search

strongloop / loopback

LoopBack makes it easy to build modern applications that require complex integrations.
http://loopback.io
Other
13.22k stars 1.2k forks source link

Extending User modal,acl doesn't work #1793

Closed colinshen closed 9 years ago

colinshen commented 9 years ago 
{
  "name": "Customer",
  "base": "User",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "userName": {
      "type": "string"
    },
    "idCard": {
      "type": "string"
    },
    "address": {
      "type": "object"
    },
    "phoneNumber": {
      "type": [
        "object"
      ]
    },
    "age": {
      "type": "number"
    },
    "job": {
      "type": "string"
    }
  },
  "validations": [],
  "relations": {
    "orders": {
      "type": "hasMany",
      "model": "Order",
      "foreignKey": "customerId"
    }
  },
  "acls": [
    {
      "accessType": "EXECUTE",
      "principalType": "ROLE",
      "principalId": "$owner",
      "permission": "ALLOW",
      "property": "__create__orders"
    },
    {
      "accessType": "EXECUTE",
      "principalType": "ROLE",
      "principalId": "$owner",
      "permission": "ALLOW",
      "property": "__get__orders"
    }
  ],
  "methods": {}
}

my category modal
{
  "name": "Category",
  "base": "PersistedModel",
  "strict": false,
  "idInjection": false,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "createdAt": {
      "type": "date",
      "required": true
    },
    "name": {
      "type": "string",
      "required": true
    },
    "updatedAt": {
      "type": "date",
      "required": true
    }
  },
  "validations": [],
  "relations": {
    "news": {
      "type": "hasMany",
      "model": "News",
      "foreignKey": ""
    }
  },
  "acls": [
    {
      "accessType": "*",
      "principalType": "ROLE",
      "principalId": "$everyone",
      "permission": "DENY"
    },
    {
      "accessType": "WRITE",
      "principalType": "ROLE",
      "principalId": "SuperAdmin",
      "permission": "ALLOW",
      "property":["create"]
    }
  ],
  "methods": {}
}

I register a custom as Admin,However, in explorer, after set token, the create function still got 401,Authorization Required"

superkhau commented 9 years ago

Can you provide a link to a test project on GitHub? See https://github.com/strongloop/loopback/wiki/Reporting-issues#bug-report

colinshen commented 9 years ago

here is the project:https://github.com/colinshen/loopback-sandbox .. i m not sure I did correct...but I tried.the project could run correctly, but still have the problem

superkhau commented 9 years ago

Have you gone through https://github.com/strongloop/loopback-example-access-control?

colinshen commented 9 years ago

Yeah, maybe I made a mistake. I will try to rewrite it. thanks

digitaldrummerj commented 9 years ago

I just ran into the same issue last week and wrote a blog post on how to fix it. http://digitaldrummerj.me/strongloop-extending-user-model-security/

Essentially in code in the [Your Model].js file, I had to clear out the existing ACLand add them back in along with my new ACL. The root of the issue, is that the last thing in the built-in user model ACL is to deny everyone.

colinshen commented 9 years ago

@digitaldrummerj great,thanks