Loopback. How to get all roles for one user? - javascript

I'm creating a Loopback application and have created a custom user model, based on built-in User model.
{
"name": "user",
"base": "User",
"idInjection": true,
"properties": {
"test": {
"type": "string",
"required": false
}
},
"validations": [],
"acls": [],
"methods": []
}
Then in boot script I'm creating (if not exists) new user, new role and a roleMapping.
User.create(
{ username: 'admin', email: 'admin#mail.com', password: 'pass' }
, function (err, users) {
if (err) throw err;
console.log('Created user:', users);
//create the admin role
Role.create({
name: 'admin'
}, function (err, role) {
if (err) throw err;
//make user an admin
role.principals.create({
principalType: RoleMapping.USER,
principalId: users.id
}, function (err, principal) {
if (err) throw err;
console.log(principal);
});
});
});
Then in custom remote method I'm trying to get all roles for User, using user's id. Loopbacks' documentation on this topic says that
Once you define a “hasMany” relation, LoopBack adds a method with the relation name to the declaring model class’s prototype automatically. For example: Customer.prototype.orders(...).
And gives this example:
customer.orders([filter],
function(err, orders) {
...
});
But when I am trying to use User.roles() method, (const User = app.models.user;) I get the next error:
TypeError: User.roles is not a function
But when I'm making a remote request http://localhost:9000/api/users/5aab95a03e96b62718940bc4/roles, I get the desired roleMappings array.
So, i would appreciate if someone could help get this data using js. I know I can probably just query the RoleMappings model, but I've wanted to do it the documentation-way.

Loopback documentation suggests to extend the built-in user model
to add more properties and functionalities.
A good practice is creating a model Member that extends the built-in model User. In the new model declare the following relationship:
"relations": {
"roles": {
"type": "hasMany",
"model": "RoleMapping",
"foreignKey": "principalId"
}
}
Now, you can get all the user roles:
user.roles(function (err, roles) {
// roles is an array of RoleMapping objects
})
where user is an instance of Member.

This is an old question, but I faced the same issue and was able to solve it by having the relation Antonio Trapani suggested and accessing the roles like this:
const userInstance = await User.findById(userId);
const roles = await userInstance.roles.find();
Roles is not a function, it is an object. By the way this is using loopback 3.

