如何在环回中与其他持久模型建立关系时修改默认用户模型acl?

时间:2016-03-25 12:01:35

标签: node.js acl loopbackjs strongloop

我创建了一个从基本用户模型扩展的用户模型,并添加了与其他持久模型的关系。当我试图通过资源管理器访问该关系方法时,它给出了授权错误

我的用户模型结构(json)

{
  "name": "teamuser",
  "base": "User",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "empid": {
      "type": "number",
      "required": true
    },
    "designation": {
      "type": "string"
    }
  },
  "validations": [],
 "relations": {
    "tasks": {
      "type": "hasMany",
      "model": "task",
      "foreignKey": "userid"
    }
  },
 "acls": [],
  "methods": {}
}

MyTask模型结构(json)

{
  "name": "task",
  "base": "PersistedModel",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "title": {
      "type": "string",
      "required": true
    },
    "desc": {
      "type": "string"
    },
    "startdate": {
      "type": "date",
      "required": true
    },
    "enddate": {
      "type": "date",
      "required": true
    },
    "status": {
      "type": "string",
      "required": true
    }
  },
  "validations": [],
"relations": {
    "teamuser": {
      "type": "belongsTo",
      "model": "teamuser",
      "foreignKey": "userid"
    },
    "project": {
      "type": "belongsTo",
      "model": "project",
      "foreignKey": ""
    }
  },
 "acls": [],
  "methods": {}
}

当我尝试在探索下面的方法时,我会收到错误

http://0.0.0.0:3000/api/teamusers/5/tasks?access_token=AQVBwaoo1g0msk2eRvyAqbybCvKmswhHfLh1SeNYrzmsvn1gmCou5EaDBTpaiA2M 

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "code": "AUTHORIZATION_REQUIRED",
    "stack": "Error: Authorization Required\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/lib/application.js:376:21\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/lib/model.js:313:7\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/common/models/acl.js:465:23\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/node_modules/async/lib/async.js:251:17\n    at done (/Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/node_modules/async/lib/async.js:132:19)\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/node_modules/async/lib/async.js:32:16\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/node_modules/async/lib/async.js:248:21\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/node_modules/async/lib/async.js:572:34\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/common/models/acl.js:447:17\n    at /Users/mohamediqbalsaleem/Documents/easasoft/Testcb/node_modules/loopback/common/models/role.js:268:21"


    }
}

2 个答案:

答案 0 :(得分:0)

这可能是由于Loopback中关系的默认ACL行为。来自文档:

  

默认情况下,所有相关模型方法都设置了DENY ALL ACL。您   需要明确授予访问权限。 ACL不会从目标继承   模型的终点。因此,例如,即使图书模型是默认的   对于GET / books,路由GET,ACL是ALLOW $   / user / {id} / books默认仍为DENY ALL。

https://docs.strongloop.com/display/public/LB/Accessing+related+models

您需要为/ teamusers / {id} / tasks显式设置ACL。

答案 1 :(得分:0)

在“teamuser”模型中,您的基本模型是“用户”。它继承了它的功能。 您可以通过简单的方式覆盖它 -

只需用你的“ACL”覆盖父母“ACL” - 

{
  "name": "teamuser",
  "base": "User",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "empid": {
      "type": "number",
      "required": true
    },
    "designation": {
      "type": "string"
    }
  },
  "validations": [],
 "relations": {
    "tasks": {
      "type": "hasMany",
      "model": "task",
      "foreignKey": "userid"
    }
  },
 "acls": [
  {
      "principalType": "ROLE",
      "principalId": "$everyone",
      "accessType": "READ",
      "permission": "ALLOW"
    }
 ],
  "methods": {}
}

相关问题
最新问题