4

I'm new at loopback and i'm trying to customize the User built-in model by denying access to all methods of the customized user model (for testing) and the result is that i can access to some of the user methods (like create user).

{
  "name": "user",
  "base": "User",
  "idInjection": true,
  "properties": {},
  "validations": [],
  "relations": {},
  "acls": [
    {
      "accessType": "*",
      "principalType": "ROLE",
      "principalId": "$everyone",
      "permission": "DENY"
    }
  ],
  "methods": []
}

what am i missing?

noamtz
  • 168
  • 8
  • Check this doc page. I hope it helps http://docs.strongloop.com/display/public/LB/Accessing+related+models – Nur Rony Jun 23 '15 at 07:02
  • There is a related thread on strongloop/loopback github about this: https://github.com/strongloop/loopback/issues/397 – Alex V Jun 23 '15 at 22:46
  • You can see my solution to the same question here : http://stackoverflow.com/questions/34954905/strongloop-post-access-not-being-blocked/34958259#34958259 – Reuven Chacha Jan 23 '16 at 11:20

3 Answers3

0

Customizing built-in models is actually not a good idea. Create a new model which extends the user model. The built-in user model resides in node_modules/loopback. If you make any change and push it to Git you probably might loose the change, as it most likely to be ignored during push.

Please check this answer. It hopefully will help you

Constantly getting 401 errors in loopback while using User Model

Community
  • 1
  • 1
Anoop Thiruonam
  • 2,567
  • 2
  • 28
  • 48
0

You can always extend the behaviour of the built-in models and create your custom end-points as well. You can read on their docs. https://docs.strongloop.com/display/public/LB/Remote+methods

Bethoveen Todino
  • 11
  • 1
  • 1
0

There is a somewhat known bug in the current version of Loopback Datasource juggler that is causing this.

You can go to nodeModules > loopback > common > models> User and there change the ACL on create. This should block the method for now.

Longer term - 1) Loopback docs say that the model that you extend from User should have a different name like person or AppUser is my case. This did make the ACL thing easier to think about the bug remained. There is a fix that has been approved and should be out with the next version of the Juggler. But it could take time.

In the meantime, you can set up a gulp task to delete all ACLs from the loopback default models. This will make sure that any ACLs you set in your model definition take priority.

Also - just saw the comments above and Mr Chacha's solution seems much better to me.

kunal pareek
  • 1,285
  • 10
  • 21