如何在Loopback ACL中使用静态角色进行身份验证

问题描述 投票:1回答:2

在模型中使用静态角色访问控制进行身份验证时遇到问题。当使用ACL与主要类型$ authenticated和$ everyone时,事情似乎正在起作用。因此,登录和注销时,访问控制已就位并按预期运行。当ACL被移动到静态角色时,身份验证失败并返回401。正在使用内置于角色,角色映射和用户的模型的环回。我已经尝试使用ROLE和USER作为principalTypes。 使用RoleMapping创建用户,角色和主体:

User.create({
    username: 'admin',
    email: '[email protected]',
    password: 'password',
    active: true
}, 
function (err, user) {
    Role.create({
        name: 'Admin'
    }, 
    function (err, role) {
        if (err) throw err;

        console.log('Created role:', role);

        //make user an admin
        role.principals.create({
            principalType: RoleMapping.USER,
            //principalType: RoleMapping.ROLE,
            principalId: user.id,
            active: true
        }, 
        function (err, principal) {
            if (err) throw err;

            console.log('Principal:', principal);
        });
    });
});

客户模型:

"name": "Customer",
"base": "PersistedModel",
"strict": false,
"idInjection": false,
"options": {
    "validateUpsert": true
},
"properties": {
    "name": {
        "type": "string",
        "required": true
    },
    "description": {
        "type": "string"
    },
    "active": {
        "type": "boolean"
    }
},
"validations": [],
"relations": {
    "products": {
        .........
    },
    "users": {
        .........
    }
},
"acls": [
    {
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$everyone",
        "permission": "DENY"
    },
    {
        WORKS AS EXPECTED
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$authenticated",
        "permission": "ALLOW"
    },
    {
        RETURNS 401 AFTER LOGGING IN AS USER ASSIGNED TO ROLE
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "Admin",
        "permission": "ALLOW"
    }
],
"methods": []

创建的用户记录:

"_id" : ObjectId("55b7c34d6033a33758038c3b"),
"username" : "admin",
"password" : ....,
"email" : "[email protected]",
"active" : true

角色记录:

"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")

RoleMapping记录:

"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true

在此之前感谢您的帮助!

loopbackjs
2个回答
0
投票

在principalId中定义用户时,请尝试改为:

principalId: user[0].id,
0
投票

请注意:

RoleMapping.principalType:USER(表示用户,不是ROLE)

RoleMapping.principalId:USER_ID(因为定义RoleMapping.principalType是USER)

acls:[{“principalType”:“ROLE”,“principalId”:“admin”,}]

我测试过,它正在工作

Role
—————————
_id: ObjectId(5c70409a98103f1af6ee2b55)
name: “admin”,
description: “Only Admin can write”,


Role Mapping
——————————
_id: ObjectId(5c7040f998103f1af6ee2b57)
principalType: USER
principalId: 5c72b9ef79dcf14443c1aa3b
roleId: ObjectId(5c70409a98103f1af6ee2b55)


User
——————————
_id: ObjectId(5c72b9ef79dcf14443c1aa3b)
firstName: “”,
lastName: “”,
email:””,
Active:””,
emailVerified:

ACL
 {
      "accessType": "WRITE",
      "principalType": "ROLE",
      "principalId": "admin",
      "permission": "ALLOW"
 }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.