Reputation: 506
Accessing User methods from REST API
i defined a user model that inherits from the built-in User model of loopback and i defined a hasMany relation to another model.
The problem i am facing is that no matter what i do, when i am trying to access the relation from the rest api i am getting unauthorized error, even when i defined the following ACL to the user model:
json
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
Any idea?
How can I expose some methods of the user model that I would like to be accessible to user? On other model (which don't inherit from the User model) i don't face this problem.
Thanks
Upvotes: 0
Views: 406
Answers (1)
Reputation: 636
The relation injects a method into the object and thus it need access to execute that method. When you give it access to READ it only applies to the properties of that model and not to the methods which need EXECUTE permissions. Try this:
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "__get_relation"
}
Replace in the property param the "relation" with the actual relation name and "get" with the actual http method you want this ACL to give access to.
You can also debug the ACLs by starting you application like this:
$ DEBUG=loopback:security:acl slc run
Upvotes: 1
Related Questions
- How to get current user's data from loopback API?
- loopback ACL for user model
- How should I do if I am going to define a model called User in loopbackjs from an api-server application?
- How to access "current logged-in user" in remote methods?
- User infomation in Loopback
- Loopback - How to implement different type of users
- Method on Extended User Model
- Strongloop (loopback) class methods
- Get user access tokens and authenticate request
- Using Non-Rest Calls with Loopback (Strongloop)