How to get User information in strongloop using angular.js

问题

I've tried many ways to get the users list/functions using strongloop and the generated angular.js services using lb-ng. Every time I try to get any User functionality, I get a message not authorized.

Why would the generated service file contain User functions and not be able to call it from front end. Many articles say it's intentional. Is this a bug or am I doing it wrong?

Here's the code I'm using to check duplicate user.

angular.module('app')
    .controller('UserCtrl', ['$scope', 'User',
        function ($scope, User) {
            $scope.data = {};
            $scope.verificationSent = false;
            $scope.duplicateUser = false;

            $scope.create = function () {
                User
                    .create($scope.data)
                    .$promise
                    .then(function () {
                        $scope.verificationSent = true;
                        console.log('User %s created successfully!', $scope.data['username']);
                    })
            }

            $scope.usernameExists = function () {
                User
                    .findOne({
                        where: {
                            username: $scope.data['username']
                        }
                    })
                    .$promise
                    .then(function (result) {
                        console.log(result);
                    })
            }

        }
    ])

Here's how I'm calling from front end.

<form  class="form-horizontal" name="form" ng-submit="form.$valid && usernameExists()" novalidate>

Here's the error that's returned.

GET http://0.0.0.0:3000/api/Users/findOne?where=%7B%22username%22:%22test%22%7D 401 (Unauthorized)

Attached a screenshot too... I'm trying this out for many weeks now, kindly help...

回答1:

The backend service created by strongloop requires the correct authorization which you are missing in your call. The /Users get call is configured to DENY all requests, if you want to open it up then you have to explicitly state this. But be careful when you are performing this operation, you could expose private user credentials which is usually undesirable. What you want to do is create a server-side call which checks if the username is a duplicate and responds accordingly, and you can have this call be ALLOWED to everyone, and then call this from Angular and do what you need. Hope that explanation was clear.

UPDATE Here is a guide to modifying ACLs: https://docs.strongloop.com/display/public/LB/Controlling+data+access

来源：https://stackoverflow.com/questions/31907774/how-to-get-user-information-in-strongloop-using-angular-js