伙计们,我有时会访问我的meanjs应用程序。它有时会起作用,但在其他时候我只是“未获得此资源的授权”。关于为什么我的身份验证有时失败的任何想法。
'use strict';
/**
* Module dependencies
*/
var acl = require('acl');
// Using the memory backend
acl = new acl(new acl.memoryBackend());
/**
* Invoke Admin Permissions
*/
exports.invokeRolesPolicies = function () {
acl.allow([{
roles: ['admin'],
allows: [{
resources: '/api/users',
permissions: '*'
}, {
resources: '/api/users/:userId',
permissions: '*'
}]
}, {
roles: ['user'],
allows: [{
resources: '/api/users',
permissions: ['get', 'post']
}, {
resources: '/api/users/:userId',
permissions: ['get']
}]
}]);
};
/**
* Check If Admin Policy Allows
*/
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
这是用于访问应用程序的策略。