UNPKG

@loopback/docs

Version:

Documentation files rendered at [https://loopback.io](https://loopback.io)

github.com/loopbackio/loopback-next/tree/master/docs

loopbackio/loopback-next

153 lines (71 loc) 2.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
--- lang: en title: 'API docs: security.permission' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI sidebar: lb4_sidebar editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security permalink: /doc/en/lb4/apidocs.security.permission.html --- <!-- Do not edit this file. It is automatically generated by API Documenter. --> [Home](./index.md) &gt; [@loopback/security](./security.md) &gt; [Permission](./security.permission.md) ## Permission class `Permission` defines an action/access against a protected resource. It's the `what` for security. There are three levels of permissions - Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email) **Signature:** ```typescript export declare class Permission ``` ## Example - create a user (action: create, resource type: user) - read email of a user (action: read, resource property: user.email) - change email of a user (action: update, resource property: user.email) - cancel an order (action: delete, resource type: order) ## Properties <table><thead><tr><th> Property </th><th> Modifiers </th><th> Type </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [\[securityId\]](./security.permission._securityid_.md) </td><td markdown="1"> `readonly` </td><td markdown="1"> string </td><td markdown="1"> </td></tr> <tr><td markdown="1"> [action](./security.permission.action.md) </td><td markdown="1"> </td><td markdown="1"> string </td><td markdown="1"> Action or access of a protected resources, such as `read`<!-- -->, `create`<!-- -->, `update`<!-- -->, or `delete` </td></tr> <tr><td markdown="1"> [resourceId?](./security.permission.resourceid.md) </td><td markdown="1"> </td><td markdown="1"> string </td><td markdown="1"> _(Optional)_ Identity of a protected resource instance, such as `order-0001` or `customer-101` </td></tr> <tr><td markdown="1"> [resourceProperty?](./security.permission.resourceproperty.md) </td><td markdown="1"> </td><td markdown="1"> string </td><td markdown="1"> _(Optional)_ Property of a protected resource type/instance, such as `email` </td></tr> <tr><td markdown="1"> [resourceType](./security.permission.resourcetype.md) </td><td markdown="1"> </td><td markdown="1"> string </td><td markdown="1"> Type of protected resource, such as `Order` or `Customer` </td></tr> </tbody></table>