我试图执行此请求:
PUT /api/cars/564d8e792583afef310affe3/categories/rel/suv-idcat
如果我以管理员身份登录,则此工作正常,但如果我以其他角色身份登录,则会收到401响应。
我的汽车型号具有以下ACL:
...
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"property": "__create__categories"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"property": "__updateById__categories"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW",
"property": "__destroyById__categories"
}
...
现在,如果我为特定角色添加相同的ACL规则:
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "StoreAdmin",
"permission": "ALLOW",
"property": "__create__categories"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "StoreAdmin",
"permission": "ALLOW",
"property": "__updateById__categories"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "StoreAdmin",
"permission": "ALLOW",
"property": "__destroyById__categories"
}
...
如果我点击以StoreAdmin用户身份登录的端点,则会收到401错误响应。
P.S。我已经看过这个:https://docs.strongloop.com/display/public/LB/Accessing+related+models,但没有" hasAndBelongsTo"关系
答案 0 :(得分:0)
我会自己回答。事实证明,对于hasManyAndBelongsTo
关系,方法名称与documentation关于hasMany
关系中所述的方法名称不同。事实上,它甚至没有记录。
通过在调试模式下运行应用程序:DEBUG=loopback:security:*
我发现真正的方法名称为__link__categories
。