CODEWITHSUNDEEP
node.jsloopbackjsstrongloop
user2757853
user2757853

Reputation: 341

In Strongloops' Loopback, How to deny access to all methods except one?

I have a model, which I want to have only one remote method, and I want to deny access to all other by default methods, and keep only remote one. DENY For all users /Countries and /Countries/* Allow For all users /Countries/status

Upvotes: 3

Views: 1422

Answers (3)

Ismael Di Vita
Ismael Di Vita

Reputation: 1836

You can use loopback-remote-routing

  1. npm install loopback-remote-routing --save

  2. Add the mixins in your model-config.json

    { "_meta": { "sources": [ "loopback/common/models", "loopback/server/models", "../common/models", "./models" ], "mixins": [ "loopback/common/mixins", "loopback/server/mixins", "../common/mixins", "./mixins", "../node_modules/loopback-remote-routing" ] } ... }

  3. Define the only or except rule in your common/models/mymodel.json

    { ... "acls": [], "methods": {}, "mixins": { "RemoteRouting" : { "only": [ "myMethod1", "myMethod2", ] } } }

Upvotes: 3

xangy
xangy

Reputation: 1205

Since you want to deny access to all the rest endpoints. You can go with loopback's acl model. Here's the hyperlink on how to use it: How to use access controls on loopback's rest endpoints

You basically deny access to all the rest endpoints, then explicitly grant access to one method i.e "status".

Else if you want to hide the rest endpoints, then @duffn's answer is good to go.

Upvotes: 0

duffn
duffn

Reputation: 3760

You can disable remote methods by calling disableRemoteMethod() on your model. 

module.exports = function (Country) {
  var isStatic = true;
  var isNotStatic = false;

  Country.disableRemoteMethod('deleteById', isStatic);
  Country.disableRemoteMethod('create', isStatic);
  Country.disableRemoteMethod('upsert', isStatic);
  Country.disableRemoteMethod('updateAll', isStatic);
  Country.disableRemoteMethod('findById', isStatic);
  Country.disableRemoteMethod('exists', isStatic);
  // Add any other methods you with to hide.
  // Use false for methods on the prototype object.
  Country.disableRemoteMethod('updateAttributes', isNotStatic);
};

https://docs.strongloop.com/display/public/LB/Exposing+models+over+REST#ExposingmodelsoverREST-HidingmethodsandRESTendpoints

Upvotes: 3

Related Questions