Related

Getting 401 error in loopback with User Model

I have list of more than 5k users in my another DB, and I want to migrate all the users in loopback DB, there are many duplicate users exists so that I am checking if user exists then I am updating a user otherwise I am creating new one. I have written a script for that. Its working fine but after updates first user, loopback starts throwing an error 401 Unauthorized if I execute GET user detail API. Even I have allowed Unauthenticated user to access update, create property with ACL, but its not working with this as well.
I have extended the User model.
Can anyone please throw some light? Help will be appeciated!
Thanks
LoopBack's default ACLs are more specific than the ones you are defining, so that yours don't have effect at the end. The #authenticated and #unauthenticated ALLOW rules doesn't have precedence over DENY all rules. But custom roles do, and using a custom ADMINISTRATOR role is the right way in the framework.
You need to create a Role for an specific user.
Map that role to the user using the RoleMapping model.
Steps 1 and 2 can be done with this boot script (ex: App/server/boot/create-admin-user.js):
module.exports = function(app) {
var User = app.models.ExtendedUser;
var Role = app.models.Role;
var RoleMapping = app.models.RoleMapping;
User.findOrCreate({ where: { username: 'admin', email: 'admin#admin.com' } },
{
username: 'admin',
email: 'admin#admin.com',
password: 'admin123'
},
function(err, user) {
if (err) return console.log(err);
// Create the admin role
Role.findOrCreate({where: { name: 'ADMINISTRATOR' }},
{ name: 'ADMINISTRATOR' },
function(err, role) {
if (err) return debug(err);
console.log("Role Created: " + role.name);
// Assign admin role
RoleMapping.findOrCreate({where: { roleId: role.id, principalId: user.id }},
{ roleId: role.id, principalId: user.id, principalType: RoleMapping.USER },
function(err, roleMapping) {
if (err) return console.log(err);
console.log("ADMINISTRATOR Role assigned to " + user.username);
});
});
});
};
Create an ACL entry in your ExtendedUser model to ALLOW the ROLE ADMINISTRATOR to WRITE:
```
{
"name": "ExtendedUser",
"base": "User",
/* ... */
"acls": [
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"accessType": "WRITE",
"principalType": "ROLE",
"principalId": "ADMINISTRATOR",
"permission": "ALLOW"
}
]
}

How to write find and update query in express.js?

I am using REST API(express.js and mongodb) and trying to update my document but it's not working. I don't know what is the error but can someone help me out to move forward? I have added my route and controller
Routes:
app.route('/articleupdation')
.post(article.updatearticle);
Controller:
exports.updatearticle = function(req, res) {
Article.findOne({
Username: 'xx',
Email: 'xx#gmail.com',
Info: 'Deactivate',
}, function(err, article) {
if (!err && article) {
article.Info = 'Active';
article.save(function(err) {
if (err) {
console.log('not working');
} else {
console.log('working');
}
});
} else {
console.log('Condtion not matched ');
console.log(err);
}
});
};
Data stored like this
{
"_id": {
"$oid": "5799995943d643600fabd6b7"
},
"Username": "xx",
"Email": "xx#gmail.com",
"Info": "Deactivate",
"Description": "aajdjdjddjdkjddjdjdhdj",
}
Here is what I am trying to achieve; if Username, Email, Info are matched I need to update article.Info = 'Active'; but this is not working, can someone help me out please?
From the looks of it, your query is not matching any documents in the collection hence the statement branch which does the update is not being reached, just the else statement as the returned article is null. You can test this by running the raw query in mongo shell on the underlying collection i.e.
db.articles.findOne({
"Username": "xx",
"Email": "xx#gmail.com",
"Info": "Deactivate"
})
and see if that returns any matching document. If not, check the Info field from the document returned in this query
db.articles.findOne({
"Username": "xx",
"Email": "xx#gmail.com"
})
The best way to go about this within an atomic update that does not require two requests to the server (i.e. one to query the document and the other to write the changes to the server) is to use the findOneAndUpdate api. This will issue a mongodb findAndModify update command which modifies and returns a single document. By default, the returned document does not include the modifications made on the update. To return the document with the modifications made on the update, use the new option.
Thus your refactored code could follow this pattern:
exports.updatearticle = function(req, res) {
Article.findOneAndUpdate(
{ "Username": req.body.username, "Email": req.body.email, "Info": "Deactivate" },
{ "$set": { "Info": "Active" } },
{ "new": true },
function (err, doc) {
if (err) { // err: any errors that occurred
console.log(err);
} else { // doc: the document before updates are applied if `new: false`
console.log(doc); // , the document returned after updates if `new true`
console.log(doc.Info);
}
}
);
};

Ensure data integrity with nodejs, restify and mongoose

I'm writing an analytics application that collects events and associates it with visitors.
My Visitor mongoose model as follows:
var visitorSchema = new Schema({
created_at: { type: Date, default: Date.now },
identifier: Number,
client_id: Number,
account_id: Number,
funnels: [String],
goals: [Goal],
events: [Event]
});
The api accept a mixed of visitor info and the event
{
"identifier": 11999762224,
"client_id": 1,
"account_id": 1,
"event": {
"context": "Home",
"action": "Click red button",
"value": ""
}
}
When restify receives a request it checks if the visitor exists, and if it exists the ap just push the event as follows:
server.post('/event', function (req, res, next) {
Visitor.findOne({
identifier: req.params.identifier,
client_id: req.params.client_id,
