如何在Loopback ACL中使用静态角色

时间:2015-10-14 17:10:12

标签: loopbackjs

Loopback ACL中的静态角色无法正常工作。

我创建了一个没有规则的新用户(id = 2,见下表),即使这样我也可以访问端点" changeprice"。

我做错了什么?

公共/模型/ product.json 

"acls": [
    {
       "accessType": "*",
       "principalType": "ROLE",
       "principalId": "$everyone",
       "permission": "DENY"
    },
    {
       "accessType": "READ",
       "principalType": "ROLE",
       "principalId": "$everyone",
       "permission": "ALLOW"
    },
    {
       "accessType": "EXECUTE",
       "principalType": "ROLE",
       "principalId": "admin",
       "permission": "ALLOW",
       "property": "changePrice"
    }
]

公共/模型/ product.js 

module.exports = function(Product) {
   Product.changePrice = function(cb) {
       response = "Pong!";
       cb(null, response);
   };

   Product.remoteMethod (
       'changePrice',
       {
           http: {path: '/changeprice', verb: 'get'},
           returns: {arg: 'message', type: 'string'}
       }
   );
};

用户表 

 +----+----------+
 | id | username |
 +----+----------+
 | 1  | Teste    |
 +----+----------+
 | 2  | Teste2   |
 +----+----------+

角色表 

 +----+-------+
 | id | name  |
 +----+-------+
 | 1  | admin |
 +----+-------+

角色转换表 

 +----+---------------+-------------+--------+
 | id | principalType | principalId | roleId |
 +----+---------------+-------------+--------+
 | 1  | USER          | 1           | 1      |
 +----+---------------+-------------+--------+

0 个答案:

没有答案
相关问题
最新问题