I receive a 401 error when I access a custom method inside my Models folder
I'm using Loopback to access/update/make changes to my database. I've created a method called deleteSingleHearingTest in my common/models folder:
Account.deleteSingleHearingTest = function (req, callback) {
console.log('accounts.js: deleteSingleHearingTest: are we being reached????', req)
Account.findById(req.accessToken.userId)
.then(account => {
if (!account) {
throw new Error('Cannot find user');
}
console.log('account.js: deleteSingleHearingTest: req: ', req);
return app.models.HearingTest.updateAll({ accountId: account.id, id: req.body.hearingTestId }, { isDeleted: new Date() });
})
.then(() => {
callback(null);
})
.catch(error => {
callback(error);
});
}
after which I created a remote method:
Account.remoteMethod(
'deleteSingleHearingTest', {
http: {
path: '/deleteSingleHearingTest',
verb: 'post'
},
accepts: [
{ arg: 'req', type: 'object', http: { source: 'req' } }
],
returns: { "wtf": "wtf" }
});
When I attempt to use this via fetch inside a method called deleteSingleHearingTest in my actions folder(redux) I receive a 401 status error message:
export const deleteSingleHearingTest = (hearingTestNumber) => {
return (dispatch, getState) => {
let state = getState();
if (!state.user || !state.user.accessToken || !state.user.accessToken.id || !state.user.accessToken.userId) {
console.debug('writeTestResult', state.user);
// TODO: ERROR
return;
}
dispatch({
type: DELETE_SINGLE_REPORT_REQUEST
});
console.log('here is your access token', state.user.accessToken);
fetch(SERVERCONFIG.BASEURL + '/api/Accounts/deleteSingleHearingTest?access_token=' + state.user.accessToken.id, {
method: 'POST',
headers: SERVERCONFIG.HEADERS,
body: JSON.stringify({ "hearingTestId": hearingTestNumber })
})
.then(response => {
if (response.status === 200) {
console.log('actions/user.js deleteSingleReport were in the pipe 5x5', response.json());
}
console.log('actions/user.js failed to delete item: response: ', response)
})
}
};
Two errors I'm noticing:
1. the Account.deleteSingleHearingTest never gets reached. I know this because the console.log never shows up in the window where I ran node .
- I get a 401 status error message on the front end.
Here is a picture of my StrongLoop gui.
here is the picture of my account.json file
Here's a picture of a method that a previous developer created that currently works with no status errors. deleteSingleHearingTest is nearly identical.
From what I can tell by looking at your API Explorer screenshot, your Account model is extending LoopBack's built-in User model. The User model has ACLs configured to deny access to all methods except few explicitly allowed ones. You can find the ACL configuration in common/models/user.json.
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "create"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "deleteById"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "login"
},
// etc.
]
The first entry denies access to all methods, the subsequent entries allow access to certain methods for certain groups of users. For example, anybody ($everyone) can create a new user or invoke a login method, but the details of a User model can be retrieved only by the user themselves ($owner).
Please refer to Controlling data access and Understanding the built-in User model in LoopBack's documentation to learn more.
In order to allow your users to execute Account.deleteSingleHearingTest method, you need to add a new ACL entry to your Account configuration. I believe LoopBack can merge ACL defined in the base model (User) with the additional ACL entries defined in a subclassing model (Account) as of pull request #1289. If that's the case then you need to simply add a new ACL entry in your common/models/account.json file. Assuming any logged-in user can invoke deleteSingleHearingTest, but anonymous (unauthenticated) users cannot:
{
"name": "Account",
"base": "User",
// ...
"acls": [
{
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "deleteSingleHearingTest"
}
]
}
- How to list all the removable devices with DBus and UDisks2?
- gobject/gnome/glib bindings for D using GIR?
- How do nested functions get compiled?
- The "this" pointer and message receiving in D
- 64-bit executables with DMD
- GtkD with D lang on Fedora
- Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
- How to use MongoItemWriter to write a List<T>
- Why a function with protected modifier can be overridden and accessible every where?
- Convert Unicode const(uint)* to a dlang character type
- Compiling D with Code::Blocks
- DMD vs. GDC vs. LDC
- Rendering a font in raylib using freetype
- Digital Mars D compiler; acquiring ASM output
- D Programming: openssl rsa forward reference compiler error
- D compiler DMD doesn't link object files
- OPTLINK: Warning 23: No Stack
- Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
- Is this the right way to combine Garbage collected with none Garbage collected code in D
- D compiler (Digital Mars D Compiler) throwing error
- Which D Compiler to Use?
- Splitting a string treating multiple whitespace as one separator
- Proper way of passing array parameters to D functions
- Detailed Valgrind internals documentation
- Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
- Iterate over key/value pairs in associative array in D.
- Dlang associative array of an array of strings keyed by a string has unexpected behavior
- How to repeat a statement N times (simple loop)
- Is worth the effort to learn D?
- ld: undefined reference to object I can see in objdump