to connect my LoopBack server to my MongoDB server. 48 00:03:20,005 --> 00:03:23,920 So going into my LoopBack server folder here, 49 00:03:23,920 --> 00:03:28,560 I've to prompt type L-B data source. 50 00:03:28,560 --> 00:03:32,820 This will allow us to configure the data source for our LoopBack Server. 51 00:03:32,820 --> 00:03:39,460 LoopBack itself can simultaneously connect to multiple data sources if you so choose to, 52 00:03:39,460 --> 00:03:41,843 and it supports various kinds. 53 00:03:41,843 --> 00:03:46,800 It supports My Cycle databases, it supports MongoDB, 54 00:03:46,800 --> 00:03:52,175 it supports Cloudant which is also another document database, 55 00:03:52,175 --> 00:03:58,410 it supports Oracle, and many other kinds of databases. 56 00:03:58,410 --> 00:04:01,830 So, you can easily configure that. 57 00:04:01,830 --> 00:04:04,620 In this example, I'm going to configure my LoopBack server 58 00:04:04,620 --> 00:04:07,810 to talk to my MongoDB in the back-end. 59 00:04:07,810 --> 00:04:09,445 So at the prompt, 60 00:04:09,445 --> 00:04:11,590 if we type L-B datasource, 61 00:04:11,590 --> 00:04:14,610 it'll prompt us for information. 62 00:04:14,610 --> 00:04:18,155 So first thing it'll ask us is for the datasource name, 63 00:04:18,155 --> 00:04:24,570 and then I will configure this datasource name as MongoDB, 64 00:04:24,570 --> 00:04:29,315 and then it'll prompt me to select the connector. 65 00:04:29,315 --> 00:04:36,120 LoopBack uses connectors to connect to various databases behind the scenes. 66 00:04:36,120 --> 00:04:38,790 So as you can see, the in-memory DB which is the one that 67 00:04:38,790 --> 00:04:41,795 they just used in the previous exercise, 68 00:04:41,795 --> 00:04:45,105 but of course the in-memory DB means that once you shutdown your server, 69 00:04:45,105 --> 00:04:47,220 all the values will be gone, 70 00:04:47,220 --> 00:04:51,080 and so that is not a persistent data storage. 71 00:04:51,080 --> 00:04:58,440 So here you see the various kinds of databases that StrongLoop supports here. 72 00:04:58,440 --> 00:05:06,720 So you can see the long list of the various databases that are supported. 73 00:05:06,720 --> 00:05:09,280 So you can see that it supports Cassandra, Redis, 74 00:05:09,280 --> 00:05:15,360 we had briefly referred to these when we talked about noSQL databases, MongoDB, 75 00:05:15,360 --> 00:05:18,385 My SQL, PostGres, Oracle, 76 00:05:18,385 --> 00:05:24,325 and even directly to other Rest API servers to SOAP servers, 77 00:05:24,325 --> 00:05:26,865 Coachbase and so on. 78 00:05:26,865 --> 00:05:29,040 So you see that it provides us with 79 00:05:29,040 --> 00:05:33,450 a long list of various kinds of data sources from there, 80 00:05:33,450 --> 00:05:36,783 our LoopBack server can read in information. 81 00:05:36,783 --> 00:05:39,835 In my case, I am going to use the MongoDB server so I 82 00:05:39,835 --> 00:05:43,170 am going to set up the MongoDB connector. 83 00:05:43,170 --> 00:05:44,660 So when I do that, 84 00:05:44,660 --> 00:05:50,775 LoopBack will automatically install the MongoDB connector for us, 85 00:05:50,775 --> 00:05:54,550 and when it asks for the connection string URL, 86 00:05:54,550 --> 00:05:57,810 we'll just leave this as empty because we will allow 87 00:05:57,810 --> 00:06:01,570 it to use the standard way of configuring. 88 00:06:01,570 --> 00:06:04,550 When it asks for the host we will say 89 00:06:04,550 --> 00:06:09,815 localhost because we are running our MongoDB on the same computer. 90 00:06:09,815 --> 00:06:11,260 Otherwise, you will specify 91 00:06:11,260 --> 00:06:16,275 the hostname of the computer on which you are MongoDB is running. 92 00:06:16,275 --> 00:06:20,080 Then the next one is the port number and we are 93 00:06:20,080 --> 00:06:24,665 using our standard MongoDB port number 27017, 94 00:06:24,665 --> 00:06:29,186 and it will also ask for the username and password if required, 95 00:06:29,186 --> 00:06:32,770 and right now my MongoDB is running without having to 96 00:06:32,770 --> 00:06:36,850 do any authentication so I leave the username and password empty, 97 00:06:36,850 --> 00:06:38,575 and the database name. 98 00:06:38,575 --> 00:06:44,490 The database name on the MongoDB server that is running behind the scenes, 99 00:06:44,490 --> 00:06:47,390 the database name there is confusion. 100 00:06:47,390 --> 00:06:52,040 If you recall that's the database name that they have set up on our MongoDB server. 101 00:06:52,040 --> 00:06:56,900 And then it'll ask us whether it should install the LoopBack connector, 102 00:06:56,900 --> 00:06:58,750 and I will say yes, 103 00:06:58,750 --> 00:07:02,410 and will actually go ahead and install the NPM module which access 104 00:07:02,410 --> 00:07:07,715 the LoopBack connector to the MongoDB database. 105 00:07:07,715 --> 00:07:09,415 And once that is done, 106 00:07:09,415 --> 00:07:14,630 my Loopback connector is installed here so you can see that this is version 1.18.1 107 00:07:14,630 --> 00:07:19,910 and my LoopBack server is all ready to talk to my MongoDB. 108 00:07:19,910 --> 00:07:22,615 Now before I proceed forward, 109 00:07:22,615 --> 00:07:26,090 in the previous exercise I don't really configure some models 110 00:07:26,090 --> 00:07:30,115 and then I specify them to be stored in the DB, 111 00:07:30,115 --> 00:07:35,295 I will need to go and update them to store their data in my MongoDB. 112 00:07:35,295 --> 00:07:41,610 So, let's go and quickly reset our code for the LoopBack server. 113 00:07:41,610 --> 00:07:44,770 This also provides us with an opportunity to look at 114 00:07:44,770 --> 00:07:49,030 what my Loopback server itself has configured in this folder. 115 00:07:49,030 --> 00:07:54,730 Opening the LoopBack folder in our editor, 116 00:07:54,730 --> 00:07:58,200 you can see that Loopback has already 117 00:07:58,200 --> 00:08:02,000 scaffold out a whole bunch of files into this folder. 