用户授权不适用于Mean.JS

时间:2016-07-19 13:23:03

标签: javascript acl mean meanjs

我正在使用mean.js让注册用户访问内容。它有点工作。我可以改变isAllowed to!isAllowed让人们看到内容。问题是当用户登录时未授权内容。文章示例工作正常。但是当我创建自己的部分时,登录的用户无法访问页面!

所以基本上如果我登录,我收到消息:'用户未被授权'如果我尝试去localhost:3000 / requestoffwork

如果我登录并将isAllowed更改为!isAllowed,我可以访问它

'use strict';

/**
 * Module dependencies.
 */
var acl = require('acl');

// Using the memory backend
acl = new acl(new acl.memoryBackend());

/**
 * Invoke Articles Permissions
 */
exports.invokeRolesPolicies = function () {
  acl.allow([{
    roles: ['admin'],
    allows: [{
      resources: '/api/articles',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: '*'
    }]
  }, {
    roles: ['user'],
    allows: [{
      resources: '/requestoffwork',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }, {
    roles: ['guest'],
    allows: [{
      resources: '/api/articles',
      permissions: ['get']
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }]);
};

/**
 * Check If Articles Policy Allows
 */
exports.isAllowed = function (req, res, next) {
  var roles = (req.user) ? req.user.roles : ['guest'];

  // If an article is being processed and the current user created it then allow any manipulation
  if (req.article && req.user && req.article.user.id === req.user.id) {
    return next();
  }

  // Check for user roles
  acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
    if (err) {
      // An authorization error occurred.
      return res.status(500).send('Unexpected authorization error');
    } else {
      if (isAllowed) {
        // Access granted! Invoke next middleware
        return next();
      } else {
        return res.status(403).json({
          message: 'User is not authorized'
        });
      }
    }
  });
};

这是路线

app.route('/requestoffwork').all(managementPolicy.isAllowed)
    .get(management.list)
    .post(management.submit);

这是用户的数据

{"_id":"5788fe46587a1c0b07a04078","displayName":"","provider":"local","__v":0,"created":"2016-07-15T15:16:22.625Z","roles":["user"],"profileImageURL":"modules/users/client/img/profile/default.png","email":"email@gmail.com","lastName":"","firstName":”"}

1 个答案:

答案 0 :(得分:2)

您是否已将权限添加到客户端路径ass?

modules/youModule/client/config/youModule.client.routes.js中添加:

  function routeConfig($stateProvider) {
    $stateProvider
      .state('yourState', {
        abstract: true,
        url: '/requestoffwork',
        template: '<ui-view/>',
        data: {
          roles: ['user'], //here you must specify the roles as well
          pageTitle: 'requestoffwork'
        }
      })
    }

希望这有帮助。

相关问题
最新问题