问题
Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "...."
}
}
I manually added the ACL to the model-config.json file:
"User": {
"dataSource": "db",
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
]
},
Since that failed, I created a model based on the User built-in model:
{
"name": "Admin",
"base": "User",
"properties": {},
"validations": [],
"relations": {},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
],
"methods": []
}
But in the REST API I still have the same issue:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "....."
}
}
I appreciate any help. =)
回答1:
We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.
You can subclass the built-in User model in common/user.json as you have illustrated.
{ "name": "user", "base": "User", "plural": "users" }
Then you need to expose it to REST by adding an entry to server/model-config.json, such as:
"user": {
"dataSource": "db",
"public": true
},
回答2:
Seems loopback ppl allso hit that issue: https://github.com/strongloop/loopback-example-access-control/issues/8
来源:https://stackoverflow.com/questions/25353581/how-to-set-up-the-acl-to-allow-everyone-list-all-the-users-from-the-rest-api