Closed kernel8liang closed 7 years ago
I just did another test with some modify of the loopback-getting-started-intermediate source code.
index 05d59c6..cf80ed0 100644
--- a/client/js/app.js
+++ b/client/js/app.js
@@ -42,7 +42,7 @@ angular
controller: 'AuthLogoutController'
})
.state('my-reviews', {
- url: '/my-reviews',
+ url: '/my-reviews/:id',
templateUrl: 'views/my-reviews.html',
controller: 'MyReviewsController',
authenticate: true
@@ -56,11 +56,12 @@ angular
url: '/sign-up/success',
templateUrl: 'views/sign-up-success.html'
});
- $urlRouterProvider.otherwise('all-reviews');
+ $urlRouterProvider.otherwise('login');
}])
.run(['$rootScope', '$state', function($rootScope, $state) {
$rootScope.$on('$stateChangeStart', function(event, next) {
// redirect to login page if not logged in
+ console.log(next)
if (next.authenticate && !$rootScope.currentUser) {
event.preventDefault(); //prevent current page from loading
$state.go('forbidden');
index 793388d..19d5ce0 100644
--- a/client/js/controllers/auth.js
+++ b/client/js/controllers/auth.js
@@ -1,7 +1,7 @@
angular
.module('app')
- .controller('AuthLoginController', ['$scope', 'AuthService', '$state',
- function($scope, AuthService, $state) {
+ .controller('AuthLoginController', ['$scope', 'AuthService', '$state', '$rootScope',
+ function($scope, AuthService, $state, $rootScope) {
$scope.user = {
email: 'foo@bar.com',
password: 'foobar'
@@ -10,7 +10,7 @@ angular
$scope.login = function() {
AuthService.login($scope.user.email, $scope.user.password)
.then(function() {
- $state.go('add-review'); + $state.go('my-reviews', {"id": $rootScope.currentUser.id});
});
};
}])
index f56a11f..9345676 100644
--- a/common/models/review.json
+++ b/common/models/review.json
@@ -36,12 +36,6 @@
"permission": "DENY"
},
{
- "accessType": "READ",
- "principalType": "ROLE",
- "principalId": "$everyone",
- "permission": "ALLOW"
- },
- {
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
@@ -53,7 +47,13 @@
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
+ },
+ {
+ "accessType": "READ",
+ "principalType": "ROLE",
+ "principalId": "$owner",
+ "permission": "ALLOW"
}
],
- "methods": []
+ "methods": {}
}
I modified the source code to the same thing I want to do , and I got the same error.
I change $owner to $authenticated, it run as expect.
This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS
file at the top-level of this repository.
I have defined two model one is model A which inherit from User, and another is a normal model B which inherit from PersistedModel. see below:
model A:
model B:
when a user login I want let she/he only to see items which belongs to this User, I use angular as client. the app.js is defined as below:
in BUserLoginController:
After login I get error from brower:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
and from the server site get log:
so, I want to know how can I make it run correct. Let each user to see iterms only belongs to he.