Here’s a quick example of how you’d do this. This example uses Angular $resource to make a REST API call to the todo table…but pick your framework of choice. The key thing to do is pass the logged in user id into the REST call as a filter that fetches only those “to do” records belonging to the current logged in user.
On the backend in DreamFactory you can also specify record-level security so that only logged in users can perform CRUD on his or her own records (for example, this prevents me from authenticating, getting a session token, and then blowing away your records from the command line by guessing your user id and making REST calls).
First, write a little Angular service.
// In your services.js file create some simple services. Here's a service to fetch to do's by user id
var baseUrl = 'https://dsp-todo.cloud.dreamfactory.com';
var appName = 'todo';
angular.module('toDo.services', ['ngResource'])
.service('GetUserToDosService', ['$resource', function ($resource) {
return $resource(baseUrl + '/rest/db/todo',
{ appName: appName, fields: '@fields', filter: '@filter' },
{ query: { method: 'GET' , isArray: false }
});
}]);
Now inject this service into a controller. To make things easier I’m also injecting the UserDataService from our User Management Module for Angular. This makes it easy to fetch the logged in user’s id. You can also write your own method to get the id of the logged in user.
.controller('UserToDosCtrl', ['$scope', '$location', 'UserDataService', 'GetUserToDosService', function($scope, $location, UserDataService, GetUserToDosService) {
$scope.params = {
fields: 'owner' + ',' + 'id' + ',' + 'name' + ',' + 'complete',
filter: 'owner=' + UserDataService.getCurrentUser().id
};
$scope.todos = GetUserToDosService.query($scope.params);
}]);
Then write a simple view to iterate through the to do’s.
....
<tr ng-repeat="todo in todos.record">
<td>{{todo.owner}}</td>
<td>{{todo.name}}</td>
<td>{{todo.complete}}</td>
</tr>
....
Lastly, in the DreamFactory roles tab, you can lock down CRUD permissions on the todo table so only users can create, read, update, and delete their own to do’s. Create a role for users using the to do app, and grant PUT, POST, PUT, and DELETE permissions for the todo table. Also add an advanced filter, like so:
Field: owner
Operator: =
Value: {user.id}
Hope that helps with the basic idea.