我是AngularJs中的新蜜蜂,下面是由Meanjs yo生成器创建的策略代码,为了学习目的创建了一个库管理系统,我面临的问题是当我测试我的服务器代码时,即通过API浏览器URL ...我得到了结果
http://localhost:3000/api/searchbooks/bookname/davincicode为JSON对象
但对于以下网址,它会给我{message: 'User is not authorized'}
http://localhost:3000/api/searchbooks/bookname/davincicode/bookName
exports.invokeRolesPolicies = function () {
acl.allow([
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName',
permissions: ['get']
}]
},
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks/bookname',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName/:action',
permissions: ['get']
}]
}
])};
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an Searchbook is being processed and the current user created it then allow any manipulation
if (req.searchbook && req.user && req.searchbook.user && req.searchbook.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
我检查了我的角色它只是user,无法在其他地方找到如此具体的问题请帮助或提供一些指示。
答案 0 :(得分:1)
我在路由部分遇到了问题:
app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed)
.get(searchbooks.read)
在政策网址中action,我必须提供actionValue作为参数名称。
so passing incorrect parameter name was an issue..