如何设置ACL以允许每个人列出REST API中的所有用户 [英] How to set up the ACL to allow everyone list all the Users from the REST API
问题描述
我试图使用REST API列出我的loopback 2.0应用中的所有用户,我收到以下错误:
Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "...."
}
}
我手动将ACL添加到model-config.json文件中:
I manually added the ACL to the model-config.json file:
"User": {
"dataSource": "db",
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
]
},
由于失败,我创建了一个基于User内置模型的模型:
Since that failed, I created a model based on the User built-in model:
{
"name": "Admin",
"base": "User",
"properties": {},
"validations": [],
"relations": {},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
],
"methods": []
}
但是在REST API中我仍然遇到同样的问题:
But in the REST API I still have the same issue:
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "....."
}
}
我感谢任何帮助。 =)
I appreciate any help. =)
推荐答案
-
我们应该允许您进一步配置内置模型额外的ACL。这是LoopBack的待办事项。
We should allow you to further configure the built-in model with additional ACLs. This is a todo for LoopBack.
您可以在common / user.json中对内置用户模型进行子类化,如图所示。
You can subclass the built-in User model in common/user.json as you have illustrated.
{
name:user,
base:User,
复数:用户
}
{ "name": "user", "base": "User", "plural": "users" }
然后,您需要通过向服务器/模型添加条目将其公开给REST config.json,例如:
Then you need to expose it to REST by adding an entry to server/model-config.json, such as:
"user": {
"dataSource": "db",
"public": true
},
这篇关于如何设置ACL以允许每个人列出REST API中的所有用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!