118 00:08:02,000 --> 00:08:04,080 The package.json of course contains 119 00:08:04,080 --> 00:08:10,275 all the related NPM modules that have been configured out here, 120 00:08:10,275 --> 00:08:17,901 and in here you can see that LoopBack itself has configured out the LoopBack NPM module, 121 00:08:17,901 --> 00:08:20,970 the LoopBack boot module and in 122 00:08:20,970 --> 00:08:24,840 particular let me draw your attention to the LoopBack MongoDB connector, 123 00:08:24,840 --> 00:08:32,055 that we had just installed a short while ago, and many others. 124 00:08:32,055 --> 00:08:36,150 In particular the configuration for the Loopback server is all 125 00:08:36,150 --> 00:08:40,075 stored mostly in Json files here, 126 00:08:40,075 --> 00:08:44,970 with additional javascriptcore whenever required. 127 00:08:44,970 --> 00:08:50,670 We'll look up the javascript code customization a little bit later. 128 00:08:50,670 --> 00:08:53,875 Let me draw your attention to this folder called common. 129 00:08:53,875 --> 00:08:55,850 In this common folder, 130 00:08:55,850 --> 00:09:01,725 you will see all the models that we have configured out earlier. 131 00:09:01,725 --> 00:09:04,860 So you'll see that we have the dishes.Json files. 132 00:09:04,860 --> 00:09:09,210 So when you open the dishes.json file, you see how LoopBack 133 00:09:09,210 --> 00:09:14,695 stores all the information about the dishes model that you had just created, 134 00:09:14,695 --> 00:09:17,790 so it has the name, the base, 135 00:09:17,790 --> 00:09:21,655 and some other values here that it requires. 136 00:09:21,655 --> 00:09:27,369 And then look at the properties and how all the properties are stored in here. 137 00:09:27,369 --> 00:09:30,735 So you see some things that are very easy for you to 138 00:09:30,735 --> 00:09:34,790 recognize they're in the dishes.json file. 139 00:09:34,790 --> 00:09:39,040 Similarly, the leaders.json and the promotions.json. 140 00:09:39,040 --> 00:09:42,171 The dishes.js file is big, 141 00:09:42,171 --> 00:09:46,007 we can add in some additional customization code for the dishes, 142 00:09:46,007 --> 00:09:48,050 but right now we're not going to do that, 143 00:09:48,050 --> 00:09:50,755 and so we'll just leave it as is. 144 00:09:50,755 --> 00:09:56,130 So this is where you can add in some additional code that may 145 00:09:56,130 --> 00:10:02,610 need to be executed when you access the slash dishes end point. 146 00:10:02,610 --> 00:10:07,630 But right now we are going to be leaving it blank for the moment. 147 00:10:07,630 --> 00:10:11,725 Now let's also look at the server folder here. 148 00:10:11,725 --> 00:10:13,465 And the server folder, 149 00:10:13,465 --> 00:10:18,745 in particular let me draw your attention to the datasources.json file here. 150 00:10:18,745 --> 00:10:20,996 In the data sources.json file, 151 00:10:20,996 --> 00:10:23,740 all the different data sources will be configured here. 152 00:10:23,740 --> 00:10:26,470 So right now, we only have the DB which is 153 00:10:26,470 --> 00:10:31,634 the in-memory DB database that LoopBack by default configures, 154 00:10:31,634 --> 00:10:34,045 and then the MongoDB which we just configured, 155 00:10:34,045 --> 00:10:36,700 only absorbed the information that the input has 156 00:10:36,700 --> 00:10:40,570 been stored into that datasources,json file. 157 00:10:40,570 --> 00:10:46,880 So, you'll see that LoopBack itself operates by configuring all these files 158 00:10:46,880 --> 00:10:50,493 which the LoopBack framework itself makes use of when it 159 00:10:50,493 --> 00:10:56,332 starts up the LoopBack-based rest API server. 160 00:10:56,332 --> 00:11:00,620 Let's go into the model config.json file here. 161 00:11:00,620 --> 00:11:03,050 The model config.json file itself 162 00:11:03,050 --> 00:11:09,028 stores a lot of information here which is useful for us, 163 00:11:09,028 --> 00:11:13,810 but in here, let's go in and modify a few things. 164 00:11:13,810 --> 00:11:20,500 So into this, we will see that there're again for the dishes, 165 00:11:20,500 --> 00:11:24,965 promotions and leaders, the data source has been configured as DB. 166 00:11:24,965 --> 00:11:32,150 So we are going to modify that to MongoDB here. 167 00:11:32,150 --> 00:11:34,700 Not only for this one, 168 00:11:34,700 --> 00:11:39,053 they'll also change that for promotions, and also leaders, 169 00:11:39,053 --> 00:11:45,590 meaning, that all these three will derive their data from the MongoDB. 170 00:11:45,590 --> 00:11:48,720 Also, for the Role that is defined here. 171 00:11:48,720 --> 00:11:50,170 We'll also store in MongoDB. 172 00:11:50,170 --> 00:11:53,635 We'll pretty soon see how we'll make use of the Role, 173 00:11:53,635 --> 00:11:56,290 and also the RoleMapping here. 174 00:11:56,290 --> 00:12:00,675 We'll understand the reason for these two in a short while. 175 00:12:00,675 --> 00:12:04,030 And then, ACL, the Access Control Lists, 176 00:12:04,030 --> 00:12:07,740 these will also be stored in MongoDB. 177 00:12:07,740 --> 00:12:10,210 And then, the user, also, 178 00:12:10,210 --> 00:12:12,105 we will store it in MongoDB, 179 00:12:12,105 --> 00:12:13,848 and then they will leave it there. 180 00:12:13,848 --> 00:12:17,175 So, these are the modifications that you should do to 181 00:12:17,175 --> 00:12:23,744 the model-config.json file and then save the changes. 182 00:12:23,744 --> 00:12:27,239 As I mentioned earlier, Loopback by default, 183 00:12:27,239 --> 00:12:29,705 supports this model called, user, 184 00:12:29,705 --> 00:12:33,215 which is used for supporting user authentication. 185 00:12:33,215 --> 00:12:36,890 The user model itself stores only three different properties. 186 00:12:36,890 --> 00:12:40,100 The user name, the email address, 187 00:12:40,100 --> 00:12:42,890 and the password related information. 188 00:12:42,890 --> 00:12:44,060 Now, if they want to have 189 00:12:44,060 --> 00:12:49,125 a more elaborate way of storing additional information about users. 