MLab和Loopback ACL – 有很多(POST)
我很新的node.js / mlab,我试图找出我的ACL。
我有两个模型,歌曲和帐户。
我在帐户和歌曲之间创build了很多关系,其中一个帐户有很多歌曲叫做collections夹。
"relations": { "favorites": { "type": "hasMany", "model": "Song", "foreignKey": "" } } 我希望我的ACL设置的方式是只有pipe理员可以创build新的歌曲,但任何经过身份validation的人都可以将歌曲添加到他们的collections夹。
我有一个端点(id = userId,它也需要一个令牌):
/Accounts/{id}/favorites
问题是,每当我尝试POST到这个端点,我得到:
http://0.0.0.0:3000/api/Accounts/584e6ed148d44a6c1e53c1a3/favorites 401 (Unauthorized)
对于歌曲,目前的ACL是:
"acls": [ { "accessType": "*", "principalType": "ROLE", "principalId": "administrator", "permission": "ALLOW" }, { "accessType": "*", "principalType": "ROLE", "principalId": "$everyone", "permission": "DENY" }, { "accessType": "READ", "principalType": "ROLE", "principalId": "$everyone", "permission": "ALLOW" }]
对于帐户,当前ACL是:
"acls": [ { "accessType": "EXECUTE", "principalType": "ROLE", "principalId": "$authenticated", "permission": "ALLOW", "property": "POST" } ]
我跟踪到了:
loopback:security:role isInRole(): $everyone +0ms loopback:security:access-context ---AccessContext--- +2ms loopback:security:access-context principals: +1ms loopback:security:access-context principal: {"type":"USER","id":"584e6ed148d44a6c1e53c1a3"} +0ms loopback:security:access-context modelName Account +1ms loopback:security:access-context modelId 584e6ed148d44a6c1e53c1a3 +0ms loopback:security:access-context property __create__favorites +0ms loopback:security:access-context method __create__favorites +0ms loopback:security:access-context accessType WRITE +0ms loopback:security:access-context accessToken: +0ms loopback:security:access-context id "QD2gi3uUr7g07EN7NhCbeSeyKT4AEZGWUoQQB9V0siFzgBOiPM1WOAkLhvxHCQGq" +0ms loopback:security:access-context ttl 1209600 +0ms loopback:security:access-context getUserId() 584e6ed148d44a6c1e53c1a3 +0ms loopback:security:access-context isAuthenticated() true +0ms loopback:security:role Custom resolver found for role $everyone +0ms loopback:security:acl The following ACLs were searched: +1ms loopback:security:acl ---ACL--- +1ms loopback:security:acl model Account +0ms loopback:security:acl property * +0ms loopback:security:acl principalType ROLE +0ms loopback:security:acl principalId $everyone +0ms loopback:security:acl accessType * +0ms loopback:security:acl permission DENY +0ms loopback:security:acl with score: +0ms 7495 loopback:security:acl ---Resolved--- +0ms loopback:security:access-context ---AccessRequest--- +0ms loopback:security:access-context model Account +0ms loopback:security:access-context property __create__favorites +0ms loopback:security:access-context accessType WRITE +0ms loopback:security:access-context permission DENY +1ms loopback:security:access-context isWildcard() false +0ms loopback:security:access-context isAllowed() false +0ms
谢谢!
得到它了! 必须设置访问特定的属性,因为默认是拒绝访问。
{ "accessType": "EXECUTE", "principalType": "ROLE", "principalId": "$owner", "permission": "ALLOW", "property": "__create__favorites" }, { "accessType": "EXECUTE", "principalType": "ROLE", "principalId": "$owner", "permission": "ALLOW", "property": "__get__favorites" }