Reputation: 1368
admin Role within the loopback
I am having trouble setting up an admin Role within the loopback project with mongodb. I've set up a simple model, added acls, created a user and associated the user with the admin Role but I can't access the model through the API Explorer - it always comes back with "Authorization Required".
Here are the steps I took:
1) I added model test through slc:
slc loopback:model ? Enter the model name: test ? Select the data-source to attach test to: moti_db (mongodb) ? Select model's base class: PersistedModel ? Expose test via the REST API? Yes ? Custom plural form (used to build REST URL): Let's add some test properties now.
Enter an empty property name when done.
? Property name: name
? Property type: string
? Required? No
2) create user through Sign Up page: id = 1
3) create admin Role through API: id = 1
4) changed Role and RoleMapping to public=true so I could set them through the rest api
Here's the test data model:
{
"name": "test",
"base": "PersistedModel",
"idInjection": true,
"properties": {
"name": {
"type": "string"
}
},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
],
"methods": []
}
Here's the Role
{
"id": 1,
"name": "admin",
"created": "2015-05-22T19:45:23.887Z",
"modified": "2015-05-22T19:45:23.887Z"
}
Here's the RoleMapping:
{
"id": 1,
"principalType": "USER",
"principalId": "1",
"roleId": 1
}
Upvotes: 3
Views: 912
Answers (1)
Reputation: 3396
Did you set an Authorization Token at the top of the Explorer? You need to call User.login() with an email and password, then set the Auth Token to the returning auth ID value. Then this token is sent with all subsequent calls (as an authorization: header value and allows you to make calls that require auth.
Another helpful thing is to run the API with ACL debugging, you can do
DEBUG=loopback:security slc run
and it will show you how it determines access. Maybe the output will be helpful (paste it here). Otherwise it's just a guess as your code looks good and assuming you've previously logged in and are using a token.
Upvotes: 1
Related Questions
- Loopback ValidationError: The `Role` instance is not valid. Details: `name` already exists (value: "admin")
- Role in loopback not working properly getting error 401
- Multiple users roles loopback
- Loopback + mongoDB: Can't find extended user
- Admin user role in nodejs
- Unable to restrict admin permission on login to loopback using admin on rest
- Loopback 3. Custom roles not working
- Loopback error: Authorization Required
- Loopback 3 create user and assign a role
- use admin is not working in MongoDB