Please could anyone help me?
I've created an admin user and a simple user, the admin can do anything thats ok, but I'm trying to edit the simple user using his own authenticated token, and I got unauthorized everytime even with get, post, put or delete, here my user.json:
{
"name": "User",
"properties": {
"realm": {
"type": "string"
},
"username": {
"type": "string"
},
"realName": {
"type": "string",
"required": true
},
"timezone": {
"type": "string",
"required": false
},
"language": {
"type": "string",
"required": false
},
"password": {
"type": "string",
"required": true
},
"credentials": {
"type": "object",
"deprecated": true
},
"challenges": {
"type": "object",
"deprecated": true
},
"email": {
"type": "string",
"required": true
},
"ownerId": {
"type": "number",
"required": true
},
"emailVerified": "boolean",
"verificationToken": "string",
"status": "boolean",
"created": "date",
"lastUpdated": "date"
},
"hidden": ["password"],
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "create"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "deleteById"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "login"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "logout"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "findById"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "upsert"
},
{
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "updateAttributes"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "activation"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "confirm"
},
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "resetPassword",
"accessType": "EXECUTE"
}
],
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
}
}
Do you intend to override the base User model? If so, you should name it to something like MyUser and set the base as "User". In server/model-config.json, set "public" to false for "User" and true for "MyUser".
Ok, let's explain the solution.
Using the security debug command line I could see how Loopback resolve permissions:
# DEBUG=loopback:security:role node .
loopback:security:role isInRole(): $everyone +0ms
loopback:security:role Custom resolver found for role $everyone +1ms
loopback:security:role isInRole(): $owner +0ms
loopback:security:role Custom resolver found for role $owner +0ms
loopback:security:role isOwner(): User 11 userId: 11 +1ms
loopback:security:role Model found: {"realm":null,"username":"...","id":11} +4ms
loopback:security:role No matching belongsTo relation found for model "11" and user: 11 +1ms
Using this data I created a field named "userId" in User table and pointed a belongsTo directive to this field inside it's own file (user.json).
"user": {
"type": "belongsTo",
"model": "User",
"foreignKey": "userId"
}
Now the user 11 can edit your own profile but can not see or change any other user register.
It's not a beautiful solution, actually loopback should have this self related directive inside ACL logic, but it works.
Regards
Related
I'd like to have an Azure Policy that audits for specific Azure DNS's in the targeted Region. Both should be available in an array so the policy can be scoped multiple times.
So far I've got this, which does not work since it puts the state in compliance by having the right DNS set, but completely ignores the region specified in the array. My goal is to have the policy compliance check for both.
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks"
},
{
"anyOf": [
{
"value": "[if(empty(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')), bool('false'), equals(length(intersection(parameters('dnsSettings'), field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers'))), length(parameters('dnsSettings'))))]",
"equals": false
},
{
"value": "[if(empty(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')), bool('false'), equals(length(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')),length(parameters('dnsSettings'))))]",
"equals": false
}
]
},
{
"not": {
"allOf": [
{
"field": "location",
"in": "[parameters('location')]"
}
]
}
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"parameters": {
"dnsSettings": {
"type": "Array",
"metadata": {
"displayName": "dnsSettings",
"description": "Audit for specific DNS settings."
}
},
"location": {
"type": "Array",
"metadata": {
"displayName": "Location",
"description": "Choose specific location",
"strongType": "location"
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effects",
"description": "Enable or disable the execution of the Policy."
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
}
}
We can use auditIfNotExists with few logic operations so that this will allow only after the success code, below sample is to understand about .
{
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "auditIfNotExists",
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Azure.Security"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "IaaSAntimalware"
}
]
}
}
}
}
Below is the way we can specify the dns, Sample for adding dns:
{
"mode": "All",
"name": "Deny changing VNet DNS settings from pre-defined value",
"description": "This Policy will prevent users from changing DNS settings on a VNet",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks"
},
{
"anyOf": [
{
"value": "[if(empty(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')), bool('false'), equals(length(intersection(parameters('dnsSettings'), field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers'))), length(parameters('dnsSettings'))))]",
"equals": false
},
{
"value": "[if(empty(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')), bool('false'), equals(length(field('Microsoft.Network/virtualNetworks/dhcpOptions.dnsServers')),length(parameters('dnsSettings'))))]",
"equals": false
}
]
}
]
},
"then": {
"effect": "auditIfNotExists"
}
},
"parameters": {
"dnsSettings": {
"type": "array",
"metadata": {
"displayname": "Enforced DNS Settings",
"description": "Users will be unable to change the DNS settings on a VNet from the values defined in this array."
}
}
}
}
Check AzurePolicy.json and AzurePolicy.rules.json to understand about allowing standard dns within application rules. Include location settings in it.
