1

我想了解环回acl但失败了,如果我可以使用环回acl控制角色授权,我该怎么办?

当我收到请求时

GET http://localhost:1337/api/Employees 401 (Unauthorized)
{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "Error: Authorization Required
  }
}

这里是一名员工。JSON 配置

{
  "name": "Employee",
  "base": "User",
  "properties": {
    "nickname": {
      "type": "string"
    }
  },
  "validations": [],
  "relations": {},
  "acls": [
    {
      "principalType": "ROLE",
      "principalId": "admin",
      "permission": "ALLOW",
      "accessType": "READ"
    }
  ],
  "methods": []
}

下面的代码是添加一个员工

{
  "nickname": "",
  "realm": "",
  "username": "",
  "credentials": "object",
  "challenges": "object",
  "email": "",
  "emailVerified": false,
  "verificationToken": "",
  "status": "",
  "created": "",
  "lastUpdated": "",
  "id": 0
}

我不知道环回acls的内部。我怎么去改变才能达到访问控制的效果?

4

1 回答 1

3

要支持自定义角色admin,您需要定义角色并将用户添加到角色中。这是我用于内部项目的一些代码:

// Admin users
var adminUsers = require('../config/users.json').admins;

app.models.role.findOrCreate({where: {name: 'admin'}}, {name: 'admin'},
  function (err, role) {
    if (err) {
      return console.error(err);
    }
    // role.principals() doesn't work here as the role.id might have a different
    // type than roleMapping.roleId
    app.models.roleMapping.find({where: {roleId: role.id.toString()}},
      function (err, principals) {
        if (err) {
          return console.error(err);
        }
        var mapping = {};
        principals.forEach(function (p) {
          if (p.principalType === 'USER') {
            mapping[p.principalId] = p;
          }
        });
        app.models.user.find({where: {email: {inq: adminUsers}}},
          function (err, users) {
            if (err) {
              return console.error(err);
            }
            if (users && users.length) {
              users.forEach(function (user) {
                if (mapping[user.id.toString()]) {
                  console.log('User %s (%s) found in role %s', user.username,
                    user.email, role.name);
                  return;
                }
                role.principals.create({principalType: 'USER', principalId: user.id},
                  function (err, mapping) {
                    if (err) {
                      return console.error(err);
                    }
                    console.log('User %s (%s) added to role %s', user.username,
                      user.email, role.name);
                  });
              });
            }
          });
      };
  });
于 2014-08-29T15:56:38.277 回答