环回3.自定义角色无效

时间:2017-03-22 20:52:55

标签: mongodb loopbackjs

我有一个Client模型,它继承了内置的User模型。我创建了一个自定义角色admin,并为Client模型使用该角色定义了两个ACL:

{
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "find"
},
{
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "findById"
}

当我尝试GET /api/Clients

时,我得到了401

对可能发生的事情的任何想法?非常感谢任何帮助。

Loopback 3.5v,MongoDB

用户/角色/映射代码:

Client.create({
    username: 'billyadmin@mail.com',
    email: 'billyadmin@mail.com',
    password: 'admin123'
}).then(function(user) {
    Role.create({
        name: 'admin'
    }, function(createRoleError, createRole) {
        createRole.principals.create({
            principalType: RoleMapping.USER,
            principalId: user.id
        });
    });
});

MongoDB数据:

> db.Client.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfc"), "username" : "billyadmin@mail.com", "password" : "$2a$10$zQrgeFq.pFZNmJOPywE/8uY9PjurwfzyAHbBESgkTccx6pZnFrZR2", "email" : "billyadmin@mail.com" }

> db.Role.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfd"), "name" : "admin", "created" : ISODate("2017-03-22T14:49:42.899Z"), "modified" : ISODate("2017-03-22T14:49:42.899Z") }

> db.RoleMapping.find()
{ "_id" : ObjectId("58d28f0690c08512b03c9dfe"), "principalType" : "USER", "principalId" : "58d28f0690c08512b03c9dfc", "roleId" : ObjectId("58d28f0690c08512b03c9dfd") }

环回调试信息:

loopback:security:role isInRole(): $everyone +1m
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +5ms
loopback:security:access-context principal: {"type":"USER","id":"58d28f0690c08512b03c9dfc"} +1ms
loopback:security:access-context modelName Client +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property find +1ms
loopback:security:access-context method find +0ms
loopback:security:access-context accessType READ +1ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context   id "1od20VFnZNqW0i0PblSqpJpxDvpfJEBYeXi9AxM9twj5EqkH4xZ6ET7J9thHT982" +1m

loopback:security:access-context   ttl 1209600 +1ms
loopback:security:access-context getUserId() 58d28f0690c08512b03c9dfc +0ms
loopback:security:access-context isAuthenticated() true +2ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): admin +1ms
loopback:security:access-context ---AccessContext--- +2ms
loopback:security:access-context principals: +0ms
loopback:security:access-context principal: {"type":"USER","id":"58d28f0690c08512b03c9dfc"} +2ms
loopback:security:access-context modelName Client +1ms
loopback:security:access-context modelId undefined +1ms
loopback:security:access-context property find +1ms
loopback:security:access-context method find +0ms
loopback:security:access-context accessType READ +1ms
loopback:security:access-context accessToken: +1ms
loopback:security:access-context   id "1od20VFnZNqW0i0PblSqpJpxDvpfJEBYeXi9AxM9twj5EqkH4xZ6ET7J9thHT982" +4m

loopback:security:access-context   ttl 1209600 +2ms
loopback:security:access-context getUserId() 58d28f0690c08512b03c9dfc +2ms
loopback:security:access-context isAuthenticated() true +1ms
loopback:security:role Role found: {"id":"58d28f0690c08512b03c9dfd","name":"admin","created":"2017-03-22T14:
:42.899Z","modified":"2017-03-22T14:49:42.899Z"} +3ms
loopback:security:role Role mapping found: null +22ms
loopback:security:role isInRole() returns: null +2ms
loopback:security:acl The following ACLs were searched:  +2ms
loopback:security:acl ---ACL--- +2ms
loopback:security:acl model Client +1ms
loopback:security:acl property * +1ms
loopback:security:acl principalType ROLE +2ms
loopback:security:acl principalId $everyone +2ms
loopback:security:acl accessType * +1ms
loopback:security:acl permission DENY +2ms
loopback:security:acl with score: +1ms 7495
loopback:security:acl ---Resolved--- +2ms
loopback:security:access-context ---AccessRequest--- +2ms
loopback:security:access-context  model Client +1ms
loopback:security:access-context  property find +1ms
loopback:security:access-context  accessType READ +2ms
loopback:security:access-context  permission DENY +2ms
loopback:security:access-context  isWildcard() false +1ms
loopback:security:access-context  isAllowed() false +3ms

1 个答案:

答案 0 :(得分:7)

您的rolemapping principalId是作为字符串而不是ObjectId插入的,我认为这会导致问题。您应该启用strictObjectIDCoercion

在启动脚本中使用此功能:

app.models.RoleMapping.settings.strictObjectIDCoercion = true;

或将其添加到server/model-config.json

{
  "RoleMapping": {
    "dataSource": "db",
    "options": {
      "strictObjectIDCoercion": true
    },
    "public": false
  }
}