I have a model "MyUser" inheriting from loopback's "User" model. Now, I don't want this model to expose the password property, so I went and read the docs:
http://docs.strongloop.com/display/public/LB/Model+definition+JSON+file#ModeldefinitionJSONfile-Excludepropertiesfrombasemodel
and
http://docs.strongloop.com/display/public/LB/Model+definition+JSON+file#ModeldefinitionJSONfile-Hiddenproperties
However, this doesn't seem to be working for some reason. I leave some code here:
{
"name": "MyUser",
"plural": "myusers",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"password": null,
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
},
"validations": [],
"relations": {
"cars": {
"type": "hasMany",
"model": "Car"
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
],
"methods": []
}
Thanks in advance.
From your example it appears like you are excluding the password property instead of just hiding it. The Hidden property would look more like this as per the example you referenced:
"properties": {
...
"password": {
"type": "string",
"required": true
},
...
"hidden": ["password"],
...
Related
Is there any way to have hook which is checkin that has model attribute public and is it true? If it's true, access token is not required? At the moment I have implemented custom endpoints. But is there some other ways?
I have model where is public attribute, like this:
{
"name": "Model",
"plural": "model",
"base": "PersistedModel",
"idInjection": false,
"options": {
"validateUpsert": true
},
"properties": {
"uuid": {
"type": "string",
"defaultFn": "uuid",
"id": true
},
"orderNumber":{
"type":"number"
},
"public":{
"type":"boolean",
},
"roles": {
"type": "object",
"dataType":"longtext"
},
"groupId": {
"type": "string"
},
"created": {
"type": "date",
"required": true,
"defaultFn": "now"
},
"updated": {
"type": "date",
"required": true,
"defaultFn": "now"
}
},
"validations": [],
"relations": {
},
"acls": [{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "DENY"
}],
"methods": {},
"scope": {
},
"mixins": {
}
}
You could achieve that by creating a dynamic role called accessiblePublic for example.
Next, in the ACL I would define that this role has access to the endpoint.
Then I would resolve that role dependently on the model that is in the context.
I recommend to read about dynamic roles (and the example there) in the Docs: Dynamic Roles
Member model based on User model
{
"name": "Member",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"nickname": {
"type": "string"
}
},
"validations": [],
"relations": {
"messages": {
"type": "hasMany",
"model": "Message",
"foreignKey": ""
},
"followers": {
"type": "hasMany",
"model": "Member",
"foreignKey": "followeeId",
"through": "Follow"
},
"followings": {
"type": "hasMany",
"model": "Member",
"foreignKey": "followerId",
"through": "Follow"
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__get__followers"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__get__followings"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__get__messages"
}
],
"methods": {}
}
Follow model
{
"name": "Follow",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"follower": {
"type": "belongsTo",
"model": "Member",
"foreignKey": ""
},
"followee": {
"type": "belongsTo",
"model": "Member",
"foreignKey": ""
}
},
"acls": [],
"methods": {}
}
Example 1
With this data in the database I have the same error when I try to fetch following and followers with member 1.
Erreur non traitée pour la demande GET /api/Members/1/followers?access_token=t0oAVZM2CLJ7XLqQm2zxz8wj3fLmtUATHopDM40WYknLURbiObpVAlSD3DBEIOfv : Error: La relation "member" n'est pas définie pour le modèle Follow
at processIncludeItem (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/include.js:289:10)
at /home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/include.js:180:5
at /home/thomas/Bureau/Projet/Project/node_modules/async/dist/async.js:3025:16
at eachOfArrayLike (/home/thomas/Bureau/Projet/Project/node_modules/async/dist/async.js:940:9)
at eachOf (/home/thomas/Bureau/Projet/Project/node_modules/async/dist/async.js:990:5)
at Object.eachLimit (/home/thomas/Bureau/Projet/Project/node_modules/async/dist/async.js:3089:3)
at Function.Inclusion.include (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/include.js:179:9)
at /home/thomas/Bureau/Projet/Project/node_modules/loopback-connector-postgresql/node_modules/loopback-connector/lib/sql.js:1203:44
at /home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/observer.js:172:22
at doNotify (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/observer.js:99:49)
at PostgreSQL.ObserverMixin._notifyBaseObservers (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/observer.js:122:5)
at PostgreSQL.ObserverMixin.notifyObserversOf (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/observer.js:97:8)
at cbForWork (/home/thomas/Bureau/Projet/Project/node_modules/loopback-datasource-juggler/lib/observer.js:162:14)
at /home/thomas/Bureau/Projet/Project/node_modules/loopback-connector-postgresql/node_modules/loopback-connector/lib/sql.js:428:7
at Query.<anonymous> (/home/thomas/Bureau/Projet/Project/node_modules/loopback-connector-postgresql/lib/postgresql.js:162:7)
at Query.handleReadyForQuery (/home/thomas/Bureau/Projet/Project/node_modules/pg/lib/query.js:124:10)
Example 2
With this data in the database here is the result when I try to fetch followers with member 1.
I don't understand why i'm not able to fetch data in these two examples. BTW i'm using PostgreSQL. Thanks.
You need to fix relations in Follow model according to Member.
{
"name": "Follow",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"follower": {
"type": "belongsTo",
"model": "Member",
"foreignKey": "followeeId"
},
"followee": {
"type": "belongsTo",
"model": "Member",
"foreignKey": "followerId"
}
},
"acls": [],
"methods": {}
}
And in member.json
...
