Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Loopback ACL: Create a User with a Role

I struggling to decipher the documentation on creating a user with an acl role. I'd like to create 2 roles "admin" and "user" similar to what the documentation states. However, I cannot find the API documentation for Role.create. Nor does the given example make any sense to me. I'd then like to create a user via ONLY the REST API and then assign the user either admin or user roles. This seems simple but I'm scratching my head. Can someone provide some guidance on how to get started?

like image 555
hubbardr Avatar asked May 05 '14 00:05

hubbardr


People also ask

What is ACLs in LoopBack?

LoopBack uses access control lists (ACLs) to control who can access what data. See also: Accessing related models.

What is LoopBack access?

LoopBack applications access data through models, so controlling access to data means putting restrictions on models; that is, specifying who or what can read and write the data or execute methods on the models. LoopBack access controls are determined by access control lists or ACLs.


2 Answers

Ah found it. In the models.json, you have to make the role model public in order for it to be exposed as a Rest endpoint. Once defined and acl's configured, you should probably set it back to false.

...
"role": {
    "dataSource": "db",
    "public": true,
    "options": {
      "base": "Role",
      "relations": {
        "principals": {
          "type": "hasMany",
          "model": "roleMapping",
          "foreignKey": "roleId"
        }
      }
    }
  },
...
like image 28
hubbardr Avatar answered Oct 02 '22 17:10

hubbardr


I know this area of the docs needs some work, and I'm working to improve it as soon as possible. We're also going to clean up and improve the API docs.

The Role model inherits all of the CRUD methods from the base DataModel object: http://apidocs.strongloop.com/loopback/#datamodel-new-datamodel. So, for example, Role.create() is the same as DataModel.create()

The same is true for the REST API. The Role REST API is documented here: https://docs.strongloop.com/display/public/LB/Role+REST+API. You'll notice that each endpoint in this doc links to the "Model REST API" article which provides more detail.

-Rand

Technical Writer, StrongLoop

like image 57
RandM Avatar answered Oct 02 '22 19:10

RandM