acl - User can't access or edit himself in LoopBackJS -
please me?
i've created admin user , simple user, admin can thats ok, i'm trying edit simple user using own authenticated token, , got unauthorized everytime get, post, put or delete, here user.json:
{ "name": "user", "properties": { "realm": { "type": "string" }, "username": { "type": "string" }, "realname": { "type": "string", "required": true }, "timezone": { "type": "string", "required": false }, "language": { "type": "string", "required": false }, "password": { "type": "string", "required": true }, "credentials": { "type": "object", "deprecated": true }, "challenges": { "type": "object", "deprecated": true }, "email": { "type": "string", "required": true }, "ownerid": { "type": "number", "required": true }, "emailverified": "boolean", "verificationtoken": "string", "status": "boolean", "created": "date", "lastupdated": "date" }, "hidden": ["password"], "acls": [ { "principaltype": "role", "principalid": "$everyone", "permission": "deny" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "create" }, { "principaltype": "role", "principalid": "$owner", "permission": "allow", "property": "deletebyid" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "login" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "logout" }, { "principaltype": "role", "principalid": "$owner", "permission": "allow", "property": "findbyid" }, { "principaltype": "role", "principalid": "$owner", "permission": "allow", "property": "upsert" }, { "principaltype": "role", "principalid": "$owner", "permission": "allow", "property": "updateattributes" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "activation" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "confirm" }, { "principaltype": "role", "principalid": "$everyone", "permission": "allow", "property": "resetpassword", "accesstype": "execute" } ], "relations": { "accesstokens": { "type": "hasmany", "model": "accesstoken", "foreignkey": "userid", "options": { "disableinclude": true } } } }
do intend override base user model? if so, should name myuser , set base "user". in server/model-config.json, set "public" false "user" , true "myuser".
Comments
Post a Comment