I am creating an API using Loopback, and I created a model. One of the properties is "depth", and inside it, it should have 4 other number properties. So I made depth an array of numbers, but it appears like this in my fish.json file:
"depth": {
"type": [
"number"
],
"required": true
},
Here is the entire file (fish.json):
{
"name": "Fish",
"plural": "fish",
"base": "PersistedModel",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"name": {
"type": "string",
"required": true
},
"scientific": {
"type": "string",
"required": true
},
"environment": {
"type": "string",
"required": true
},
"minClimate": {
"type": "number",
"required": true
},
"maxClimate": {
"type": "number",
"required": true
},
"depth": {
"type": [
"number"
],
"required": true
},
"avLength": {
"type": "number",
"required": true
},
"maxLength": {
"type": "number",
"required": true
},
"avWeight": {
"type": "number",
"required": true
},
"maxWeight": {
"type": "number",
"required": true
},
"maxAge": {
"type": "number",
"required": true
},
"description": {
"type": "string",
"required": true
},
"imageUrl": {
"type": "string",
"required": true
}
},
"validations": [],
"relations": {},
"acls": [],
"methods": {}
}
I have looked up in the Loopback docs, and it looks like I can use a nested model here. How would I go about changing this array to a nested model? Do I need to create a new model, and then somehow add that new model into the depth property?
Basically, I want the JSON to look like this:
"depth": {
"min": "0",
"max": "0",
"avMin": "0",
"avMax": "0"
},
You may have try this:-
"depth": {
"min": {"type": "number"},
"max": {"type": "number"},
"avMin": {"type": "number"},
"avMax": {"type": "number"}
}
I created a task that talks to a REST API to retreive the values for 2 picklists.
Filling the first dropdown box works fine, when using just the jsonpath.
Based on the first picklist I'd like to retreive values of the second list.
I've tried some variations and I'm trying something like this:
The json which I receive in the first rest call is similar to:
{
"id": "45",
"href": "https://selfservice/api/configurations/45/",
"name": "Type",
"description": "",
"version": "0.0.4",
"attributes": [
{
"value": {
"sdk-object": {
"type": "ConfigurationElement",
"id": "56"
}
},
"type": "ConfigurationElement",
"name": "win"
},
{
"value": {
"sdk-object": {
"type": "ConfigurationElement",
"id": "57"
}
},
"type": "ConfigurationElement",
"name": "lin"
}
]
}
I try to show the attributes name in the list and need the id of the attribute in the second picklist.
I created the following datasourcebindings in the task.json. Of course, the targets exist in the task.
task.json:
{
"id": "GUID",
"name": "Spinup",
"friendlyName": "Create environment",
"description": "Starts Workflow to create an environment. ___ The following placeholders are created deplending on the template and can be used in the rest of the release:**XLDEnvironment** and **testAgentHostname**",
"category": "Deploy",
"author": "***",
"version": {
"Major": 0,
"Minor": 0,
"Patch": 33
},
"minimumAgentVersion": "1.95.3",
"inputs": [
{
"label": "Endpoint",
"name": "connectedServiceName",
"required": true,
"type": "connectedService:server",
"helpMarkDown": "endpoint to connect to."
},
{
"name": "stage",
"type": "string",
"label": "Stage",
"defaultValue": "$(Release.EnvironmentName)",
"required": true,
"helpMarkDown": "Stage of the release, default value is based on the pipeline."
},
{
"name": "releaseName",
"type": "string",
"label": "Environment name",
"defaultValue": "$(Release.ReleaseName)",
"required": true,
"helpMarkDown": "Name of the environment that will be created."
},
{
"name": "owner",
"type": "string",
"label": "Owner of the environment",
"defaultValue": "***",
"required": true,
"helpMarkDown": "It is common to use the initials of the product owner in this field. There has to be a valid AD user owner of each environment. This can also be set by using a variable through the pipeline."
},
{
"name": "group",
"type": "string",
"label": "Group of the owner",
"defaultValue": "",
"required": true,
"helpMarkDown": "group that owns the environment. groups can be requested by the infrastructure department. Example: ****"
},
{
"name": "platform",
"type": "pickList",
"label": "Platform (OS)",
"defaultValue": "",
"required": true,
"helpMarkDown": "Choose the type of the target platform."
},
{
"name": "size",
"type": "pickList",
"label": "Environment Template",
"defaultValue": "",
"required": true,
"helpMarkDown": "Size of the environment to create."
