我试图只允许书籍的所有者访问,但它不起作用。我有用户和书籍之间的关系。我已经看到关于loopback acl的每个问题,但我不知道我在哪里犯错误。这是我的启动文件
var User = app.models.userData;
User.create([
{username: 'John', email: 'john@doe.com', password: 'opensesame',bookId:""},
{username: 'Jane', email: 'jane@doe.com', password: 'opensesame',bookId:""},
{username: 'Bob', email: 'bob@projects.com', password: 'opensesame',bookId:""}
], function(err, users) {
if (err) throw err;
console.log('Created users:', users);
// create project 1 and make john the owner
console.log("This is users[0] " ,users[0].books);
users[0].books.create({
name: 'project1',
price: 100
}, function(err, project) {
if (err) throw err;
User.update({id:users[0].id},{bookId:project.id},function(err,docs){
if(err) throw err;
else{
console.log("Updated",docs);
}
});
console.log('Created project:', project);
})
users[1].books.create({
name: 'project2',
price: 100
}, function(err, project) {
if (err) throw err;
User.update({id:users[1].id},{bookId:project.id},function(err,docs){
if(err) throw err;
else{
console.log("Updated",docs);
}
});
});
});
这是我的usersData.json
"relations": {
"books": {
"type": "hasMany",
"model": "book",
"foreignKey": "ownerId"
}
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property":"findById"
}
这是我的books.json
"relations": {
"userData": {
"type": "belongsTo",
"model": "userData",
"foreignKey": "bookId"
}
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property":"findById"
}
],
我知道有很多与此相关的问题我已经看到了关于此的每一个问题但它没有用。感谢任何帮助。