verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add an ACL to User, to allow everyone to execute User.passwordReset(). 

This is intended to permit users who have forgotten their
password, and are thus unauthenticated, to request a reset.

Credit goes to John Murphy who proposed the ACL in Google Groups here:
https://groups.google.com/forum/#!searchin/loopbackjs/passwordReset$20ACL/loopbackjs/UPyhg7KS-9k/_M_9-YpUKmIJ

Signed-off-by: Carey Richard Murphey <rich@murphey.org>
This commit is contained in:
zxvv 2014-09-06 19:05:32 -05:00
parent 642229f513
commit 5255120a22
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/models/user.js
View File

@ -93,6 +93,13 @@ var options = {
model: 'AccessToken', model: 'AccessToken',
foreignKey: 'userId' foreignKey: 'userId'
} }
},
{
principalType: ACL.ROLE,
principalId: Role.EVERYONE,
permission: ACL.ALLOW,
property: "resetPassword",
accessType: ACL.EXECUTE
} }
}; };