190 00:12:49,125 --> 00:12:54,200 Then they can subclass this user-base model, 191 00:12:54,200 --> 00:12:56,180 and then make use of that. 192 00:12:56,180 --> 00:12:57,950 So, in this next step, 193 00:12:57,950 --> 00:13:01,880 I'm going to create another model called, the customer model, 194 00:13:01,880 --> 00:13:08,490 which will use the user as the base model for its functioning. 195 00:13:08,490 --> 00:13:13,005 And the customer model itself will store additional information about users. 196 00:13:13,005 --> 00:13:14,255 So, in the customer model, 197 00:13:14,255 --> 00:13:16,820 I will store the things like the first name, 198 00:13:16,820 --> 00:13:20,900 the last name, and the image for the user and so on. 199 00:13:20,900 --> 00:13:24,035 So, the customer will act exactly like the user model, 200 00:13:24,035 --> 00:13:29,889 which already comes with its own set of the methods. 201 00:13:29,889 --> 00:13:32,780 And so the user model is used for the user authentication, 202 00:13:32,780 --> 00:13:34,700 so you can type in the username and password, 203 00:13:34,700 --> 00:13:35,930 and log in and log out. 204 00:13:35,930 --> 00:13:41,850 So, when we created this customer model based upon the base class of the user model, 205 00:13:41,850 --> 00:13:44,742 the customer model will also support the log in and log out 206 00:13:44,742 --> 00:13:47,680 operations in using this customer model. 207 00:13:47,680 --> 00:13:51,880 So, we can log in the user and log out the user and so on. 208 00:13:51,880 --> 00:13:56,520 So, the user authentication automatically comes for the right. 209 00:13:56,520 --> 00:13:59,750 So, to create the customer model, at the prompt, 210 00:13:59,750 --> 00:14:03,340 type lb model and for the model name, 211 00:14:03,340 --> 00:14:06,440 we will type Customer. 212 00:14:06,440 --> 00:14:10,700 And the dataSource, I will choose it as MongoDB. 213 00:14:10,700 --> 00:14:15,080 And then when it asks for selecting the model's base class, 214 00:14:15,080 --> 00:14:17,435 instead of using the PersistedModel, 215 00:14:17,435 --> 00:14:18,875 we will move down, 216 00:14:18,875 --> 00:14:23,570 and then select the User as the base class. 217 00:14:23,570 --> 00:14:27,215 So, that way, it'll derive all their properties 218 00:14:27,215 --> 00:14:31,275 of the base user class that is already built into Loopback. 219 00:14:31,275 --> 00:14:35,370 And then we will expose this with the REST API, 220 00:14:35,370 --> 00:14:39,353 and the custom plural MT. 221 00:14:39,353 --> 00:14:42,765 And then this would be in the common folder. 222 00:14:42,765 --> 00:14:49,081 And for this, the three properties that we will add are, 223 00:14:49,081 --> 00:14:54,900 first name, which would we have the types string. 224 00:14:54,900 --> 00:14:58,700 And this is not required or doesn't have a Default value. 225 00:14:58,700 --> 00:15:05,895 And then, last name again as the type string, 226 00:15:05,895 --> 00:15:08,825 not required, and no Default value. 227 00:15:08,825 --> 00:15:11,860 And then image of the type string, 228 00:15:11,860 --> 00:15:15,249 not required and no Default value. 229 00:15:15,249 --> 00:15:18,095 So, you see that the customer class itself 230 00:15:18,095 --> 00:15:22,546 carries additional properties in addition to the user class. 231 00:15:22,546 --> 00:15:25,006 the user class already supports the user name, 232 00:15:25,006 --> 00:15:28,465 the email and the password related information in there. 233 00:15:28,465 --> 00:15:30,185 So, the customer class, 234 00:15:30,185 --> 00:15:32,030 since sub class is the base class, 235 00:15:32,030 --> 00:15:38,405 we'll get the user name and the email automatically from the user class. 236 00:15:38,405 --> 00:15:41,870 And now, when you go to the model-config.jason file, 237 00:15:41,870 --> 00:15:46,725 you will see that the Customer model has already been added in there. 238 00:15:46,725 --> 00:15:48,390 And then in the common models, 239 00:15:48,390 --> 00:15:51,278 you'll now see the customer.json file added in there 240 00:15:51,278 --> 00:15:55,365 with these three additional properties that we have added to the customer model. 241 00:15:55,365 --> 00:16:02,020 But note, that it specifies the base as the user class for the customer model here. 242 00:16:02,020 --> 00:16:04,760 So, that's how Loopback allows you to take 243 00:16:04,760 --> 00:16:09,832 a base-model class and then subclass that into the model class. 244 00:16:09,832 --> 00:16:16,340 So, you'll see how Loopback enables us to automatically support user authentication using 245 00:16:16,340 --> 00:16:23,855 the user class and then allows us to even define additional subclass of that, 246 00:16:23,855 --> 00:16:29,780 which will store additional information related to the user-base class. 247 00:16:29,780 --> 00:16:32,660 Next, we will set up Access Control for 248 00:16:32,660 --> 00:16:38,210 the various models that we have already set up in our Loopback server. 249 00:16:38,210 --> 00:16:40,190 So, to set up Access Control, 250 00:16:40,190 --> 00:16:45,170 or the Access Control Lists in Lookback. 251 00:16:45,170 --> 00:16:49,730 Loopback uses these Access Control Lists as a way of specifying what kind of 252 00:16:49,730 --> 00:16:51,290 operations can be performed on 253 00:16:51,290 --> 00:16:55,280 the different REST API endpoints are corresponding with the different models. 254 00:16:55,280 --> 00:16:58,695 So, to do that, we'll type at the prompt lb acl, 255 00:16:58,695 --> 00:17:01,880 ACL stands for Access Control Lists. 256 00:17:01,880 --> 00:17:06,980 And then, when this run out, we'll say, 257 00:17:06,980 --> 00:17:11,960 which model we want this Access Control List to be applied to. 258 00:17:11,960 --> 00:17:14,678 And then we'll say, all existing models. 259 00:17:14,678 --> 00:17:18,845 And we'll say, All metrics and properties. 