我目前正在尝试在Mean.JS(v0.4.2)应用程序中实现此处的节点ACL模块:https://www.npmjs.com/package/acl。
默认情况下,Mean.JS使用' memoryBackend'这适用于大多数事情,但我想从浏览器动态设置用户角色/权限。
我在数据库中获取了一个ACL定义列表,出现是正确的,但在尝试回读权限时
我首先加入了' acl'我的应用程序中的模块,打开与数据库的连接,并定义我的角色/访问权。
// https://www.npmjs.com/package/acl
var acl = require('acl');
var ACL_PREFIX = 'acl_';
var _ACL = new acl(new acl.mongodbBackend(mongoose.connection.db, ACL_PREFIX));
// Some Sample ACL Definitions
var default_acl = [
{
role: 'technician',
resources: ['workorders'],
permissions: ['view']
},
{
role: 'sales',
resources: ['workorders'],
permissions: ['add', 'edit', 'view', 'delete'],
},
{
role: 'superadmin',
resources: ['workorders'],
permissions: ['*']
}
];
我现在通过迭代不同的ACL项来添加它们。 (我也尝试过立即添加它们)
// Iterate Over each ACL Entry, I've also tried adding them all at once, eg: _ACL.allow(default_acl)
async.forEachSeries(default_acl, function (aclEntry, nextEntry) {
console.log("Giving the '%s' role access to %s [%s]",
aclEntry.role, aclEntry.resources.join(', '), aclEntry.permissions.join(', ')
);
// Next Entry is the Callback to next item in the default_acl list.
_ACL.allow(aclEntry.role, aclEntry.resources, aclEntry.permissions, nextEntry)
}, function (doneDefiningACL) {
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
// Check Each role with 'allowedPermissions'
_ACL.allowedPermissions(currentRole, 'workorders', function (err, permissions) {
if(err) {
console.log("ERROR: %s", err);
}
console.log("\n-> Current Role: %s \n-> Permissions: %s\n",
currentRole, util.inspect(permissions)
);
async.forEachSeries(['add', 'edit', 'view', 'delete'], function (action, nextAction) {
// Check Each Role with '.isAllowed'
_ACL.isAllowed(currentRole, 'workorders', action, function (err, canAccess) {
console.log("--> %s can '%s' workorders: %s", currentRole, action, util.inspect(canAccess));
nextAction();
});
}, function (doneCheckingAllActions) {
nextRole();
});
});
}, function (doneAllRoles) {
console.log("\n\nDone Generating ACL");
});
});
运行时会产生以下输出:
Giving the 'technician' role access to workorders [view]
Giving the 'sales' role access to workorders [add, edit, view, delete]
Giving the 'superadmin' role access to workorders [*]
-> Current Role: technician
-> Permissions: { workorders: [] }
--> technician can 'add' workorders: false
--> technician can 'edit' workorders: false
--> technician can 'view' workorders: false
--> technician can 'delete' workorders: false
-> Current Role: sales
-> Permissions: { workorders: [] }
--> sales can 'add' workorders: false
--> sales can 'edit' workorders: false
--> sales can 'view' workorders: false
--> sales can 'delete' workorders: false
-> Current Role: superadmin
-> Permissions: { workorders: [] }
--> superadmin can 'add' workorders: false
--> superadmin can 'edit' workorders: false
--> superadmin can 'view' workorders: false
--> superadmin can 'delete' workorders: false
Done Generating ACL
如果我去看看MongoDB数据库,我可以看到我已经生成了3个集合:
// acl_meta collection:
> db.acl_meta.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e2"), "key" : "roles", "technician" : true, "sales" : true, "superadmin" : true }
// acl_resources collection:
> db.acl_resources.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e4"), "key" : "technician", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e6"), "key" : "sales", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e8"), "key" : "superadmin", "workorders" : true }
// acl_allows_workorders collection:
> db.acl_allows_workorders.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e3"), "key" : "technician", "view" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e5"), "key" : "sales", "add" : true, "edit" : true, "view" : true, "delete" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e7"), "key" : "superadmin", "*" : true }
这些似乎已正确构建,但无论检查什么角色或操作,权限仍然返回false。
更新 .whatResources()函数似乎正在返回给定角色可以正确访问的资源,但为什么.isAllowed()和.allowedPermisions()函数不起作用仍然是个谜。
例如:
console.log("\n\nChecking What Resources Each Role Has Access To...");
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
_ACL.whatResources(currentRole, function (err, resources) {
if(err) {
console.log("ERROR: %s", err);
} else {
console.log("\n-> %s's Have Access to The Following Resources: \n%s", currentRole, util.inspect(resources) );
nextRole();
}
});
}, function (doneCheckingWhatPermissionsEachRoleHas) {
console.log("\n\nDone Testing ACL");
});
将打印以下输出:
Checking What Resources Each Role Has Access To...
-> technician's Have Access to The Following Resources:
{ workorders: [ 'view' ] }
-> sales's Have Access to The Following Resources:
{ workorders: [ 'add', 'edit', 'view', 'delete' ] }
-> superadmin's Have Access to The Following Resources:
{ workorders: [ '*' ] }
Done Testing ACL
我希望使用' isAllowed'和' allowedPermissions',将此更改为使用' whatResources'需要重构原始' memoryBackend'中的所有ACL策略配置。在MeanJS中实现。
有什么建议吗?
答案 0 :(得分:0)
在你的代码中,我没有看到你使用addUserRoles函数(userId,roleId,function(err))。也许它的原因是错误的。我一直都这样,你可以阅读here
希望能帮到你。