tuanpmt
commented
9 years ago sorry, my mistake, can not enforce the rights listed because only allow owner objects
Closed tuanpmt closed 9 years ago
tuanpmt
commented
9 years ago sorry, my mistake, can not enforce the rights listed because only allow owner objects
upq
commented
9 years ago @tuanpmt Im having the same issue, Can you please explain what goes wrong here? I almost done the same as you, and same debug log too, I noticed there is a _isAuthenticated()_ here
Fri, 23 Jan 2015 15:39:56 GMT loopback:security:access-context isAuthenticated() trueI have the same too, when I use _principalId $authenticated everything is perfect when it is **$owner_, I get 401** . Shouldn't be there a isOwner method from the ROLE model?
_ACL and RELATIONS_ (being is the the user extension)
"relations": {
"being": {
"type": "belongsTo",
"model": "Being",
"foreignKey": "userId"
},
"sections": {
"type": "hasMany",
"model": "Section",
"foreignKey": "notebookId"
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
}
],
], _Client side request method_ (Using the api explorer returned the same status code too)
function getNotebook(){
return Notebook.findOne({
filter: {
where: {
userId: AuthService.getCurrentId()
},
}
})
}Trying the method that _fetches a hasOne relationship_ doesn't work either.
function getNotebook(){
return User.notebook()
}_The debug log_
loopback:security:role isInRole(): $everyone +35s
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +1ms
loopback:security:access-context principal: {"type":"USER","id":"55e9c65d941d3ec208953644"} +0ms
loopback:security:access-context modelName Being +0ms
loopback:security:access-context modelId 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context property findById +0ms
loopback:security:access-context method findById +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "CRZ63uz0YZDFslVOSXxOti52EC8XVEeeMqOIdWRcxpxm0Phghwvx4auSFmYKDDoB" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): $owner +1ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +0ms
loopback:security:access-context principal: {"type":"USER","id":"55e9c65d941d3ec208953644"} +0ms
loopback:security:access-context modelName Being +0ms
loopback:security:access-context modelId 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context property findById +0ms
loopback:security:access-context method findById +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "CRZ63uz0YZDFslVOSXxOti52EC8XVEeeMqOIdWRcxpxm0Phghwvx4auSFmYKDDoB" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $owner +1ms
loopback:security:role isOwner(): Being 55e9c65d941d3ec208953644 userId: 55e9c65d941d3ec208953644 +0ms
loopback:security:acl The following ACLs were searched: +0ms
loopback:security:acl ---ACL--- +0ms
loopback:security:acl model Being +0ms
loopback:security:acl property findById +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $owner +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission ALLOW +0ms
loopback:security:acl with score: +1ms 8016
loopback:security:acl ---ACL--- +0ms
loopback:security:acl model Being +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model Being +0ms
loopback:security:access-context property findById +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context permission ALLOW +0ms
loopback:security:access-context isWildcard() false +1ms
loopback:security:access-context isAllowed() true +0ms
loopback:security:role isInRole(): $everyone +110ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +0ms
loopback:security:access-context principal: {"type":"USER","id":"55e9c65d941d3ec208953644"} +0ms
loopback:security:access-context modelName Notebook +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property findOne +0ms
loopback:security:access-context method findOne +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +1ms
loopback:security:access-context id "CRZ63uz0YZDFslVOSXxOti52EC8XVEeeMqOIdWRcxpxm0Phghwvx4auSFmYKDDoB" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): $owner +0ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +0ms
loopback:security:access-context principal: {"type":"USER","id":"55e9c65d941d3ec208953644"} +0ms
loopback:security:access-context modelName Notebook +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property findOne +0ms
loopback:security:access-context method findOne +1ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "CRZ63uz0YZDFslVOSXxOti52EC8XVEeeMqOIdWRcxpxm0Phghwvx4auSFmYKDDoB" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 55e9c65d941d3ec208953644 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $owner +0ms
loopback:security:acl The following ACLs were searched: +0ms
loopback:security:acl ---ACL--- +0ms
loopback:security:acl model Notebook +1ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model Notebook +0ms
loopback:security:access-context property findOne +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context permission DENY +0ms
loopback:security:access-context isWildcard() false +1ms
loopback:security:access-context isAllowed() false +0msThanks.
Hello, I've try the example and make a new one like this, one user model have many device. When i GET /devices with logged token, alway responsed with message "Authorization Required". But if i change principalId to "admin", it works.
user model
device model
Debug message: