MLab 和环回 ACL - 有很多 (POST)
MLab and Loopback ACL - Has many (POST)
我是 node 的新手。js/mlab 我正在尝试找出我的 ACL。
我有两个模型,歌曲和帐户。
我在帐户和歌曲之间创建了一个关系,其中一个帐户有很多歌曲,称为收藏夹。
"relations": {
"favorites": {
"type": "hasMany",
"model": "Song",
"foreignKey": ""
}
}
我希望我的 ACL 设置方式是只有管理员可以创建新歌曲,但任何经过身份验证的人都可以将歌曲添加到他们的收藏夹。
我有一个端点(id = userId,它也需要一个令牌):
/Accounts/{id}/favorites
问题是,每当我尝试 POST 到此端点时,我都会得到:
http://0.0.0.0:3000/api/Accounts/584e6ed148d44a6c1e53c1a3/favorites 401 (Unauthorized)
对于歌曲,当前的 ACL 是:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "administrator",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}]
对于帐户,当前的 ACL 是:
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "POST"
}
]
我查到了:
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +2ms
loopback:security:access-context principals: +1ms
loopback:security:access-context principal: {"type":"USER","id":"584e6ed148d44a6c1e53c1a3"} +0ms
loopback:security:access-context modelName Account +1ms
loopback:security:access-context modelId 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context method __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "QD2gi3uUr7g07EN7NhCbeSeyKT4AEZGWUoQQB9V0siFzgBOiPM1WOAkLhvxHCQGq" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:acl The following ACLs were searched: +1ms
loopback:security:acl ---ACL--- +1ms
loopback:security:acl model Account +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model Account +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context permission DENY +1ms
loopback:security:access-context isWildcard() false +0ms
loopback:security:access-context isAllowed() false +0ms
谢谢!
知道了!必须为特定 属性 设置访问权限,因为默认设置为拒绝访问。
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__create__favorites"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__get__favorites"
}
我是 node 的新手。js/mlab 我正在尝试找出我的 ACL。
我有两个模型,歌曲和帐户。
我在帐户和歌曲之间创建了一个关系,其中一个帐户有很多歌曲,称为收藏夹。
"relations": {
"favorites": {
"type": "hasMany",
"model": "Song",
"foreignKey": ""
}
}
我希望我的 ACL 设置方式是只有管理员可以创建新歌曲,但任何经过身份验证的人都可以将歌曲添加到他们的收藏夹。
我有一个端点(id = userId,它也需要一个令牌):
/Accounts/{id}/favorites
问题是,每当我尝试 POST 到此端点时,我都会得到:
http://0.0.0.0:3000/api/Accounts/584e6ed148d44a6c1e53c1a3/favorites 401 (Unauthorized)
对于歌曲,当前的 ACL 是:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "administrator",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}]
对于帐户,当前的 ACL 是:
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "POST"
}
]
我查到了:
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +2ms
loopback:security:access-context principals: +1ms
loopback:security:access-context principal: {"type":"USER","id":"584e6ed148d44a6c1e53c1a3"} +0ms
loopback:security:access-context modelName Account +1ms
loopback:security:access-context modelId 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context method __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "QD2gi3uUr7g07EN7NhCbeSeyKT4AEZGWUoQQB9V0siFzgBOiPM1WOAkLhvxHCQGq" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:acl The following ACLs were searched: +1ms
loopback:security:acl ---ACL--- +1ms
loopback:security:acl model Account +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model Account +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context permission DENY +1ms
loopback:security:access-context isWildcard() false +0ms
loopback:security:access-context isAllowed() false +0ms
谢谢!
知道了!必须为特定 属性 设置访问权限,因为默认设置为拒绝访问。
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__create__favorites"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "__get__favorites"
}