首页 文章

如何在Loopback ACL中使用静态角色进行身份验证

提问于
浏览
1

在模型中使用静态角色访问控制进行身份验证时遇到问题 . 当使用ACL时,事情似乎正常工作's with principal types $authenticated and $everyone. So access controls are in place and functioning as expected when logged in and logged out. As ACL'被移动到静态角色身份验证失败并返回401 . 正在使用内置于角色,角色映射和用户的模型的环回 . 我已经尝试使用ROLE和USER作为principalTypes .

使用RoleMapping创建用户,角色和主体:

User.create({
    username: 'admin',
    email: 'admin@admin.com',
    password: 'password',
    active: true
}, 
function (err, user) {
    Role.create({
        name: 'Admin'
    }, 
    function (err, role) {
        if (err) throw err;

        console.log('Created role:', role);

        //make user an admin
        role.principals.create({
            principalType: RoleMapping.USER,
            //principalType: RoleMapping.ROLE,
            principalId: user.id,
            active: true
        }, 
        function (err, principal) {
            if (err) throw err;

            console.log('Principal:', principal);
        });
    });
});

客户模型:

"name": "Customer",
"base": "PersistedModel",
"strict": false,
"idInjection": false,
"options": {
    "validateUpsert": true
},
"properties": {
    "name": {
        "type": "string",
        "required": true
    },
    "description": {
        "type": "string"
    },
    "active": {
        "type": "boolean"
    }
},
"validations": [],
"relations": {
    "products": {
        .........
    },
    "users": {
        .........
    }
},
"acls": [
    {
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$everyone",
        "permission": "DENY"
    },
    {
        WORKS AS EXPECTED
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$authenticated",
        "permission": "ALLOW"
    },
    {
        RETURNS 401 AFTER LOGGING IN AS USER ASSIGNED TO ROLE
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "Admin",
        "permission": "ALLOW"
    }
],
"methods": []

创建的用户记录:

"_id" : ObjectId("55b7c34d6033a33758038c3b"),
"username" : "admin",
"password" : ....,
"email" : "admin@admin.com",
"active" : true

角色记录:

"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")

RoleMapping记录:

"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true

在此之前感谢您的帮助!

loopbackjs

1 回答

  • 0

    在principalId中定义用户时,请尝试改为:

    principalId: user[0].id,
    回复于

相关问题