260 00:17:18,845 --> 00:17:20,810 And we will say, 261 00:17:20,810 --> 00:17:23,233 All types of operations. 262 00:17:23,233 --> 00:17:25,910 And then, we'll say, All users. 263 00:17:25,910 --> 00:17:28,730 And then we'll say, Explicitly deny access. 264 00:17:28,730 --> 00:17:32,976 So, we are first closing off all the models for everything, 265 00:17:32,976 --> 00:17:34,670 then we will slowly open up, 266 00:17:34,670 --> 00:17:38,270 whatever operations that can be performed by different users. 267 00:17:38,270 --> 00:17:40,385 So, first step, we have closed off 268 00:17:40,385 --> 00:17:45,715 all the types of operations on all the models that we currently have. 269 00:17:45,715 --> 00:17:51,740 Then, we will slowly start opening each and every of the operations, step by step. 270 00:17:51,740 --> 00:17:53,300 Now, the next step, 271 00:17:53,300 --> 00:17:59,960 what we will do is again set up the next Access Control List. 272 00:17:59,960 --> 00:18:02,525 In the second Access Control List, we'll say, 273 00:18:02,525 --> 00:18:06,095 for all existing models and we'll say, 274 00:18:06,095 --> 00:18:08,930 All metrics and properties. 275 00:18:08,930 --> 00:18:13,400 And then, we will say, only Read access. 276 00:18:13,400 --> 00:18:18,416 Meaning, when the user can perform the GET operations on these end ports. 277 00:18:18,416 --> 00:18:24,680 And these GET operations can be performed by all users. 278 00:18:24,680 --> 00:18:27,805 So, users can retrieve information. 279 00:18:27,805 --> 00:18:31,605 And we'll explicitly grant the access for this. 280 00:18:31,605 --> 00:18:35,804 So, which means that GET operations are allowed on the REST API endpoints node. 281 00:18:35,804 --> 00:18:37,610 First, we closed off everything, 282 00:18:37,610 --> 00:18:40,880 then we opened only the GET operations for the users. 283 00:18:40,880 --> 00:18:46,175 Now, finally, they will go to each one of the models, 284 00:18:46,175 --> 00:18:49,490 and then close off and allow certain operations only to 285 00:18:49,490 --> 00:18:53,068 be performed by certain kinds of users. 286 00:18:53,068 --> 00:18:54,625 So, to do that, 287 00:18:54,625 --> 00:19:00,511 the next ACL that we will set up is for a specific model. 288 00:19:00,511 --> 00:19:03,197 So, we'll set up this one for dishes. 289 00:19:03,197 --> 00:19:06,445 And we'll say, A single method. 290 00:19:06,445 --> 00:19:08,685 And then the method name is, create. 291 00:19:08,685 --> 00:19:13,320 So, meaning that creation of these will be only allowed by. 292 00:19:13,320 --> 00:19:15,850 So, again, when it say select the role, 293 00:19:15,850 --> 00:19:18,260 then for the role, we'll say, other. 294 00:19:18,260 --> 00:19:20,530 And then the role name would be admin. 295 00:19:20,530 --> 00:19:24,663 So, what we're doing by this operation is that, 296 00:19:24,663 --> 00:19:32,755 we are saying that only an admin user can create new dishes or update existing dishes. 297 00:19:32,755 --> 00:19:38,535 So, this is a little bit close off, the remaining operations. 298 00:19:38,535 --> 00:19:45,669 So, let's do the same thing for leaders. 299 00:19:45,669 --> 00:19:48,880 And A single method and then, 300 00:19:48,880 --> 00:19:53,821 the create and we will say, 301 00:19:53,821 --> 00:19:58,320 only the admin can do this. 302 00:19:58,320 --> 00:20:04,330 And then finally, also for promotions. 303 00:20:04,330 --> 00:20:05,919 For promotions. 304 00:20:05,919 --> 00:20:10,210 The single method, the create method will be allowed 305 00:20:10,210 --> 00:20:15,415 only by users that have the designated role as an admin. 306 00:20:15,415 --> 00:20:20,340 We'll see how we will create users with a specific role in the next step. 307 00:20:20,340 --> 00:20:22,398 Explicitly grant access. 308 00:20:22,398 --> 00:20:26,995 Now notice that I have not closed off customers for create operations. 309 00:20:26,995 --> 00:20:28,305 If I close off customers, 310 00:20:28,305 --> 00:20:31,383 nobody will be able to register into the system. 311 00:20:31,383 --> 00:20:33,220 So, that's why I will leave that open. 312 00:20:33,220 --> 00:20:37,170 Because, customer should be able to register into the system. 313 00:20:37,170 --> 00:20:41,364 So, you can sign up for new accounts on the system. 314 00:20:41,364 --> 00:20:42,420 User accounts on the system. 315 00:20:42,420 --> 00:20:45,585 So, that will be left open for people to do. 316 00:20:45,585 --> 00:20:50,800 So, to allow that for the customers, we'll say, customers, 317 00:20:50,800 --> 00:20:59,880 A single method, create all users. 318 00:20:59,880 --> 00:21:03,450 So, customers can be created by all users because that will 319 00:21:03,450 --> 00:21:07,125 allow people to sign in to their account. 320 00:21:07,125 --> 00:21:11,820 Finally, we will see how we can configure our server to start up 321 00:21:11,820 --> 00:21:17,590 with a single admin user automatic configured into our Loopback server. 322 00:21:17,590 --> 00:21:19,300 So, to do that, 323 00:21:19,300 --> 00:21:20,820 in our Loopback server, 324 00:21:20,820 --> 00:21:25,015 in the server folder we have this boot subfolder here. 325 00:21:25,015 --> 00:21:28,380 Whatever code that we put in the boot subfolder, 326 00:21:28,380 --> 00:21:33,385 will be executed at the startup of our LoopBack server. 327 00:21:33,385 --> 00:21:37,253 So, in here, you'll see that we already have this authentication.js, 328 00:21:37,253 --> 00:21:38,490 which is already set up, 329 00:21:38,490 --> 00:21:42,255 a Loopback which will set up the user authentication for us. 330 00:21:42,255 --> 00:21:44,790 And then we have the root.js which will set up 331 00:21:44,790 --> 00:21:49,650 some additional information for our RAM Loopback server. 