Meanjs 禁止错误
Meanjs Forbidden Error
我是AngularJs的新蜜蜂,下面是Meanjs yo generator创建的策略代码,为了学习目的创建了一个图书馆管理系统,我面临的问题是当我测试我的服务器代码,即 API 通过浏览器 URL...我得到的结果是
http://localhost:3000/api/searchbooks/bookname/davincicode
作为 JSON
对象
但对于 url 以下,它给了我 {message: 'User is not authorized'}
http://localhost:3000/api/searchbooks/bookname/davincicode/bookName
exports.invokeRolesPolicies = function () {
acl.allow([
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName',
permissions: ['get']
}]
},
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks/bookname',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName/:action',
permissions: ['get']
}]
}
])};
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an Searchbook is being processed and the current user created it then allow any manipulation
if (req.searchbook && req.user && req.searchbook.user && req.searchbook.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
我检查了我的角色,它只是 user
,无法在其他地方找到如此具体的问题,请帮助或提供一些指示。
我在路由部分遇到了问题:
app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed)
.get(searchbooks.read)
在策略 url 中,它的 action
我必须给出 actionValue
作为参数名称。
so passing incorrect parameter name was an issue..
我是AngularJs的新蜜蜂,下面是Meanjs yo generator创建的策略代码,为了学习目的创建了一个图书馆管理系统,我面临的问题是当我测试我的服务器代码,即 API 通过浏览器 URL...我得到的结果是
http://localhost:3000/api/searchbooks/bookname/davincicode
作为 JSON
对象
但对于 url 以下,它给了我 {message: 'User is not authorized'}
http://localhost:3000/api/searchbooks/bookname/davincicode/bookName
exports.invokeRolesPolicies = function () {
acl.allow([
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName',
permissions: ['get']
}]
},
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks/bookname',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName/:action',
permissions: ['get']
}]
}
])};
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an Searchbook is being processed and the current user created it then allow any manipulation
if (req.searchbook && req.user && req.searchbook.user && req.searchbook.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
我检查了我的角色,它只是 user
,无法在其他地方找到如此具体的问题,请帮助或提供一些指示。
我在路由部分遇到了问题:
app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed)
.get(searchbooks.read)
在策略 url 中,它的 action
我必须给出 actionValue
作为参数名称。
so passing incorrect parameter name was an issue..