科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - How to set up the ACL to allow everyone list all the Users from the REST API - Stack Overflow

    javascript - How to set up the ACL to allow everyone list all the Users from the REST API - Stack Overflow

    programmeradmin2浏览0评论

    Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:

    {
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "...."
  }
}

    I manually added the ACL to the model-config.json file:

    "User": {
    "dataSource": "db",
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ]
},

    Since that failed, I created a model based on the User built-in model:

    {
    "name": "Admin",
    "base": "User",
    "properties": {},
    "validations": [],
    "relations": {},
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ],
    "methods": []
}

    But in the REST API I still have the same issue:

    {
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

    I appreciate any help. =)

    Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:

    {
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "...."
  }
}

    I manually added the ACL to the model-config.json file:

    "User": {
    "dataSource": "db",
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ]
},

    Since that failed, I created a model based on the User built-in model:

    {
    "name": "Admin",
    "base": "User",
    "properties": {},
    "validations": [],
    "relations": {},
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ],
    "methods": []
}

    But in the REST API I still have the same issue:

    {
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

    I appreciate any help. =)

    • javascript
    • strongloop
    • loopbackjs
    Share Improve this question edited Sep 30, 2014 at 13:48 Deduplicator 45.7k7 gold badges72 silver badges123 bronze badges asked Aug 17, 2014 at 21:02 jpcapdevilajpcapdevila 2274 silver badges9 bronze badges 2
    • 2 You can run the app with DEBUG=loopback:security:* node . to get the debug information for the ACLs. That may help. – snathan Commented Aug 18, 2014 at 1:50
    • @snathan thanks for the debug tip! That helped me see what was happening, there was another ACL with higher score, so I put an individual entry for "accessType": "READ" instead of "accessType": "*", and that gave my ACL a higher score. – jpcapdevila Commented Aug 18, 2014 at 10:40
    Add a ment  | 

    2 Answers 2

    Reset to default 5

    1. We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.

    2. You can subclass the built-in User model in mon/user.json as you have illustrated.

      { "name": "user", "base": "User", "plural": "users" }

    Then you need to expose it to REST by adding an entry to server/model-config.json, such as:

    "user": {
    "dataSource": "db",
    "public": true
  },

    Seems loopback ppl allso hit that issue: https://github./strongloop/loopback-example-access-control/issues/8

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论