I have this model in customers.json, acls:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"through": "RoleMapping"
}
]
And i have this user model base on loopback user:
{
"name": "userModel",
"base": "User",
...
}
"relations": {
"roles": {
"type": "hasMany",
"model": "Role",
"foreignKey": "principalId"
}
},
I have defined in http://localhost:3000/explorer in RoleMapping:
{
"id": "58b82f1dbd7b9f1a601646cf",
"principalType": "USER",
"principalId": "58b82ec9bd7b9f1a601646ce",
"roleId": "5570fb69a1227c8c039293da"
}
But i always get 401 Unauthorized error when I try to display the customers. I would be very gradefull if someone could help me.
Have you set the Token in the Loopback Explorer?
When you enable the ACL in Loopback you must Login using the end-point /user/login
{"username":"john", "password": "abc123"}
Then copy and paste the id from the response into the Token field.