332 00:21:49,650 --> 00:21:52,920 And we can add in additional files here. 333 00:21:52,920 --> 00:21:55,696 So, I'm going to go in there into the boot folder, 334 00:21:55,696 --> 00:22:01,111 and then add in this file called, script.js. 335 00:22:01,111 --> 00:22:03,259 And in this script.js, 336 00:22:03,259 --> 00:22:07,610 I'm going to set up the code to create an admin user by default. 337 00:22:07,610 --> 00:22:08,785 So, in the script.js, 338 00:22:08,785 --> 00:22:12,335 which will be nothing but a file-based NPM module so, 339 00:22:12,335 --> 00:22:13,995 we'll start up by saying, 340 00:22:13,995 --> 00:22:21,050 module.exports = function (app). 341 00:22:21,050 --> 00:22:23,355 The app is the Loopback app, 342 00:22:23,355 --> 00:22:28,185 which will be supplied as a parameter to this function for us. 343 00:22:28,185 --> 00:22:32,072 And so, we can make use of it within our code here. 344 00:22:32,072 --> 00:22:39,585 So, in here, we'll first set up a admin user. 345 00:22:39,585 --> 00:22:41,003 So, to do that, we'll say, 346 00:22:41,003 --> 00:22:51,840 var Customer = app.models.Customer. 347 00:22:51,840 --> 00:22:56,580 So, this gives us access to the customer model. 348 00:22:56,580 --> 00:23:03,321 Then we'll say, customers.findOne. 349 00:23:03,321 --> 00:23:08,820 So, we'll first check to see if a user with 350 00:23:08,820 --> 00:23:16,920 the username as admin is already configured in the system or not. 351 00:23:16,920 --> 00:23:20,585 If not, then I'm going to create an admin user. 352 00:23:20,585 --> 00:23:30,230 And this supplies me with a callback function with two parameters, err and users. 353 00:23:30,230 --> 00:23:34,470 And inside this- So we'll first try to 354 00:23:34,470 --> 00:23:39,195 see if a user with their name admin already exists. 355 00:23:39,195 --> 00:23:40,800 If the user does not exist, 356 00:23:40,800 --> 00:23:42,453 then we will create the user. 357 00:23:42,453 --> 00:23:43,800 So, to create the user, 358 00:23:43,800 --> 00:23:49,326 we'll say here, if not users. 359 00:23:49,326 --> 00:23:55,830 So, if the users is not null or if the user says null, 360 00:23:55,830 --> 00:24:02,305 then that means that there is no admin user so I need to create an admin user here. 361 00:24:02,305 --> 00:24:09,330 So in this case, we'll say, customer.create. 362 00:24:09,330 --> 00:24:19,835 And this create takes an array of objects if you want to. 363 00:24:19,835 --> 00:24:30,235 And this array of objects will allow us to specify which user accounts we want to create. 364 00:24:30,235 --> 00:24:33,575 So the first user account that I want to create or 365 00:24:33,575 --> 00:24:38,678 the only user account that I want to create is the 'Admin'. 366 00:24:38,678 --> 00:24:41,845 So this will be the default administrator for 367 00:24:41,845 --> 00:24:47,447 my loopback server and then I can configure the email. 368 00:24:47,447 --> 00:24:56,850 So recall that the user model supports these properties, 369 00:24:56,850 --> 00:25:02,380 confusion.net and then password 370 00:25:02,380 --> 00:25:07,253 I will configure as password. 371 00:25:07,253 --> 00:25:09,790 You can also supply along with this, 372 00:25:09,790 --> 00:25:11,560 the first name and the last name, 373 00:25:11,560 --> 00:25:14,345 if you want, for the admin user. 374 00:25:14,345 --> 00:25:16,975 But I'm going to leave it as such, 375 00:25:16,975 --> 00:25:20,640 as empty because those are not required for the admin user. 376 00:25:20,640 --> 00:25:22,270 So I'm going to leave it there. 377 00:25:22,270 --> 00:25:28,765 So this command will end up creating a new customer with the name 'Admin'. 378 00:25:28,765 --> 00:25:34,480 So if this user or the name "Admin" doesn't exist, 379 00:25:34,480 --> 00:25:36,194 then we're going to create one. 380 00:25:36,194 --> 00:25:43,800 And then in here we have the callback function. 381 00:25:45,150 --> 00:25:54,240 So err users. 382 00:25:54,240 --> 00:25:57,965 Now I will say, 383 00:25:57,965 --> 00:26:06,850 if err, we don't know what it's trying to do so we'll just simply throw the err. 384 00:26:06,850 --> 00:26:12,210 But normally we won't expect this to happen. 385 00:26:12,210 --> 00:26:17,650 So now, how do you designate this user as an administrative user? 386 00:26:17,650 --> 00:26:19,290 So right now when I sign up here, 387 00:26:19,290 --> 00:26:21,305 I'm just signing up a normal user here, 388 00:26:21,305 --> 00:26:24,270 but we want to give a special role to this user. 389 00:26:24,270 --> 00:26:30,775 So that is where loopback supports a way of specifying roles for users. 390 00:26:30,775 --> 00:26:32,775 So to specify a role, 391 00:26:32,775 --> 00:26:39,609 we'll var Role = app.models.Role. 392 00:26:39,609 --> 00:26:42,490 So this will allow me to create a role, 393 00:26:42,490 --> 00:26:44,670 a new role call admin here. 394 00:26:44,670 --> 00:26:48,600 So we can assign different drones to different users if you want. 395 00:26:48,600 --> 00:26:50,365 And to together with this, 396 00:26:50,365 --> 00:26:55,394 I also need to create a RoleMapapping here. 397 00:26:55,394 --> 00:27:05,519 So we'll say, app.models.RoleMapping. 398 00:27:05,519 --> 00:27:12,045 And if it so happens that the database already contains 399 00:27:12,045 --> 00:27:18,821 any RoleMapping that already exists, 400 00:27:18,821 --> 00:27:25,290 then I'm going to destroy all those when I start my server. 401 00:27:25,290 --> 00:27:35,650 And then let me try to find 402 00:27:36,120 --> 00:27:40,550 to see if a role with 403 00:27:40,550 --> 00:27:46,130 that name admin already 404 00:27:46,130 --> 00:27:53,180 exists in the system. 405 00:27:53,180 --> 00:27:54,885 Okay. 406 00:27:54,885 --> 00:27:56,420 And in this takes, 407 00:27:56,420 --> 00:27:57,560 as you would expect, 408 00:27:57,560 --> 00:28:06,795 a callback function and inside here we'll say, Role.findOne. 409 00:28:06,795 --> 00:28:10,530 So if a role with the name admin already exist, 410 00:28:10,530 --> 00:28:11,927 then I don't need to create one. 411 00:28:11,927 --> 00:28:18,710 Otherwise, if that doesn't exist, 412 00:28:18,710 --> 00:28:20,427 then I need to create the role. 413 00:28:20,427 --> 00:28:29,540 So we'll say, Role.create. 