在模型中使用静态角色访问控制进行身份验证时遇到问题 . 当使用ACL时,事情似乎正常工作's with principal types $authenticated and $everyone. So access controls are in place and functioning as expected when logged in and logged out. As ACL'被移动到静态角色身份验证失败并返回401 . 正在使用内置于角色,角色映射和用户的模型的环回 . 我已经尝试使用ROLE和USER作为principalTypes .
使用RoleMapping创建用户,角色和主体:
User.create({
username: 'admin',
email: 'admin@admin.com',
password: 'password',
active: true
},
function (err, user) {
Role.create({
name: 'Admin'
},
function (err, role) {
if (err) throw err;
console.log('Created role:', role);
//make user an admin
role.principals.create({
principalType: RoleMapping.USER,
//principalType: RoleMapping.ROLE,
principalId: user.id,
active: true
},
function (err, principal) {
if (err) throw err;
console.log('Principal:', principal);
});
});
});
客户模型:
"name": "Customer",
"base": "PersistedModel",
"strict": false,
"idInjection": false,
"options": {
"validateUpsert": true
},
"properties": {
"name": {
"type": "string",
"required": true
},
"description": {
"type": "string"
},
"active": {
"type": "boolean"
}
},
"validations": [],
"relations": {
"products": {
.........
},
"users": {
.........
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
WORKS AS EXPECTED
"accessType": "*",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
RETURNS 401 AFTER LOGGING IN AS USER ASSIGNED TO ROLE
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW"
}
],
"methods": []
创建的用户记录:
"_id" : ObjectId("55b7c34d6033a33758038c3b"),
"username" : "admin",
"password" : ....,
"email" : "admin@admin.com",
"active" : true
角色记录:
"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")
RoleMapping记录:
"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true
在此之前感谢您的帮助!
1 回答
在principalId中定义用户时,请尝试改为: