Fátima Alves Fátima Alves - 3 months ago 9
Node.js Question

Accessing methods from other (relationships)

Follow the step:

I create a user based User(build-in model) and a collection(PersistedModel).
And then created the relation, "user" hasMany "collection", "collection" belongsTo "user".
After that, I open the explorer(http://localhost:3000/explorer) and use the remote method, "user/{id}/collection".

I get the responsee

error: {
name: "Error",
status: 401,
message: "Authorization Required",
statusCode: 401,
stack: "Error: Authorization Required at /Users/fatimaalves/DEV/App/API/node_modules/loopback/lib/application.js:394:21 at /Users/fatimaalves/DEV/App/API/node_modules/loopback/lib/model.js:318:7 at /Users/fatimaalves/DEV/App/API/node_modules/loopback/common/models/acl.js:470:23 at /Users/fatimaalves/DEV/App/API/node_modules/async/lib/async.js:251:17 at done (/Users/fatimaalves/DEV/App/API/node_modules/async/lib/async.js:132:19) at /Users/fatimaalves/DEV/App/API/node_modules/async/lib/async.js:32:16 at /Users/fatimaalves/DEV/App/API/node_modules/async/lib/async.js:248:21 at /Users/fatimaalves/DEV/App/API/node_modules/async/lib/async.js:572:34 at /Users/fatimaalves/DEV/App/API/node_modules/loopback/common/models/acl.js:452:17 at /Users/fatimaalves/DEV/App/API/node_modules/loopback/common/models/role.js:190:9"

I already read the documentation several times, and i still don't get how to use ACL's..

Please, can someone give me a hand? I want only allow the authenticated users to get their own data.

Thanks very much!


In your user.json add this ACL:

"acls": [
  "accessType": "*",
  "principalType": "ROLE",
  "principalId": "$everyone",
  "permission": "DENY"
  "accessType": "READ",
  "principalType": "ROLE",
  "principalId": "$authenticated",
  "permission": "ALLOW"

This allows an authenticated user to read (GET) of user model, because this is denied by default. You should consider set the access_token in API Explorer.

For more information see Doc