414 00:28:29,540 --> 00:28:34,950 So we'll create admin role here. 415 00:28:34,950 --> 00:28:45,230 And then this takes us to parameters err, 416 00:28:45,230 --> 00:28:52,523 role here, in the callback function. 417 00:28:52,523 --> 00:28:56,215 Now again, here to handle the err, 418 00:28:56,215 --> 00:29:03,749 we'll just copy this 'if err' and then paste it there. 419 00:29:03,749 --> 00:29:06,685 Similarly here also, if the err occurs, 420 00:29:06,685 --> 00:29:09,415 then I need to handle that. 421 00:29:09,415 --> 00:29:12,820 So 'if err' then 'throw the err'. 422 00:29:12,820 --> 00:29:21,787 Otherwise, we have created the role. 423 00:29:21,787 --> 00:29:28,625 So now I need to map this role to this particular user that I have just create. 424 00:29:28,625 --> 00:29:31,658 This user that I have just created up here. 425 00:29:31,658 --> 00:29:36,660 This user. I want to give this user that role of the admin. 426 00:29:36,660 --> 00:29:39,140 So since I've created this role by the name admin, 427 00:29:39,140 --> 00:29:47,167 so we'll say, role.principals.create. 428 00:29:47,167 --> 00:29:56,954 So this is how you create a mapping between the role and a particular user here. 429 00:29:56,954 --> 00:29:59,370 So we'll say, role.principals.create. 430 00:29:59,370 --> 00:30:01,735 So this is the syntax there. 431 00:30:01,735 --> 00:30:17,320 We'll say, principalType: RoleMapping.USER 432 00:30:17,320 --> 00:30:25,330 here and you'll take 433 00:30:25,330 --> 00:30:32,385 a principal id here which is the users. 434 00:30:32,385 --> 00:30:36,320 Now what does this user refer to? 435 00:30:36,320 --> 00:30:40,418 This users refers to this that just came in. 436 00:30:40,418 --> 00:30:43,520 So when we created this users, 437 00:30:43,520 --> 00:30:49,335 then customer must create a successful return to us here. 438 00:30:49,335 --> 00:30:51,905 So that is what I'm going to be using here. 439 00:30:51,905 --> 00:30:53,240 We'll say, users[0]. 440 00:30:53,240 --> 00:30:58,430 So this would be an array of users that have been created and contain only one of them. 441 00:30:58,430 --> 00:31:01,748 So that's why I'm saying user[0]. 442 00:31:01,748 --> 00:31:08,037 And then we'll assign ID of that user here. 443 00:31:08,037 --> 00:31:14,215 So this is how we'll create a RoleMapping between the role that we have just created, 444 00:31:14,215 --> 00:31:20,639 this role, and then map it to the customer that we have just created. 445 00:31:20,639 --> 00:31:29,315 Now this also takes us to parameters, the callback function. 446 00:31:29,315 --> 00:31:33,735 And in this callback function we'll just simply say, 447 00:31:33,735 --> 00:31:35,950 if (err) throw (err). 448 00:31:35,950 --> 00:31:41,825 Otherwise we are not really keen on knowing what else has happened there. 449 00:31:41,825 --> 00:31:44,055 That's it. So this is how. 450 00:31:44,055 --> 00:31:46,870 So if the role named admin doesn't exist, 451 00:31:46,870 --> 00:31:48,819 we'll create that role. 452 00:31:48,819 --> 00:31:53,785 If not- So this is the 'else' 453 00:31:53,785 --> 00:32:01,170 part where I will still need to do this mapping. 454 00:32:01,170 --> 00:32:08,140 So let me copy that code and then I will do exactly that here. 455 00:32:08,140 --> 00:32:15,834 So role.principals.create and then map this for the user there. 456 00:32:15,834 --> 00:32:17,980 So if the admin role already exists, 457 00:32:17,980 --> 00:32:20,730 then all that they need to do is do the mapping. 458 00:32:20,730 --> 00:32:28,420 So this will be stored in the RoleMapping model in our database. That is it. 459 00:32:28,420 --> 00:32:34,520 So this piece of code that we put into the script.js file will first try to 460 00:32:34,520 --> 00:32:41,765 find if an admin user exists and that user is identified by the name admin. 461 00:32:41,765 --> 00:32:50,210 If not, then the user will be created and also then will create the role for the user. 462 00:32:50,210 --> 00:32:52,065 We'll create a role named admin. 463 00:32:52,065 --> 00:32:53,865 If that role exists, 464 00:32:53,865 --> 00:32:54,950 then we'll just use that. 465 00:32:54,950 --> 00:32:56,705 Otherwise we'll create the role. 466 00:32:56,705 --> 00:33:01,485 And then after that we will create this mapping between the role and the user. 467 00:33:01,485 --> 00:33:03,940 So loopback allows us to do the RoleMapping. 468 00:33:03,940 --> 00:33:07,310 So saying this user is not to this role. 469 00:33:07,310 --> 00:33:10,395 So this mapping is done by using this statement. 470 00:33:10,395 --> 00:33:14,010 So that completes the setup of our servers. 471 00:33:14,010 --> 00:33:18,305 So that an admin user will be created and that admin user will 472 00:33:18,305 --> 00:33:24,155 automatically get the role of the admin as configured here. 473 00:33:24,155 --> 00:33:27,675 That's it. Let's save the changes to script.js. 474 00:33:27,675 --> 00:33:32,015 And now our loopback servers should be all ready. 475 00:33:32,015 --> 00:33:38,840 So we'll now go and start our go back server and then check what we can do with this. 476 00:33:38,840 --> 00:33:41,085 Going to the terminals, 477 00:33:41,085 --> 00:33:43,060 let's start the loopback server. 478 00:33:43,060 --> 00:33:49,428 So we'll say, npm start and then our server should be up and running. 479 00:33:49,428 --> 00:33:53,220 Let's go to the Explorer and then browse the information there. 480 00:33:53,220 --> 00:33:55,890 And this loopback server will have automatically 481 00:33:55,890 --> 00:33:59,535 connected to my MongoDP because I have set up the connection. 482 00:33:59,535 --> 00:34:03,415 Going to my browser, 483 00:34:03,415 --> 00:34:05,610 let me reload this. 484 00:34:05,610 --> 00:34:07,879 And when I reload this, 485 00:34:07,879 --> 00:34:12,450 now you'll see that we have a new customer that has been created here. 486 00:34:12,450 --> 00:34:14,705 The user already existed earlier. 