Comments (6)
Not sure of your POST request, but this from the docs may help:
If a model has a DENY ALL permission (for example a built-in model such as the User model), but related models have no ACLs,the related models will still not be accessible through the User model. So, for example, even if the books modelβs default ACL is ALLOW $authenticated for GET /books, the route GET /user/{id}/books default will still be DENY AL
https://loopback.io/doc/en/lb3/Accessing-related-models.html
from loopback-example-access-control.
Here are some files
Advertisement.json
{
"name": "Advertisement",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"adType": {
"type": "string",
"required": true
},
"name": {
"type": "string",
"required": true
},
"expiry": {
"type": "number",
"required": false
}
},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "SuperAdmin",
"permission": "ALLOW"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW",
"property": ["create", "update", "insert", "deleteById"]
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "SuperAdmin",
"permission": "ALLOW",
"property": ["create", "update", "insert", "deleteById"]
}
],
"methods": {}
}
AppUser.json
{
"name": "AppUser",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"imageURL": {
"type": "String"
},
"isApproved": {
"type": "Boolean",
"required": true,
"default": false
},
"gender": {
"type": "String",
"required": true
}
},
"validations": [],
"relations": {
"bloodRequests": {
"type": "hasMany",
"model": "BloodRequest",
"foreignKey": "userId"
}
},
"acls": [
{
"accessType": "WRITE",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "SuperAdmin",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY",
"property": "create"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW",
"property": ["create", "update", "insert", "deleteById"]
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "SuperAdmin",
"permission": "ALLOW",
"property": ["create", "update", "insert", "deleteById"]
}
],
"methods": {}
}
Script.js
s.AppUser;
var Role = app.models.Role;
var RoleMapping = app.models.RoleMapping;
AppUser.create([
{ isApproved: false, gender: 'Male', username: 'John', email: '[email protected]', password: 'admin' },
{ isApproved: false, gender: 'Male', username: 'Jane', email: '[email protected]', password: 'superadmin' }
], function (err, AppUsers) {
if (err) throw err;
Role.create({
name: 'Admin'
}, function (err, role) {
if (err) throw err;
// Make 1st entry as an admin
role.principals.create({
principalType: RoleMapping.USER,
principalId: AppUsers[0].id
}, function (err, principal) {
if (err) throw err;
});
});
Role.create({
name: 'SuperAdmin'
}, function (err, role) {
if (err) throw err;
// Make 2nd entry as an admin
role.principals.create({
principalType: RoleMapping.USER,
principalId: AppUsers[1].id
}, function (err, principal) {
if (err) throw err;
});
});
});
from loopback-example-access-control.
Not sure What you're trying to say, could you please explain
from loopback-example-access-control.
Done! But the problem still persists. I found out that there was no relation between the roleMapping model and My AppUser model(base: User) due to which the principalId field in roleMapping model doesn't return an object just a string containing the ID of User. I've fixed it temporarily by assigning relations.
I hope it works π
Gonna keep this thread open if I get any further queries.
from loopback-example-access-control.
@Nygma297 could you please explain what you did here? I'm having this same issue and can't seem to resolve it. I created an admin
role, added a AppUser
extended from User
to it, and created an acl similar to yours to allow admins to access full api. The admin user is still being denied access however.
I also have a relation from AppUser
to Role
through RoleMapping
:
"relations": {
"roles": {
"type": "hasMany",
"model": "Role",
"foreignKey": "principalId",
"through": "RoleMapping"
}
}
Do I need to register a resolver for this static role? Any help would be appreciated.
from loopback-example-access-control.
This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS
file at the top-level of this repository.
from loopback-example-access-control.
Related Issues (20)
- User creation HOT 2
- User model present in model-config.json HOT 11
- info about executing "lb relation" is missing HOT 1
- ValidationError: The `user` instance is not valid. Details: `email` is invalid (value: "[email protected]") HOT 4
- Sample with mongo db connection not working as expected HOT 2
- Access Control Bug? HOT 3
- Define role for inbuilt models HOT 2
- automigrate to mongoDB HOT 2
- There is an error in the withdraw remote definition HOT 2
- How to emit this function : Role.registerResolver(role, resolver)?
- Weird relation between the model team and user HOT 3
- how do I apply ACL based permission rather then roles
- How to create a Model names 'device', that a user owns that deivce. HOT 1
- role-resolver.js HOT 2
- Is it possible to filter the projects owned by an owner without adding additional API? HOT 1
- ACL for third-party login HOT 2
- request /api/projects returns "Error: Authorization Required" when use mongodb datasource HOT 22
- Readme 'Tutorial' links broken HOT 2
- Cannot read property 'registerResolver' of undefined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loopback-example-access-control.