I'm trying to setup a loopback project and I'm running into a basic issue that I can't figure out.
So I've got basically a custom user model defined with the following relations and acls:
"relations": {
...
"projects": {
"type": "hasMany",
"model": "project",
"foreignKey": "userId"
}
}
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
}
]
And a 'project' model defined with properties:
"relations": {
"user": {
"type": "belongsTo",
"model": "user",
"foreignKey": "userId"
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "create"
}
]
First of all, to my surprise, when submitting a POST /projects while logged in, I was expecting the foreign key to be automagically put in the object but it looks like this has to be done manually. I suppose this is normal, I guess I was expecting too much from the framework.
That being said, I have been struggling to be able to list all the projects owned by the logged user. Performing a GET /projects/{id} with {id} being an object belonging to the logged user works. And when {id} points to an object NOT owned by the logged in user, I get, as expected, a 401.
But then, I was expecting that running /projects would return all the projects owned by the logged user but instead throws a 401 to my face.
What am I missing? Is my ACL setup wrong? Am I using the wrong method? I tried putting a filter like '{"where":{"userId":"myId"}}' but had no luck. I also tried the other endpoint /user/myId/projects with no better luck.
Thanks
So I guess I was just getting loopback wrong, GET /projects was not the correct call but instead GET /users/{userId}/projects. ACL and relations seem to be correctly set.