我有几个自定义角色,如“1” - >“超级管理员”,“2” - >“团队成员”......我在数据库中维护我的ACL列表而不是JSON .
Use Case: - 在登录的情况下,如果有SuperAdmin,他可以使用ACL列表中定义的模型 . 工作正常 . - 此外,与teamMember角色一起工作正常 .
- 但是,在未经验证的情况下,既没有任何SuperAdmin / teamMember角色(例如:登录页面API),那么登录API调用没有成功,它总是'pending' . 呼叫未完成,错误/成功 . 在这种情况下,我想要处理
$everyone
角色 . 我正确地在ACL表中用$everyone
和ROLE
作为ALLOW
.
ACL没有被搜查 .
DEBUG清单:
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: [] +0ms
loopback:security:access-context modelName user +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property loginUser +0ms
loopback:security:access-context method loginUser +0ms
loopback:security:access-context accessType EXECUTE +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "$anonymous" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() null +0ms
loopback:security:access-context isAuthenticated() false +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
角色的解析器:
//SUPER ADMIN
Role.registerResolver("1", function(role, context, cb) {
let isSuperAdmin = false;
app.models.RoleMapping.findOne({where: {principalId: userId}}, function(err, res){ //userId will be passed from other obj...it will be not null...here i just made it simple
if(res.roleId == "1")
isSuperAdmin = true;
return cb(null, isSuperAdmin);
});
});
I could not able to login to my application due to this. 我正在扩展默认用户模型并编写了remoteMethod 'loginUser'来执行用户登录 . (即使默认的'login'远程方法在这种情况下也不起作用)
However, if i remove the role-resolver script, then no issue is faced. The login is successful ,API返回成功令牌 . 我似乎只有解析器的问题,但无法找到问题 . 请帮我解决这个问题 .
ACLS for my extended model user : (适用于SuperAdmin和所有人)
Col Names: id, model, property, accessType, permission, principalType, principalId
Rows: '1', 'user', '*', '*', 'ALLOW', 'ROLE', '1' '2', 'user', '*', '*', 'ALLOW', 'ROLE', '$everyone'
表中的 principalType: '1'
表示superAdmin .