Ich bin ziemlich neu in node.js/mlab und ich versuche, meine ACLs herauszufinden.MLab und Loopback ACL - Hat viele (POST)
Ich habe zwei Modelle, Songs und Accounts.
Ich habe eine Beziehung zwischen Konten und Songs erstellt, wo ein Konto viele Lieder hat, die Favoriten genannt werden.
"relations": {
"favorites": {
"type": "hasMany",
"model": "Song",
"foreignKey": ""
}
}
Die Art, wie ich meine ACL einrichten möchten ist, dass nur der Administrator neue Songs erstellen können, aber jeder, der authentifiziert wird, können Songs zu ihren Favoriten hinzufügen.
Ich habe einen Endpunkt (id = userId und es braucht auch einen Token):
/Accounts/{id}/favorites
Das Problem ist, wenn ich versuche zu diesem Endpunkt POST erhalte ich:
http://0.0.0.0:3000/api/Accounts/584e6ed148d44a6c1e53c1a3/favorites 401 (Unauthorized)
Für Songs, die aktuellen ACLs sind:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "administrator",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}]
für Konten, die aktuellen ACLs sind:
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "POST"
}
]
Ich habe es verfolgt:
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +2ms
loopback:security:access-context principals: +1ms
loopback:security:access-context principal: {"type":"USER","id":"584e6ed148d44a6c1e53c1a3"} +0ms
loopback:security:access-context modelName Account +1ms
loopback:security:access-context modelId 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context method __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "QD2gi3uUr7g07EN7NhCbeSeyKT4AEZGWUoQQB9V0siFzgBOiPM1WOAkLhvxHCQGq" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 584e6ed148d44a6c1e53c1a3 +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:acl The following ACLs were searched: +1ms
loopback:security:acl ---ACL--- +1ms
loopback:security:acl model Account +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model Account +0ms
loopback:security:access-context property __create__favorites +0ms
loopback:security:access-context accessType WRITE +0ms
loopback:security:access-context permission DENY +1ms
loopback:security:access-context isWildcard() false +0ms
loopback:security:access-context isAllowed() false +0ms
Vielen Dank!