如何在Loopback ACL中使用静态角色进行身份验证

时间:2015-07-28 18:54:14

标签: loopbackjs

在模型中使用静态角色访问控制进行身份验证时遇到问题。当使用ACL与主要类型$ authenticated和$ everyone时,事情似乎正在起作用。因此,登录和注销时,访问控制已就位并按预期运行。当ACL被移动到静态角色时,身份验证失败并返回401。正在使用内置于角色,角色映射和用户的模型的环回。我尝试使用ROLE和USER作为principalTypes。

使用RoleMapping创建用户,角色和主体:

User.create({
    username: 'admin',
    email: 'admin@admin.com',
    password: 'password',
    active: true
}, 
function (err, user) {
    Role.create({
        name: 'Admin'
    }, 
    function (err, role) {
        if (err) throw err;

        console.log('Created role:', role);

        //make user an admin
        role.principals.create({
            principalType: RoleMapping.USER,
            //principalType: RoleMapping.ROLE,
            principalId: user.id,
            active: true
        }, 
        function (err, principal) {
            if (err) throw err;

            console.log('Principal:', principal);
        });
    });
});


客户模型:

"name": "Customer",
"base": "PersistedModel",
"strict": false,
"idInjection": false,
"options": {
    "validateUpsert": true
},
"properties": {
    "name": {
        "type": "string",
        "required": true
    },
    "description": {
        "type": "string"
    },
    "active": {
        "type": "boolean"
    }
},
"validations": [],
"relations": {
    "products": {
        .........
    },
    "users": {
        .........
    }
},
"acls": [
    {
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$everyone",
        "permission": "DENY"
    },
    {
        WORKS AS EXPECTED
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "$authenticated",
        "permission": "ALLOW"
    },
    {
        RETURNS 401 AFTER LOGGING IN AS USER ASSIGNED TO ROLE
        "accessType": "*",
        "principalType": "ROLE",
        "principalId": "Admin",
        "permission": "ALLOW"
    }
],
"methods": []

创建的用户记录:

"_id" : ObjectId("55b7c34d6033a33758038c3b"),
"username" : "admin",
"password" : ....,
"email" : "admin@admin.com",
"active" : true


角色记录:

"_id" : ObjectId("55b7c34d6033a33758038c3e"),
"name" : "Admin",
"created" : ISODate("2015-07-28T18:00:45.336Z"),
"modified" : ISODate("2015-07-28T18:00:45.336Z")


角色转换记录:

"_id" : ObjectId("55b7c34d6033a33758038c41"),
"principalType" : "USER",
"principalId" : "55b7c34d6033a33758038c3b",
"roleId" : ObjectId("55b7c34d6033a33758038c3e"),
"active" : true

先感谢您的帮助!

2 个答案:

答案 0 :(得分:0)

在principalId中定义用户时,请尝试改为:

principalId: user[0].id,

答案 1 :(得分:0)

请注意:

RoleMapping.principalType:USER(平均用户,不是ROLE)

RoleMapping.principalId:USER_ID(因为定义RoleMapping.principalType为USER)

acls:[ {“ principalType”:“角色”,       “ principalId”:“管理员”, } ]

我已经测试过,它可以正常工作

Role
—————————
_id: ObjectId(5c70409a98103f1af6ee2b55)
name: “admin”,
description: “Only Admin can write”,


Role Mapping
——————————
_id: ObjectId(5c7040f998103f1af6ee2b57)
principalType: USER
principalId: 5c72b9ef79dcf14443c1aa3b
roleId: ObjectId(5c70409a98103f1af6ee2b55)


User
——————————
_id: ObjectId(5c72b9ef79dcf14443c1aa3b)
firstName: “”,
lastName: “”,
email:””,
Active:””,
emailVerified:

ACL
 {
      "accessType": "WRITE",
      "principalType": "ROLE",
      "principalId": "admin",
      "permission": "ALLOW"
 }
相关问题
最新问题