}
],
"dataSourceBindings": [
{
"dataSourceName": "GetCEPlatformType",
"endpointId": "$(connectedServiceName)",
"target": "platform",
"selector": "jsonpath:$.attributes[*].name",
"keySelector": "jsonpath:$.attributes[*].value.sdk-object.id"
},
{
"dataSourceName": "GetCEPlatformSize",
"endpointId": "$(connectedServiceName)",
"target": "size",
"parameters": {
"platformTypeId": "$(platform)"
}
}
],
"instanceNameFormat": "Spin up $(size) $(platform) environment",
"execution": {
"PowerShell3": {
"target": "$(currentDirectory)\\task.ps1",
"argumentFormat": "",
"workingDirectory": "$(currentDirectory)"
}
}
}
vss-extension.json:
{
"manifestVersion": 1,
"id": "*****",
"name": "Release Tasks",
"version": "1.0.1",
"publisher": "***",
"targets": [
{
"id": "Microsoft.VisualStudio.Services"
}
],
"description": "Tools to contact ***. Includes a task to spin up a platform and a task to remove the platform.",
"categories": [
"Build and release"
],
"icons": {
"default": "images/extension-icon.png"
},
"files": [
{
"path": "RemoveEnvironment"
},
{
"path": "SpinUpEnvironment"
}
],
"contributions": [
{
"id": "******",
"type": "ms.vss-distributed-task.task",
"targets": [
"ms.vss-distributed-task.tasks"
],
"properties": {
"name": "RemoveEnvironment"
}
},
{
"id": "*********",
"type": "ms.vss-distributed-task.task",
"targets": [
"ms.vss-distributed-task.tasks"
],
"properties": {
"name": "SpinUpEnvironment"
}
},
{
"description": "Service Endpoint type for all connections",
"id": "endpoint-type",
"properties": {
"authenticationSchemes": [
{
"inputDescriptors": [
{
"description": "Username",
"id": "username",
"inputMode": "textbox",
"name": "Username",
"validation": {
"dataType": "string",
"isRequired": true
}
},
{
"description": "Password",
"id": "password",
"inputMode": "passwordbox",
"isConfidential": true,
"name": "Password",
"validation": {
"dataType": "string",
"isRequired": false
}
}
],
"type": "ms.vss-endpoint.endpoint-auth-scheme-basic"
}
],
"dataSources": [
{
"endpointUrl": "api/configurations/*****/",
"name": "GetCEPlatformType",
"resultSelector": "jsonpath:$.attributes[*].name"
},
{
"endpointUrl": "api/configurations/$(platformTypeId)/",
"name": "GetCEPlatformSize",
"resultSelector": "jsonpath:$.attributes[*].name"
}
],
"displayName": "*****",
"helpMarkDown": "Enter the url and credentials to connect to the endpoint.",
"name": "server",
"url": {
"displayName": "Server URL",
"helpText": "Url for the server to connect to."
}
},
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"type": "ms.vss-endpoint.service-endpoint-type"
}
]
}
Sadly I can't get this to work. The datasources exist in the endpoint, but I'm not sure what to do with the resultSelector.
Does anyone have an idea on how to get this to work? The documentation on this isn't too good.
I'm not familiar with mustache, but in the mustache test tool this seems to work.
Thoughts are appreciated!
Try with this in the first data source:
{
"dataSourceName": "dsList1",
"endpointId": "$(connectedServiceName)",
"target": "list1",
"selector": "jsonpath:$.attributes[*].name",
"keySelector": "jsonpath:$.attributes[*].value.sdk-object.id"
}
Update:
You were trying to use "platformTypeId" in vss-extension.json file while it was defined in task.json, this cause the error message you mentioned in the comment.
By the way, I just noticed that you are using "dataSourceBindings", then you cannot use "selector" and "KeySelector" to parse the result since they are used for "sourceDefinitions".
To achieve the feature you want with "dataSourceBindings", you can definition the endpoint url in the task.json directly instead of defining datasource in endpoint contribution.
So you can move the datasources section in the vss-extension.json file first, and then in the task.json file, change to following:
"dataSourceBindings": [
{
"endpointId": "$(connectedServiceName)",
"endpointURL": "api/configurations/*****/",
"target": "platform",
"resultselector": "jsonpath:$.attributes[*]",
"resultTemplate": "{ \"Value\" : \"{{{value.id}}}\", \"DisplayValue\" : \"{{{name}}}\" }"
},
{
"endpointId": "$(connectedServiceName)",
"endpointURL": "api/configurations/$(platformTypeId)/",
"target": "size"
}
],
I'm just learn about Loopback from StrongLoop to create a simple API.
I got some trouble to make the API works.
