How to use Loopback ACL modify permissions on the user role

Question

I am trying to understand the loopback acl but failed, if I can use loopback acl control role authorization, what should I do?

When I get request

GET http://localhost:1337/api/Employees 401 (Unauthorized)
{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "Error: Authorization Required
  }
}

Here is an employee. The JSON configuration

{
  "name": "Employee",
  "base": "User",
  "properties": {
    "nickname": {
      "type": "string"
    }
  },
  "validations": [],
  "relations": {},
  "acls": [
    {
      "principalType": "ROLE",
      "principalId": "admin",
      "permission": "ALLOW",
      "accessType": "READ"
    }
  ],
  "methods": []
}

The following code is to add an employee

{
  "nickname": "",
  "realm": "",
  "username": "",
  "credentials": "object",
  "challenges": "object",
  "email": "",
  "emailVerified": false,
  "verificationToken": "",
  "status": "",
  "created": "",
  "lastUpdated": "",
  "id": 0
}

I don't know the inside of the loopback acls. How do I go to change To achieve access control effect?

Answer 1

To support a custom role like admin, you need to define the role and add your users to the role. Here is some code I use for an internal project:

// Admin users
var adminUsers = require('../config/users.json').admins;

app.models.role.findOrCreate({where: {name: 'admin'}}, {name: 'admin'},
  function (err, role) {
    if (err) {
      return console.error(err);
    }
    // role.principals() doesn't work here as the role.id might have a different
    // type than roleMapping.roleId
    app.models.roleMapping.find({where: {roleId: role.id.toString()}},
      function (err, principals) {
        if (err) {
          return console.error(err);
        }
        var mapping = {};
        principals.forEach(function (p) {
          if (p.principalType === 'USER') {
            mapping[p.principalId] = p;
          }
        });
        app.models.user.find({where: {email: {inq: adminUsers}}},
          function (err, users) {
            if (err) {
              return console.error(err);
            }
            if (users && users.length) {
              users.forEach(function (user) {
                if (mapping[user.id.toString()]) {
                  console.log('User %s (%s) found in role %s', user.username,
                    user.email, role.name);
                  return;
                }
                role.principals.create({principalType: 'USER', principalId: user.id},
                  function (err, mapping) {
                    if (err) {
                      return console.error(err);
                    }
                    console.log('User %s (%s) added to role %s', user.username,
                      user.email, role.name);
                  });
              });
            }
          });
      };
  });