"followers": {
"type": "hasMany",
"model": "Member",
"foreignKey": "followeeId",
"keyThrough": "followerId",
"through": "Follow"
},
"followings": {
"type": "hasMany",
"model": "Member",
"foreignKey": "followerId",
"keyThrough": "followeeId",
"through": "Follow"
}
...
I'm currently evaluating loopback.io for developing the API portion of a new project, and I'm having problems with setting the correct ACL entries.
What I wish to accomplish is given an auth token, the GET endpoints should only return objects owned by the user. For example, a request to /Shows?access_token=xxxxxx should return only objects owned by the user.
Below is my shows.json file, and my User model is named Podcaster. Any help would be appreciated.
{
"name": "Show",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"title": {
"type": "string",
"required": true
},
"description": {
"type": "string"
}
},
"validations": [],
"relations": {
"episodes": {
"type": "hasMany",
"model": "Episode",
"foreignKey": ""
},
"podcaster": {
"type": "belongsTo",
"model": "Podcaster",
"foreignKey": ""
}
},
"acls": [
{
"accessType": "WRITE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "create"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
}
],
"methods": {}
}
It's not related to ACL's.
You want to change the business logic of the method. So the best practice is that you create a new method for getting shows owning by current user.
If you want to work your current owner ACl, you need to create a relation between user and show, and set ownerId in the show model.
{
"name": "Show",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"title": {
"type": "string",
"required": true
},
"description": {
"type": "string"
},
"description": {
"type": "string"
}
"ownerId": {
"type": "object"
}
},
"validations": [],
"relations": {
"owner": {
"type": "belongsTo",
"model": "user",
"foreignKey": "ownerId"
},
....
I´m using the API explorer of loopback to create a model with the following parameters:
{
"name": "string",
"last_name": "string",
"phone": 0,
"is_invited": true,
"realm": "string",
"username": "string",
"credentials": {},
"challenges": {},
"email": "string",
"emailVerified": true,
"status": "string",
"created": "2016-06-03",
"lastUpdated": "2016-06-03",
"id": 0
}
However, The server is always returning a 500 invalid Date error:
{
"error": {
"name": "Error",
"status": 500,
"message": "Invalid date: Invalid Date",
"stack": "Error: Invalid date: Invalid Date\n at DateType }
}
This is my model for reference. It inherits the User model of Loopback.
{
"name": "ExeboardUser",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"name": {
"type": "string",
"required": true
},
"last_name": {
"type": "string"
},
"phone": {
"type": "number",
"required": true
},
"is_invited": {
"type": "boolean",
"required": true
}
},
"validations": [],
"relations": {
"boards": {
"type": "hasMany",
"model": "Board",
"foreignKey": "exeboardUserId",
"through": "ExeboardUserBoard"
}
},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "logout"
}
],
"methods": {
}
}
Can anyone tell me what´s the problem with the date? I think it is correctly formated because it´s the default parameters that the explorer generates.
Don't know if you are interested in the answer, but I recently started working with loopback and got the same error as you, the date format that was accepted by the server is like this 2017-01-06T23:58:10.000Z
Hope it helps someone.
Ps.: if the date is not required by the model, don't even send it, not even with "null" or "" value, it will throw a 500 status error.
The correct date format is : 2017-10-12T10:31:37.925Z
And If you want to add fields of dateCreated and dateUpdate, Then use date mixin loopback-ds-timestamp-mixin
Install mixin with
npm i loopback-ds-timestamp-mixin --save
Add the mixins property to your server/model-config.json:
{
"_meta": {
"sources": [
"loopback/common/models",
"loopback/server/models",
"../common/models",
"./models"
],
"mixins": [
"loopback/common/mixins",
"../node_modules/loopback-ds-timestamp-mixin",
"../common/mixins"
]}
}
And in your model:
{
"name": "ExeboardUser",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"mixins": {
"TimeStamp" : true
},
"properties": {
"name": {
"type": "string",
"required": true
},
"last_name": {
"type": "string"
},
"phone": {
"type": "number",
"required": true
},
"is_invited": {
"type": "boolean",
"required": true
}
},
"validations": [],
"relations": {
"boards": {
"type": "hasMany",
"model": "Board",
"foreignKey": "exeboardUserId",
"through": "ExeboardUserBoard"
}
},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "logout"
}
],
"methods": {
}
}
When dealing with stringified params you should send the date value as a string in simplified extended ISO format in your query filter.
Here is an example of how you can do this in a very simple way using toISOString method:
const dataValue = new Date('10 May 2018 19:30 UTC');
console.log(dataValue.toISOString());
// output: 2018-05-10T19:30:00.000Z
I recently start with Strongloop framework,
I made a simple model
{
"name": "income",
"plural": "incomes",
"base": "PersistedModel",
"idInjection": true,
"properties": {
"description": {
"type": "string",
"required": true
},
"amount": {
"type": "number",
"required": true
},
"when": {
"type": "date",
"required": true
}
},
"validations": [],
"relations": {
"user": {
"type": "belongsTo",
"model": "User",
"foreignKey": ""
}
},
"acls": [],
"methods": []
}
I want make a relation with current session user and the income record. but I can't find a example for that.
You can use the current context, there is a code example at the bottom of the link, but you have to expand it:
Link