487 00:34:14,705 --> 00:34:17,840 The dishes, leaders, and promotions are all there. 488 00:34:17,840 --> 00:34:20,325 Let's perform a get on the dishes. 489 00:34:20,325 --> 00:34:23,250 Now that this is connected to the mouth MongoDB, 490 00:34:23,250 --> 00:34:26,845 my MongoDB already have some dishes in there. 491 00:34:26,845 --> 00:34:28,235 If your MongoDB is empty, 492 00:34:28,235 --> 00:34:31,821 you can post some dishes using the post here. 493 00:34:31,821 --> 00:34:33,995 So let's try it out. 494 00:34:33,995 --> 00:34:38,040 When I do a get operation on the slash dishes, 495 00:34:38,040 --> 00:34:42,945 you'll see that in the response body- 496 00:34:42,945 --> 00:34:48,090 All the dishes that exist in my database have all been fetched. 497 00:34:48,090 --> 00:34:52,995 Similarly, I can do a GET on 498 00:34:52,995 --> 00:35:01,900 promotions and I should see the promotion that already exists in my database there. 499 00:35:01,900 --> 00:35:04,845 So, you can see that the promotion already exists there. 500 00:35:04,845 --> 00:35:09,978 So, that shows us how we can fetch information. 501 00:35:09,978 --> 00:35:12,485 Now, let's try to post a new dish. 502 00:35:12,485 --> 00:35:14,185 So, to post a new dish, 503 00:35:14,185 --> 00:35:16,675 we go to the POST here. 504 00:35:16,675 --> 00:35:18,715 Let me just copy this. 505 00:35:18,715 --> 00:35:20,035 Obviously, at this moment, 506 00:35:20,035 --> 00:35:22,080 because since I'm not a logged in, 507 00:35:22,080 --> 00:35:26,180 I will not be allowed to post the dish so, 508 00:35:26,180 --> 00:35:31,615 but I will demonstrate that to you are just copy and paste this information here, 509 00:35:31,615 --> 00:35:34,120 and we'll try to post that dish, 510 00:35:34,120 --> 00:35:36,010 and then when I try to post the dish, 511 00:35:36,010 --> 00:35:40,660 my server immediately replies with this error saying, AUTHORIZATION_REQUIRED. 512 00:35:40,660 --> 00:35:42,790 You are not authorized to do this operation. 513 00:35:42,790 --> 00:35:46,146 So, that's why you are not authorized to do this operation. 514 00:35:46,146 --> 00:35:48,505 Now, how do you authorize yourself? 515 00:35:48,505 --> 00:35:50,315 So, to authorize yourself, 516 00:35:50,315 --> 00:35:58,450 now recall that we have already created one user with the name admin, 517 00:35:58,450 --> 00:36:05,240 and this admin user already exists as a customer here. 518 00:36:05,240 --> 00:36:11,495 So, going into the customer's REST API endpoints, 519 00:36:11,495 --> 00:36:12,835 if you scroll down, 520 00:36:12,835 --> 00:36:16,925 down below here, you'll see this customer's log in. 521 00:36:16,925 --> 00:36:20,220 So, when you do a POST on the customer's log in. 522 00:36:20,220 --> 00:36:22,430 So, for the customer's log in, 523 00:36:22,430 --> 00:36:26,273 you scroll up here and then here it asks for the credentials. 524 00:36:26,273 --> 00:36:27,540 So, in the credentials, 525 00:36:27,540 --> 00:36:35,190 we can type in username in double quotes, and we'll say, 526 00:36:35,190 --> 00:36:40,570 Admin, and then password, 527 00:36:40,570 --> 00:36:48,665 we'll say, password, and then we'll post this. 528 00:36:48,665 --> 00:36:50,450 And then when you post it, 529 00:36:50,450 --> 00:36:54,365 you will notice that in the reply, 530 00:36:54,365 --> 00:36:57,764 LoopBack will send me back this information. 531 00:36:57,764 --> 00:36:59,660 Now, within this information, 532 00:36:59,660 --> 00:37:06,725 this particular id that it sends back is the accessToken for my LoopBack server. 533 00:37:06,725 --> 00:37:09,835 So, I can just copy this accessToken here, 534 00:37:09,835 --> 00:37:13,575 and then right at the top here, 535 00:37:13,575 --> 00:37:17,735 you can see that this is Token Not Set, here. 536 00:37:17,735 --> 00:37:19,660 It says Token Not Set. 537 00:37:19,660 --> 00:37:22,415 And here you can type in this accessToken, 538 00:37:22,415 --> 00:37:24,605 and then say, Set Access Token. 539 00:37:24,605 --> 00:37:27,245 And then your accessToken will be set, 540 00:37:27,245 --> 00:37:33,525 and then all subsequent operations that you perform will automatically carry 541 00:37:33,525 --> 00:37:39,750 this accessToken in the header of my request message. 542 00:37:39,750 --> 00:37:45,350 So, that way, now my admin will be allowed to do posts of items there. 543 00:37:45,350 --> 00:37:47,480 So, now that I have logged in as an admin, 544 00:37:47,480 --> 00:37:49,135 let me go to promotions, 545 00:37:49,135 --> 00:37:51,171 and then I'll post one promotion there, 546 00:37:51,171 --> 00:37:57,098 and show you that I can actually post promotions. 547 00:37:57,098 --> 00:38:00,885 So, let's go to a POST, 548 00:38:00,885 --> 00:38:07,250 and then we'll just copy this, and then in the data, 549 00:38:07,250 --> 00:38:13,855 and then for the name we'll say, Test promotion, 550 00:38:13,855 --> 00:38:24,500 and image we'll just leave it as such, description, Test Description. 551 00:38:30,990 --> 00:38:34,665 And I can post it in there, 552 00:38:34,665 --> 00:38:38,180 and you will see 553 00:38:41,740 --> 00:38:48,265 that I should not be including this id in here because I've 554 00:38:48,265 --> 00:38:53,710 let LoopBack automatically assign the id to it. 555 00:38:53,710 --> 00:38:58,325 Let me post this and then you would see that in the response body, 556 00:38:58,325 --> 00:39:01,293 the test promotion has been posted in here. 557 00:39:01,293 --> 00:39:04,615 And I just noticed that I haven't included 558 00:39:04,615 --> 00:39:11,130 the featured flag for my promotions and my leaders. 559 00:39:11,130 --> 00:39:16,180 So, I am going to go in and include the featured flag as 560 00:39:16,180 --> 00:39:21,930 one of the parts of my promotions there. 