2

我想要实现的功能是这个

  1. 当用户注册时,会创建两个角色(admin,users)
  2. 如果用户是管理员,他应该能够以用户权限(非管理员)邀请其他用户加入同一帐户
  3. 非管理员用户不应邀请他人加入

这就是我试图在云代码中实现这一目标的方式

  1. 创建帐户时创建两个角色

  2. 使用管理员和用户 ACL 创建两个虚拟对象,下面是这两个步骤的代码

    Parse.Cloud.afterSave("account", function(request) {
    var accountName = request.object.get("name");
    //create admin role
    var adminRoleACL = new Parse.ACL();
    adminRoleACL.setPublicReadAccess(false);
    adminRoleACL.setPublicWriteAccess(false);
    var adminRole = new Parse.Role(accountName + ADMINISTRATOR, adminRoleACL);
    adminRole.save();

    //create user role
    var userRoleACL = new Parse.ACL();
    userRoleACL.setPublicReadAccess(false);
    userRoleACL.setPublicWriteAccess(false);
    var userRole = new Parse.Role(accountName + USER, userRoleACL);
    userRole.save();

    // create dummy object for each role with access to only that role
    // we will use these dummy objects in cloud code to figure out whether
    // the user belongs to that group.

    //create dummy for admin
    var dummy = new Dummy();
    dummy.set("name", accountName + ADMINISTRATOR + DUMMY);
    var dummyACL = new Parse.ACL();
    dummyACL.setPublicReadAccess(false);
    dummyACL.setRoleReadAccess(adminRole, true);
    dummy.setACL(dummyACL);
    dummy.save();

    //create dummy for user
    dummy = new Dummy();
    dummy.set("name", accountName + USER + DUMMY);
    dummyACL = new Parse.ACL();
    dummyACL.setPublicReadAccess(false);
    dummyACL.setRoleReadAccess(userRole, true);
    dummy.setACL(dummyACL);
    dummy.save();

});

创建帐户后,我将此用户添加到管理员和用户组,这是代码

Parse.Cloud.define("addUsersToRole", function(request, response) {
    Parse.Cloud.useMasterKey();
    var currentUser = request.user;
    var accountName = request.params.accountname;

    var query = new Parse.Query(Parse.Role);
    query.contains("name", accountName);
    query.find({
        success : function(roles) {
            console.log("roles: " + roles.length);
            for (var i = 0; i < roles.length; i++) {
                roles[i].getUsers().add(currentUser);
                roles[i].save();
            }
            response.success();
        },
        error : function(error) {
            response.error("error adding to admin role " + error);
        }
    });
});

现在,当我尝试注册时,我只想检查当前用户是否可以找到创建的管理员虚拟对象(因为该对象的 ACL 设置为仅由管理员角色访问)。如果可以读取该对象,那么这应该意味着当前用户属于管理员角色吧?这是代码

Parse.Cloud.define("inviteToSignUp", function(request, response) {
    var userEmail = request.params.email;
    var currentUser = request.user;
    var accountName = currentUser.get("accountname");

    //do it only if the user is admin
    var query = new Parse.Query(Dummy);
    query.equalTo("name", + accountName + ADMINISTRATOR + DUMMY);

    query.first({
        success : function(dummy) {
            if(dummy) {
                sendSignupEmail(userEmail, currentUser, request, response);
            } else {
                response.error("Invitation failed. You don't have the priviledges to add new user. Please contact your administrator'");
            }
        }, 
        error : function(error) {
            response.error("error while inviting users. " + error.message);
        }
    })

});

现在的问题是,即使管理员用户登录,创建的虚拟对象也不会在上述方法的查询中返回。我有什么遗漏吗?有没有更好的方法来实现这个功能?

我检查了数据浏览器,我可以看到正在创建的两个角色,用户是两个组的成员。我还看到使用这两个 ACL 创建了两个虚拟对象

  1. {“角色:XYZ_Administrator”:{“读取”:true}}
  2. {“角色:XYZ_user”:{“读取”:真}}
4

0 回答 0