Loopback $owner doesn't works for findById - McMap

About

Loopback $owner doesn't works for findById

Asked 22/11, 2017 at 8:25 Answered 5/2, 2019 at 10:4

node.js acl relation loopback apiconnect

S

1

7

I would like to get some informations about my user with loopback. For that I created a "user" model related with "accessToken" model until now a POST on /user, a POST on /user/login and a POST on /user/logout is working.

I added on /common/models/user.json

{
  "name": "user",
  "base": "User",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {},
  "validations": [],
  "relations": {
    "accessTokens": {
      "type": "hasMany",
      "model": "accessToken",
      "foreignKey": "userId"
    }
  },
  "acls": [
    {
      "accessType": "EXECUTE",
      "principalType": "ROLE",
      "principalId": "$authenticated",
      "permission": "ALLOW",
      "property": "logout"
    },
    {
      "accessType": "EXECUTE",
      "principalType": "ROLE",
      "principalId": "$owner",
      "permission": "ALLOW",
      "property": "findById"
    }
  ],
  "methods": {}
}

And when I do a GET on /user/{id} I got :

{
  "error": {
    "statusCode": 401,
    "name": "Error",
    "message": "Autorisation requise",
    "code": "AUTHORIZATION_REQUIRED",
    "stack": "Error: Autorisation requise\n    at..."
  }
}

I guess I didn't understand acl/relation very well

Stern answered 22/11, 2017 at 8:25 Comment(3)

Can you check your model-config.json to make sure, that the built-in User model isn't public? It's possible that you are routing to it instead of your custom user model. Also findById maps to READ accessType – Hartfield 22/11, 2017 at 10:2

can u please change "accessType": "EXECUTE" to "accessType": "*" and than check. – Shipwreck 23/11, 2017 at 7:0

Do you have token authorization enabled in your loopback application? If yes, you should provide access token with your /user/{id} request. – Bursitis 29/12, 2017 at 15:32

S

0

This could be because you are only allowing $owner to findById:

To qualify a $owner, the target model needs to have a belongsTo relation to the User model (or a model that extends User) and property matching the foreign key of the target model instance. The check for $owner is performed only for a remote method that has ‘:id’ on the path, for example, GET /api/users/:id.

Make sure the accessToken you are providing is the owner of the id of the user you are looking for.
If you are not sure, try to replace: "principalId": "$owner" with "principalId": "$authenticated", then you'll know if that's your problem.

Saturant answered 5/2, 2019 at 10:4 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.