Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "...."
}
}
I manually added the ACL to the model-config.json file:
"User": {
"dataSource": "db",
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
]
},
Since that failed, I created a model based on the User built-in model:
{
"name": "Admin",
"base": "User",
"properties": {},
"validations": [],
"relations": {},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
],
"methods": []
}
But in the REST API I still have the same issue:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "....."
}
}
I appreciate any help. =)
Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "...."
}
}
I manually added the ACL to the model-config.json file:
"User": {
"dataSource": "db",
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
]
},
Since that failed, I created a model based on the User built-in model:
{
"name": "Admin",
"base": "User",
"properties": {},
"validations": [],
"relations": {},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
],
"methods": []
}
But in the REST API I still have the same issue:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "....."
}
}
I appreciate any help. =)
Share Improve this question edited Sep 30, 2014 at 13:48 Deduplicator 45.7k7 gold badges72 silver badges123 bronze badges asked Aug 17, 2014 at 21:02 jpcapdevilajpcapdevila 2274 silver badges9 bronze badges 2- 2 You can run the app with DEBUG=loopback:security:* node . to get the debug information for the ACLs. That may help. – snathan Commented Aug 18, 2014 at 1:50
- @snathan thanks for the debug tip! That helped me see what was happening, there was another ACL with higher score, so I put an individual entry for "accessType": "READ" instead of "accessType": "*", and that gave my ACL a higher score. – jpcapdevila Commented Aug 18, 2014 at 10:40
2 Answers
Reset to default 5We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.
You can subclass the built-in User model in mon/user.json as you have illustrated.
{ "name": "user", "base": "User", "plural": "users" }
Then you need to expose it to REST by adding an entry to server/model-config.json, such as:
"user": {
"dataSource": "db",
"public": true
},
Seems loopback ppl allso hit that issue: https://github./strongloop/loopback-example-access-control/issues/8