user798719
Reputation: 9869
Strongloop/loopback: how to disable authentication for User model over REST?
I have typed in at the commandline: slc loopback:acl
and disabled all security for the User model.
Going into strongloop explorer, doing a simple GET Users request gives me a 401 authorization required error.
Any ideas how to open up the User object? Is this a known bug?
Thank you
Upvotes: 1
Views: 2669
Answers (2)
codejockie
Reputation: 10844
If you really want to disable the endpoints on the User model, you can do this.
Go to your model.config.json and add "public": false to the User field like so:
...
"User": {
"public": false,
"dataSource": "db"
},
...
Upvotes: 0
A.Z.
Reputation: 1648
You can extend your user model and set permissions for your custom model like this:
{
"name": "CustomUser",
"base": "User",
"idInjection": true,
"properties": {},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "ALLOW"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
}
],
"methods": []
}
However I would NEVER recommend you doing this.
Upvotes: 4
Related Questions
- Strongloop/loopback 4: how to disable authentication for Explorer component over REST?
- loopback ACL for user model
- Create new user on strongloop without inputting email
- Loopback ACL "Authorization Required"
- Loopback - Implementing custom authentication
- In Strongloops' Loopback, How to deny access to all methods except one?
- Loopback - How to implement different type of users
- Constantly getting 401 errors in loopback while using User Model
- can i change user model credentials in loopback?
- loopback protected routes/ensure login