Loopbackjs 如何在环回ACL中使用静态角色进行身份验证
在模型中使用静态角色访问控制进行身份验证时遇到问题。将ACL与主体类型$authenticated和$everyone一起使用时,情况似乎正常。因此,在登录和注销时,访问控制已就位并按预期运行。当ACL移到静态角色时,身份验证失败并返回401。正在使用角色、角色映射和用户的环回内置模型。我已经尝试使用角色和用户作为主类型。Loopbackjs 如何在环回ACL中使用静态角色进行身份验证,loopbackjs,Loopbackjs,在模型中使用静态角色访问控制进行身份验证时遇到问题。将ACL与主体类型$authenticated和$everyone一起使用时,情况似乎正常。因此,在登录和注销时,访问控制已就位并按预期运行。当ACL移到静态角色时,身份验证失败并返回401。正在使用角色、角色映射和用户的环回内置模型。我已经尝试使用角色和用户作为主类型。 使用角色映射创建用户、角色和主体: User.create({ username: 'admin', email: 'admin@admin.com',
使用角色映射创建用户、角色和主体:
User.create({
username: 'admin',
email: 'admin@admin.com',
password: 'password',
active: true
},
function (err, user) {
Role.create({
name: 'Admin'
},
function (err, role) {
if (err) throw err;
console.log('Created role:', role);
//make user an admin
role.principals.create({
principalType: RoleMapping.USER,
//principalType: RoleMapping.ROLE,
principalId: user.id,
active: true
},
function (err, principal) {
if (err) throw err;
console.log('Principal:', principal);
});
});
});
客户模式:
"name": "Customer",
"base": "PersistedModel",
"strict": false,
"idInjection": false,
"options": {
"validateUpsert": true
},
"properties": {
"name": {
"type": "string",
"required": true
},
"description": {
"type": "string"
},
"active": {
"type": "boolean"
}
},
"validations": [],
"relations": {
"products": {
.........
},
"users": {
.........
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
WORKS AS EXPECTED
"accessType": "*",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
RETURNS 401 AFTER LOGGING IN AS USER ASSIGNED TO ROLE
"accessType": "*",
"principalType": "ROLE",
"principalId": "Admin",
"permission": "ALLOW"
}
],
"methods": []
已创建用户记录:"_id" : ObjectId("55b7c34d6033a33758038c3b"),
"username" : "admin",
"password" : ....,
"email" : "admin@admin.com",
"active" : true
角色记录:
"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")
"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true
角色映射记录:
"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")
"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true
谢谢你的帮助 在principalId中定义用户时,请尝试:
principalId: user[0].id,
在principalId中定义用户时,请尝试:
principalId: user[0].id,
请注意:
RoleMapping.principalType:用户(平均用户,而非角色)
RoleMapping.principalId:USER_ID(因为define RoleMapping.principalType是USER)
ACL:[
{“principalType”:“角色”,
“principalId”:“admin”,
}
]
我已经测试过了,它正在工作
Role
—————————
_id: ObjectId(5c70409a98103f1af6ee2b55)
name: “admin”,
description: “Only Admin can write”,
Role Mapping
——————————
_id: ObjectId(5c7040f998103f1af6ee2b57)
principalType: USER
principalId: 5c72b9ef79dcf14443c1aa3b
roleId: ObjectId(5c70409a98103f1af6ee2b55)
User
——————————
_id: ObjectId(5c72b9ef79dcf14443c1aa3b)
firstName: “”,
lastName: “”,
email:””,
Active:””,
emailVerified:
ACL
{
"accessType": "WRITE",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
请注意:
RoleMapping.principalType:用户(平均用户,而非角色)
RoleMapping.principalId:USER_ID(因为define RoleMapping.principalType是USER)
ACL:[
{“principalType”:“角色”,
“principalId”:“admin”,
}
]
我已经测试过了,它正在工作
Role
—————————
_id: ObjectId(5c70409a98103f1af6ee2b55)
name: “admin”,
description: “Only Admin can write”,
Role Mapping
——————————
_id: ObjectId(5c7040f998103f1af6ee2b57)
principalType: USER
principalId: 5c72b9ef79dcf14443c1aa3b
roleId: ObjectId(5c70409a98103f1af6ee2b55)
User
——————————
_id: ObjectId(5c72b9ef79dcf14443c1aa3b)
firstName: “”,
lastName: “”,
email:””,
Active:””,
emailVerified:
ACL
{
"accessType": "WRITE",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
问题是静态角色没有注册为Hi,我也有同样的问题。你是怎么解决的。你能详细说明一下吗。感谢您认为问题是通过以下“动态角色”部分中列出的步骤解决的:问题是静态角色未注册为Hi,我也有同样的问题。你是怎么解决的。你能详细说明一下吗。感谢您认为问题已通过以下“动态角色”部分中列出的步骤得到解决: