Strongloop - HasAndBelongsToMany总是返回401

时间:2016-03-01 20:57:33

标签: node.js acl has-and-belongs-to-many strongloop

我试图执行此请求:

PUT /api/cars/564d8e792583afef310affe3/categories/rel/suv-idcat

如果我以管理员身份登录,则此工作正常,但如果我以其他角色身份登录,则会收到401响应。

我的汽车型号具有以下ACL:

...
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__create__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__updateById__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__destroyById__categories"
}
...

现在,如果我为特定角色添加相同的ACL规则:

{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__create__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__updateById__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__destroyById__categories"
}
...

如果我点击以StoreAdmin用户身份登录的端点,则会收到401错误响应。

P.S。我已经看过这个:https://docs.strongloop.com/display/public/LB/Accessing+related+models,但没有" hasAndBelongsTo"关系

1 个答案:

答案 0 :(得分:0)

我会自己回答。事实证明,对于hasManyAndBelongsTo关系,方法名称与documentation关于hasMany关系中所述的方法名称不同。事实上,它甚至没有记录。

通过在调试模式下运行应用程序:DEBUG=loopback:security:*我发现真正的方法名称为__link__categories