3

Sails@beta, mongodb, windows 7 32bit,

尝试通过应用程序创建新用户后,我收到上述错误。当我从 config/policies.js 中删除策略 isPawn 时,一切正常。我不明白这个政策有什么问题。在我看来,我错误地访问了 mongodb id 属性。

isPawn.js https://github.com/mrcn/C_Express/blob/master/api/policies/isPawn.js

module.exports = function(req, res, next) {

  var sessionUserMatchesId = req.session.User.id === req.param('id');
  var isAdmin = req.session.User.admin;

  // The requested id does not match the user's id,
  // and this is not an admin

  if (!(sessionUserMatchesId || isAdmin)) {
    var noRightsError =
    [{
      name: 'noRights',
      message: 'You must be an admin.'
    }];
    req.session.flash = {
      err: noRightsError
    };
    res.redirect('/session/new');
    return;
  }

  next();

};

用户模型——user.js https://github.com/mrcn/C_Express/blob/master/api/models/User.js

module.exports = {

  schema: true,

  attributes: {

    name: {
      type: 'string',
      required: true
    },

    email: {
      type: 'string',
      email: true,
      required: true,
      unique: true
    },

    admin: {
      type: 'boolean',
      defaultsTo: false
    },

    encryptedPassword: {
      type: 'string'
    },

    toJSON: function() {
      var obj = this.toObject();
      delete obj.password;
      delete obj.confirmation;
      delete obj.encryptedPassword;
      delete obj._csrf;
      return obj;
    }
  },

  beforeCreate: function (values, next) {
      //this checks to make sure the passwords match
    if (!values.password || values.password != values.confirmation) {
      return next({err: ["Password\'s don\'t match"]});
    }

    require('bcrypt').hash(values.password, 10, function passwordEncrypt(err, encryptedPassword){
      if (err) return next(err);
      values.encryptedPassword = encryptedPassword;

      console.log();
      console.log(values);
      console.log();

      // values.online=true;
      next();
    });
  }
};

UserController.js:https ://github.com/mrcn/C_Express/blob/master/api/controllers/UserController.js

module.exports = {

  // this loads the signup page --> new.ejs
  new : function (req, res) {
    res.locals.flash = _.clone(req.session.flash);
    res.view();
    req.session.flash = {};
  },

  create: function (req, res, next) {

    // Create a user with the params sent from
    // the signup form --> new.ejs
    User.create(req.params.all(), function userCreate (err, user) {

      if (err) {
        console.log(err);
        req.session.flash = {
          err: err
        }

        // if error redirect back to signup page
        return res.redirect('/user/new');
      }

      // after successfully create the user
      // redirect to the show action
      // res.json(user);
      // req.session.flash = {};

      res.redirect('/user/show/'+user.id);
    });
  },

    show: function (req, res, next) {
      User.findOne (req.param('id'), function foundUser (err,user) {
        if (err) return next(err);
        if (!user) return next();
        res.view({
          user: user
        });
      });
    },

    index: function (req, res, next) {
      // EP 13
      // console.log(new Date());
      // console.log(req.session.authenticated);

      //get an array of all users in the User Collection (table)
      User.find(function foundUsers (err, users) {
        if (err) return next(err);
        // pass the array down to the /views/index.ejs page
        // we're rendering our index.ejs passing our users as an object.
        res.view({
          users: users
        });
      });
    },

    edit: function (req, res, next) {
      //Find the user from the id passed in via params
      User.findOne(req.param('id'), function foundUser (err, user){
        if (err) return next(err);
        if (!user) return next('User doesn\nt exist!');

        res.view({
          user: user
        });
      });
    },

    update: function (req, res, next) {
      User.update(req.param('id'), req.params.all(), function userUpdated (err) {
        if (err) {
          return res.redirect('/user/edit/' + req.param('id'));
        }

        res.redirect('/user/show/' + req.param('id'));
        });
    },

    destroy: function (req, res, next) {
      User.findOne(req.param('id'), function foundUser (err, user) {
        if (err) return next(err);
        if (!user) return next('User doesn\nt exist!');

        User.destroy(req.param('id'), function userDestroyed(err) {
          if (err) return next(err);
        });
        res.redirect('/user');
      });
    }
};
4

1 回答 1

6

看起来您正在尝试访问 的id属性req.session.User,但req.session.User至少在某些情况下不存在。如果它总是应该存在,我会检查负责设置它的代码。否则,将策略的两行更改为:

var sessionUserMatchesId = (req.session.User && req.session.User.id === req.param('id'));
var isAdmin = req.session.User && req.session.User.admin;

req.session.User如果未定义,这将防止它崩溃。

于 2014-07-28T20:43:45.143 回答