Accessing User methods from REST API

Question

i defined a user model that inherits from the built-in User model of loopback and i defined a hasMany relation to another model. The problem i am facing is that no matter what i do, when i am trying to access the relation from the rest api i am getting unauthorized error, even when i defined the following ACL to the user model: json { "accessType": "READ", "principalType": "ROLE", "principalId": "$everyone", "permission": "ALLOW" }

Any idea?

How can I expose some methods of the user model that I would like to be accessible to user? On other model (which don't inherit from the User model) i don't face this problem.

Thanks

score 1 · Accepted Answer · answered Nov 13 '14 at 13:25

The relation injects a method into the object and thus it need access to execute that method. When you give it access to READ it only applies to the properties of that model and not to the methods which need EXECUTE permissions. Try this:

{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "$everyone",
  "permission": "ALLOW",
  "property": "__get_relation"
}

Replace in the property param the "relation" with the actual relation name and "get" with the actual http method you want this ACL to give access to.

You can also debug the ACLs by starting you application like this:

$ DEBUG=loopback:security:acl slc run

Yes, i had to use the EXECUTE permission. – Roi Ezra Nov 14 '14 at 07:34 — Roi Ezra, Nov 14 '14 at 07:34

Accessing User methods from REST API

1 Answers1