561 00:39:21,930 --> 00:39:26,845 So, now when I do a GET for the promotions, 562 00:39:26,845 --> 00:39:29,875 you will see that in that reply message, 563 00:39:29,875 --> 00:39:34,795 you will see the old promotion that was already in my database 564 00:39:34,795 --> 00:39:40,395 and then the new promotion that I've just posted to my database already included in here. 565 00:39:40,395 --> 00:39:44,395 So, I just noticed that I need to set the featured flag, 566 00:39:44,395 --> 00:39:46,695 I'll show you how to do that in a. 567 00:39:46,695 --> 00:39:54,100 So, that sort of demonstrates to you how you can log in and explore your LoopBack server. 568 00:39:54,100 --> 00:39:55,420 Let me destroy this token, 569 00:39:55,420 --> 00:39:58,010 so we'll just remove the token, 570 00:39:58,010 --> 00:39:59,555 and then click on that 571 00:39:59,555 --> 00:40:02,440 so that will essentially send the access token to an 572 00:40:02,440 --> 00:40:05,560 empty string and so my token will no longer process, 573 00:40:05,560 --> 00:40:07,880 so now my user is no longer logged in. 574 00:40:07,880 --> 00:40:11,148 Let me create a new customer. 575 00:40:11,148 --> 00:40:16,290 So, to create a new customer I'll say, POST customers. 576 00:40:16,290 --> 00:40:20,780 And then I'll just copy this from here. 577 00:40:20,780 --> 00:40:24,175 I'll create myself a new account here. 578 00:40:24,175 --> 00:40:26,160 And so, in here, 579 00:40:26,160 --> 00:40:28,620 I'll remove the realm, 580 00:40:28,620 --> 00:40:32,186 I don't need that, I don't need the id. 581 00:40:32,186 --> 00:40:36,070 So, for the first name 582 00:40:39,750 --> 00:40:46,610 and the emailVerified should automatically be set by the system. 583 00:40:46,610 --> 00:40:49,430 So, let me sign in as this user. 584 00:40:49,430 --> 00:40:52,370 So, I'm just going to submit my first name, last name, 585 00:40:52,370 --> 00:40:54,440 and the image currently, 586 00:40:54,440 --> 00:40:59,745 I will just set an empty string there, username and email. 587 00:40:59,745 --> 00:41:01,835 And then we'll try it out, 588 00:41:01,835 --> 00:41:05,060 and then it comes back saying, 589 00:41:05,060 --> 00:41:08,820 Details: 'password' can't be blank. 590 00:41:08,820 --> 00:41:11,285 So, you'll notice that in here, 591 00:41:11,285 --> 00:41:16,900 I should also include along with the username, 592 00:41:17,040 --> 00:41:27,834 password and then, let's post this. 593 00:41:27,834 --> 00:41:30,890 So, when you post it, it comes back with 594 00:41:30,890 --> 00:41:35,535 the Response Body saying that you are now part of the system. 595 00:41:35,535 --> 00:41:37,160 So, your first name, 596 00:41:37,160 --> 00:41:40,280 your last name, and your username, your email id, 597 00:41:40,280 --> 00:41:45,706 and the id that LoopBack assigns to you is sent back to you. 598 00:41:45,706 --> 00:41:52,777 So, this is nothing but the MongoDB id as you can see here. 599 00:41:52,777 --> 00:41:56,150 So, now that I have signed up as a customer, 600 00:41:56,150 --> 00:41:58,425 I should be able to log in as the customer, 601 00:41:58,425 --> 00:42:01,775 so that I'll go to the POST log in here, 602 00:42:01,775 --> 00:42:04,250 and then here instead of the admin, 603 00:42:04,250 --> 00:42:11,710 I'm going to log in as the new user that I have signed in. 604 00:42:11,710 --> 00:42:14,130 So, then I click on to Try it out, 605 00:42:14,130 --> 00:42:17,405 you'll see that it returns with the id, 606 00:42:17,405 --> 00:42:22,910 so it gives me the token for this admin user here. 607 00:42:22,910 --> 00:42:30,080 So, with this we have completed examining the LoopBack server that we have just created. 608 00:42:30,080 --> 00:42:31,340 And as I just mentioned, 609 00:42:31,340 --> 00:42:36,935 I noticed that the promotions and the leaders doesn't have featured flag so, 610 00:42:36,935 --> 00:42:40,930 I'm going to go into the code. 611 00:42:40,930 --> 00:42:43,400 So, suppose you forget something like this, 612 00:42:43,400 --> 00:42:47,305 then you can simply go in and edit the Json code if you wish to. 613 00:42:47,305 --> 00:42:50,540 So, I'm going to go into my code, 614 00:42:50,540 --> 00:42:52,040 going to the code, 615 00:42:52,040 --> 00:42:56,635 I'm going to first go into commons and then I'll go into the dishes.json. 616 00:42:56,635 --> 00:42:59,750 And then in the dishes.json, 617 00:42:59,750 --> 00:43:05,320 I see this featured property there. 618 00:43:05,320 --> 00:43:07,480 I'm going to copy this featured property, 619 00:43:07,480 --> 00:43:09,040 and then I'll go into leaders.json, 620 00:43:09,040 --> 00:43:15,151 and then I'll paste that feature property to a leaders.json, 621 00:43:15,151 --> 00:43:17,750 and also with promotions.json. 622 00:43:17,750 --> 00:43:22,955 I forgot to include this when I created those models. 623 00:43:22,955 --> 00:43:27,180 I should have done this when I was creating the model itself so, 624 00:43:27,180 --> 00:43:29,960 if you forget something like that, 625 00:43:29,960 --> 00:43:33,370 then this is another way of editing your model 626 00:43:33,370 --> 00:43:38,070 and then making sure that your model is set up correctly. 627 00:43:38,070 --> 00:43:40,130 So, that's it. 628 00:43:40,130 --> 00:43:48,575 So, now my promotions and leaders will also have the featured flag set in there. 629 00:43:48,575 --> 00:43:52,675 With this, we complete this exercise. 630 00:43:52,675 --> 00:43:56,525 In this exercise, we have seen how we can set up 631 00:43:56,525 --> 00:44:03,555 a new model by extending a base model class that is already in LoopBack. 632 00:44:03,555 --> 00:44:07,250 We also saw how we could set up access controls using 633 00:44:07,250 --> 00:44:11,540 the access control lists that is supported by LoopBack. 634 00:44:11,540 --> 00:44:13,970 With this, we complete this exercise. 635 00:44:13,970 --> 00:44:16,835 This is a good time for you to do a get covered with 636 00:44:16,835 --> 00:44:22,450 the message LoopBack data sources and access control.