I have a Client
model that inherits the built-in User
model. I have created a custom role admin
and defined two ACLs using that role for Client
model:
{
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"property": "find"
},
{
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"property": "findById"
}
I get a 401 when I try to GET
/api/Clients
Any thoughts of what could be happening? Any help is greatly appreciated.
Loopback 3.5v, MongoDB
User/Role/Mapping code:
Client.create({
username: '[email protected]',
email: '[email protected]',
password: 'admin123'
}).then(function(user) {
Role.create({
name: 'admin'
}, function(createRoleError, createRole) {
createRole.principals.create({
principalType: RoleMapping.USER,
principalId: user.id
});
});
});
MongoDB data:
> db.Client.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfc"), "username" : "[email protected]", "password" : "$2a$10$zQrgeFq.pFZNmJOPywE/8uY9PjurwfzyAHbBESgkTccx6pZnFrZR2", "email" : "[email protected]" }
> db.Role.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfd"), "name" : "admin", "created" : ISODate("2017-03-22T14:49:42.899Z"), "modified" : ISODate("2017-03-22T14:49:42.899Z") }
> db.RoleMapping.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfe"), "principalType" : "USER", "principalId" : "58d28f0690c08512b03c9dfc", "roleId" : ObjectId("58d28f0690c08512b03c9dfd") }
Loopback debug information:
loopback:security:role isInRole(): $everyone +1m
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +5ms
loopback:security:access-context principal: {"type":"USER","id":"58d28f0690c08512b03c9dfc"} +1ms
loopback:security:access-context modelName Client +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property find +1ms
loopback:security:access-context method find +0ms
loopback:security:access-context accessType READ +1ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "1od20VFnZNqW0i0PblSqpJpxDvpfJEBYeXi9AxM9twj5EqkH4xZ6ET7J9thHT982" +1m
loopback:security:access-context ttl 1209600 +1ms
loopback:security:access-context getUserId() 58d28f0690c08512b03c9dfc +0ms
loopback:security:access-context isAuthenticated() true +2ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): admin +1ms
loopback:security:access-context ---AccessContext--- +2ms
loopback:security:access-context principals: +0ms
loopback:security:access-context principal: {"type":"USER","id":"58d28f0690c08512b03c9dfc"} +2ms
loopback:security:access-context modelName Client +1ms
loopback:security:access-context modelId undefined +1ms
loopback:security:access-context property find +1ms
loopback:security:access-context method find +0ms
loopback:security:access-context accessType READ +1ms
loopback:security:access-context accessToken: +1ms
loopback:security:access-context id "1od20VFnZNqW0i0PblSqpJpxDvpfJEBYeXi9AxM9twj5EqkH4xZ6ET7J9thHT982" +4m
loopback:security:access-context ttl 1209600 +2ms
loopback:security:access-context getUserId() 58d28f0690c08512b03c9dfc +2ms
loopback:security:access-context isAuthenticated() true +1ms
loopback:security:role Role found: {"id":"58d28f0690c08512b03c9dfd","name":"admin","created":"2017-03-22T14:
:42.899Z","modified":"2017-03-22T14:49:42.899Z"} +3ms
loopback:security:role Role mapping found: null +22ms
loopback:security:role isInRole() returns: null +2ms
loopback:security:acl The following ACLs were searched: +2ms
loopback:security:acl ---ACL--- +2ms
loopback:security:acl model Client +1ms
loopback:security:acl property * +1ms
loopback:security:acl principalType ROLE +2ms
loopback:security:acl principalId $everyone +2ms
loopback:security:acl accessType * +1ms
loopback:security:acl permission DENY +2ms
loopback:security:acl with score: +1ms 7495
loopback:security:acl ---Resolved--- +2ms
loopback:security:access-context ---AccessRequest--- +2ms
loopback:security:access-context model Client +1ms
loopback:security:access-context property find +1ms
loopback:security:access-context accessType READ +2ms
loopback:security:access-context permission DENY +2ms
loopback:security:access-context isWildcard() false +1ms
loopback:security:access-context isAllowed() false +3ms
lb
which didn't setstrictObjectIDCoercion
for RoleMapping. github.com/strongloop/loopback/pull/3198 – Plovdiv