Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set up the ACL to allow everyone list all the Users from the REST API

Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "...."
  }
}

I manually added the ACL to the model-config.json file:

"User": {
    "dataSource": "db",
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ]
},

Since that failed, I created a model based on the User built-in model:

{
    "name": "Admin",
    "base": "User",
    "properties": {},
    "validations": [],
    "relations": {},
    "acls": [
        {
            "principalType": "ROLE",
            "principalId": "$everyone",
            "permission": "ALLOW",
            "accessType": "*"
        }
    ],
    "methods": []
}

But in the REST API I still have the same issue:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

I appreciate any help. =)

like image 754
jpcapdevila Avatar asked Aug 17 '14 21:08

jpcapdevila


1 Answers

  1. We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.

  2. You can subclass the built-in User model in common/user.json as you have illustrated.

    { "name": "user", "base": "User", "plural": "users" }

Then you need to expose it to REST by adding an entry to server/model-config.json, such as:

"user": {
    "dataSource": "db",
    "public": true
  },
like image 116
Raymond Feng Avatar answered Oct 18 '22 10:10

Raymond Feng