Here is my config :
model.js
--------
'use strict';
module.exports = function(Account) {
};
This is my model.json:
{
"name": "Account",
"base": "PersistedModel",
"idInjection": false,
"options": {
"validateUpsert": true
},
"properties": {
"id": {
"type": "string",
"required": true,
"defaultFn": "uuidv4",
"postgresql": {
"columnName": "id",
"dataType": "uuid"
}
},
"code": {
"type": "string",
"required": true,
"postgresql": {
"columnName": "code",
"dataType": "character varying",
"dataLength": "50"
}
},
"name": {
"type": "string",
"required": true,
"postgresql": {
"columnName": "name",
"dataType": "text"
}
},
"type": {
"type": "string",
"required": true,
"postgresql": {
"columnName": "type",
"dataType": "character varying",
"dataLength": "50"
}
},
"isActive": {
"type": "boolean",
"required": true,
"default": true
},
"isDelete": {
"type": "boolean",
"required": true,
"default": false
},
"createdBy": {
"type": "string",
"required": true,
"defaultFn": "uuidv4",
"postgresql": {
"columnName": "createdBy",
"dataType": "uuid"
}
},
"updatedBy": {
"type": "string",
"required": true,
"defaultFn": "uuidv4",
"postgresql": {
"columnName": "updatedBy",
"dataType": "uuid"
}
},
"createdAt": {
"type": "date",
"required": true,
"defaultFn": "now"
},
"updatedAt": {
"type": "date",
"required": true,
"defaultFn": "now"
}
},
"validations": [],
"relations": {},
"acls": [],
"methods": {}
}
The following model have been migrated successfull, I'm using postgresql for my db.
The problem is when Loopback create the CRUD standard API, the POST API seem to not working when I try the POST method. below is my json string when i try to put on API explorer :
{
"id": "123e4567-e89b-12d3-a456-426655440000",
"code": "1000",
"name": "Cash and Bank",
"type": "Assets",
"isActive": true,
"isDelete": false,
"createdBy": "123e4567-e89b-12d3-a456-426655440000",
"updatedBy": "123e4567-e89b-12d3-a456-426655440000",
"createdAt": "2017-09-01T17:00:00.000Z",
"updatedAt": "2017-09-01T17:00:00.000Z"
}
But It throw an error, here is the response body :
{
"error": {
"statusCode": 500,
"name": "error",
"message": "syntax error at end of input",
"length": 92,
"severity": "ERROR",
"code": "42601",
"position": "230",
"file": "scan.l",
"line": "1078",
"routine": "scanner_yyerror",
"stack": "error: syntax error at end of input\n at Connection.parseE (/media/andylpjr/EA7C669F7C6665F3/Project/kpost/kpost-api/node_modules/pg/lib/connection.js:567:11)\n at Connection.parseMessage (/media/andylpjr/EA7C669F7C6665F3/Project/kpost/kpost-api/node_modules/pg/lib/connection.js:391:17)\n at Socket.<anonymous> (/media/andylpjr/EA7C669F7C6665F3/Project/kpost/kpost-api/node_modules/pg/lib/connection.js:129:22)\n at emitOne (events.js:96:13)\n at Socket.emit (events.js:191:7)\n at readableAddChunk (_stream_readable.js:178:18)\n at Socket.Readable.push (_stream_readable.js:136:10)\n at TCP.onread (net.js:561:20)"
}
}
For the note when I'm try from the pgadmin insert to table using SQL query it works. Something like "INSERT INTO Account VALUES (bla bla bla)". I know this maybe just a common mistake, please help. Sorry for bad english.
Well case closed, it appears I'm missing my model definition for primary key, what a shame.. Thanks guys.
I am very new to loopback. I am making my first app with it and I change my datasource to MySql. my person model look like this
person.json
{
"name": "Person",
"plural": "People",
"base":"User",
"properties": {
"firstName": {
"type": "string",
"required": true
},
"lastName": {
"type": "string",
"required": true
},
"username": {
"type": "string",
"required": true
},
"email": {
"type": "string",
"required": true
},
"password": {
"type": "string",
"required": true
}
},
"validations": [],
"relations": {},
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*"
}
],
"methods": []
}
and
datasource.json
{
"db": {
"name": "db",
"connector": "memory"
},
"mysql": {
"host": "localhost",
"port": 3306,
"database": "demo",
"username": "demouser",
"password": "****",
"name": "mysql",
"connector": "mysql"
}
}
and
model-config.json
{
"_meta": {
"sources": [
"../common/models",
"./models"
]
},
"AccessToken": {
"dataSource": "db",
"public": false
},
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false
},
"Role": {
"dataSource": "db",
"public": false
},
"Person": {
"dataSource": "mysql",
"public": true
}
}
After this when I want to create any person I cant create any person as I am unauthorized. I inserted an entry in mysql and tried to login but no luck.But when I remove User as base of person then all goes fine. But I lose all auth features inherit from User. How can I extend User using mysql as datasource properly so that I can use Person as my Users?
Thanks in Advance
Can you try to add the following ACL?
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"accessType": "*",
"property": "create"
}
],
You can debug the application using:
DEBUG=loopback:security:* node .