account_id: req.params.client_id
}, function(err, visitor) {
if(err) {
console.log(err);
res.send(500, visitor);
}
if(visitor) {
visitor.events.push(req.params.event);
visitor.save();
} else {
visitor = new Visitor({
identifier: req.params.cpf,
client_id: req.params.client_id,
account_id: req.params.client_id,
funnels: req.params.funnels,
events: req.params.event
});
visitor.save();
}
res.send(200, visitor);
});
});
By using this method, and I trigger several concurrent requests I get duplicated visitors instead of one visitor with multiple events.
How can I solve this issue? Whats the best approach?
Add a unique index on identifier in mongoose model. This way the second request will break with unique index violation. Just make sure you handle that error.
If you are using single page framework on the client side (angular, backbone etc) make sure you disable the button when you make an api call, and enable it on server response.

MongoDB Query: Exclude objects from child array?

I'm working on a simple login system for my NodeJS application. For this I have created a structure where one object, a "corporation", holds an array of users. I've done because I plan to use the corporation object to store application session data.
{
"name": "My Corporation",
"prefix": "MYCORP",
"users": [
{
"username": "some#user.com",
"password": "974dae09cd5869958c19e1742117c2f8",
"name": "Freddly the User"
},
{
"username": "other#user.com",
"password": "974dae09cd5869958c19e1742117c2f8",
"name": "Max the Admin"
}
]
}
The problem is when querying after a user (in a log-in scenario) the query, as expected, returns the entire corporation object. Thus I'm exposing all users even though I only want one. As far as security is concerned I guess it isn't a big deal, but I'm more worried about performance. Below is the current query and a very ugly way to delete all users but the one requested.
Ignore the different asserts. Code is very much work-in-progress .. :)
db.collection('kat_corp', function (err, collection) {
try {
assert.equal(null, err);
collection.findOne({
users: {
$elemMatch: {
username: user.username
}
}
}, function (err, result) {
if (err) callback(err, false);
// Delete all other users from the to-be session object
for (var i = 0; i < result.users.length; i++) {
if (result.users[i].username != user.username) {
delete result.users[i];
}
}
// Will be replaced with success callback
console.log(result);
});
} catch (err) {
callback(err, false);
}
});
If you're using MongoDB 2.2 or greater you can just use the "$" positional operator.
The following query worked for me :
db.collection('kat_corp', function (err, collection){
collection.findOne({"users.username":user.username}, {'name':1,'users.$': 1}, console.log)
});
Although I would agree with the other comments that you should probably reconsider your schema...

MongoError,err:E11000 duplicate key error

I have a MongoDb schema like this
var User = new Schema({
"UserName": { type: String, required: true },
"Email": { type: String, required: true, unique: true },
"UserType": { type: String },
"Password": { type: String }
});
I am trying to create a new user
This is done in NodeJs using mongoose ODM
And this is the code for creating:
controller.createUser = function (req, res) {
var user = new models.User({
"UserName": req.body.UserName.toLowerCase(),
"Email": req.body.Email.toLowerCase(),
"UserType": req.body.UserType.toLowerCase()
});
models.User.findOne({ 'Email': user.Email }, function (err, olduser) {
if (!err) {
if (olduser) {
res.send({ 'statusCode': 409, 'statusText': 'Email Already Exists' });
}
else if (!olduser) {
user.setPassword(req.body.Password);
user.save(function (err, done) {
if (!err) {
console.log(user);
res.send({ 'statusCode': 201, 'statusText': 'CREATED' });
}
else {
res.send({ 'Status code': 500, 'statusText': 'Internal Server Error' });
}
});
}
}
else {
res.send({ 'statusCode': 500, 'statusText': 'ERROR' });
}
});
};
The for creating new user,I am giving attributes and values as follows:
{
"UserName": "ann",
"Email": "ann#ann.com",
"UserType": "normaluser",
"Password":"123456"
}
And I am getting error like this:
{"Status code":500,"statusText":"Internal Server Error","Error":{"name":"MongoError","err":"E11000 duplicate key error index: medinfo.users.$UserName_1 dup key: { : \"ann\" }","code":11000,"n":0,"connectionId":54,"ok":1}}
I understand that this error is because UserName is duplicated ,but I haven't set UserName with unique constraint.Whenever I add a new row,I need only email to be unique,UserName can be repeated.How to achieve this??
#ManseUK Is probably right, that looks like UserName is a 'key' - in this case an index. The _id attribute is the "primary" index that is created by default, but mongodb allows you to have multiple of these.
Start a mongo console and run medinfo.users.getIndexes()? Something must have added an index on 'UserName'.
required: true wouldn't do that, but you might have played with other settings previously and the index hasn't been removed?
There should be an index that is blocking.
You can try the db.collection.dropIndex() method
medinfo.users.dropIndexes()
I got the similar issue on my project. I tried to clear out all the documents and the dup issue still keep popping up. Until I dropped this collection and re-start my node service, it just worked.
What I had realized is that my data-structures were changing -- this is where versioning comes in handy.
You may need to get a mongoose-version module, do a thing.remove({}, ...) or even drop the collection: drop database with mongoose
I use RoboMongo for an admin tool (and I highly recommend it!) so I just went in and right-clicked/dropped collection from the console.
If anyone knows how to easily version and/or drop a collection from within the code, feel free to post a comment below as it surely helps this thread ( and I :) ).

Categories