I'm looking for a clean and easy way to integrate loopback user authentication with my DB (mysql persistenModels).
I cannot change the database design since is already designed and contains data, furthermore, the people that are in charge don't want to change it even they know that it could be better.
Sorry for the drawing quality/errors but synthesizes the current structure on the database:
I would like to validate the strongloop User model with the User table on DB, then somehow store on the session/cookie/memory model the collection of table_id's that he owns, since many users can access to same table object.
Is not just a ACL to hide endpoints or give permissions to update/remove, because the DB is read only. The best approach that I have found is this one: Loopback - Implementing custom authentication
But it doesn't solve the issue about if the Tools endpoint is published, anyone who knows the tool_id could access the data since User/Tables/Tools are PersistenModels that get the data from the database.
Currently I have all the endpoints implemented of Tables,Tools and others sub levels (Tools Parts,etc) with model relations with foreignkeys,keyThroughs... without problems (doesn't take into account the user permissions)
I have almost no experience with strongloop because I have been using it since 3 days ago , but I have good background with node.js and angular.js
Any hint will be appreciated.