最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

javascript - How to set up the ACL to allow everyone list all the Users from the REST API - Stack Overflow

programmeradmin1浏览0评论

Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "...."
  }
}

I manually added the ACL to the model-config.json file:

"User": {
    "dataSource": "db",
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ]
},

Since that failed, I created a model based on the User built-in model:

{
    "name": "Admin",
    "base": "User",
    "properties": {},
    "validations": [],
    "relations": {},
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ],
    "methods": []
}

But in the REST API I still have the same issue:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

I appreciate any help. =)

Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "...."
  }
}

I manually added the ACL to the model-config.json file:

"User": {
    "dataSource": "db",
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ]
},

Since that failed, I created a model based on the User built-in model:

{
    "name": "Admin",
    "base": "User",
    "properties": {},
    "validations": [],
    "relations": {},
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ],
    "methods": []
}

But in the REST API I still have the same issue:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

I appreciate any help. =)

Share Improve this question edited Sep 30, 2014 at 13:48 Deduplicator 45.7k7 gold badges72 silver badges123 bronze badges asked Aug 17, 2014 at 21:02 jpcapdevilajpcapdevila 2274 silver badges9 bronze badges 2
  • 2 You can run the app with DEBUG=loopback:security:* node . to get the debug information for the ACLs. That may help. – snathan Commented Aug 18, 2014 at 1:50
  • @snathan thanks for the debug tip! That helped me see what was happening, there was another ACL with higher score, so I put an individual entry for "accessType": "READ" instead of "accessType": "*", and that gave my ACL a higher score. – jpcapdevila Commented Aug 18, 2014 at 10:40
Add a ment  | 

2 Answers 2

Reset to default 5
  1. We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.

  2. You can subclass the built-in User model in mon/user.json as you have illustrated.

    { "name": "user", "base": "User", "plural": "users" }

Then you need to expose it to REST by adding an entry to server/model-config.json, such as:

"user": {
    "dataSource": "db",
    "public": true
  },

Seems loopback ppl allso hit that issue: https://github./strongloop/loopback-example-access-control/issues/8

发布评论

评论列表(0)

  1. 暂无评论