MLab und Loopback ACL - Hat viele (POST)

Question

Ich bin ziemlich neu in node.js/mlab und ich versuche, meine ACLs herauszufinden.

Ich habe zwei Modelle, Songs und Accounts.

Ich habe eine Beziehung zwischen Konten und Songs erstellt, wo ein Konto viele Lieder hat, die Favoriten genannt werden.

"relations": { 
    "favorites": { 
    "type": "hasMany", 
    "model": "Song", 
    "foreignKey": "" 
    } 
} 

Die Art, wie ich meine ACL einrichten möchten ist, dass nur der Administrator neue Songs erstellen können, aber jeder, der authentifiziert wird, können Songs zu ihren Favoriten hinzufügen.

Ich habe einen Endpunkt (id = userId und es braucht auch einen Token):

/Accounts/{id}/favorites 

Das Problem ist, wenn ich versuche zu diesem Endpunkt POST erhalte ich:

http://0.0.0.0:3000/api/Accounts/584e6ed148d44a6c1e53c1a3/favorites 401 (Unauthorized) 

Für Songs, die aktuellen ACLs sind:

"acls": [ 
    { 
     "accessType": "*", 
     "principalType": "ROLE", 
     "principalId": "administrator", 
     "permission": "ALLOW" 
    }, 
    { 
     "accessType": "*", 
     "principalType": "ROLE", 
     "principalId": "$everyone", 
     "permission": "DENY" 
    }, 
    { 
     "accessType": "READ", 
     "principalType": "ROLE", 
     "principalId": "$everyone", 
     "permission": "ALLOW" 
    }] 

für Konten, die aktuellen ACLs sind:

"acls": [ 
    { 
     "accessType": "EXECUTE", 
     "principalType": "ROLE", 
     "principalId": "$authenticated", 
     "permission": "ALLOW", 
     "property": "POST" 
    } 
    ] 

Ich habe es verfolgt:

loopback:security:role isInRole(): $everyone +0ms 
    loopback:security:access-context ---AccessContext--- +2ms 
    loopback:security:access-context principals: +1ms 
    loopback:security:access-context principal: {"type":"USER","id":"584e6ed148d44a6c1e53c1a3"} +0ms 
    loopback:security:access-context modelName Account +1ms 
    loopback:security:access-context modelId 584e6ed148d44a6c1e53c1a3 +0ms 
    loopback:security:access-context property __create__favorites +0ms 
    loopback:security:access-context method __create__favorites +0ms 
    loopback:security:access-context accessType WRITE +0ms 
    loopback:security:access-context accessToken: +0ms 
    loopback:security:access-context id "QD2gi3uUr7g07EN7NhCbeSeyKT4AEZGWUoQQB9V0siFzgBOiPM1WOAkLhvxHCQGq" +0ms 
    loopback:security:access-context ttl 1209600 +0ms 
    loopback:security:access-context getUserId() 584e6ed148d44a6c1e53c1a3 +0ms 
    loopback:security:access-context isAuthenticated() true +0ms 
    loopback:security:role Custom resolver found for role $everyone +0ms 
    loopback:security:acl The following ACLs were searched: +1ms 
    loopback:security:acl ---ACL--- +1ms 
    loopback:security:acl model Account +0ms 
    loopback:security:acl property * +0ms 
    loopback:security:acl principalType ROLE +0ms 
    loopback:security:acl principalId $everyone +0ms 
    loopback:security:acl accessType * +0ms 
    loopback:security:acl permission DENY +0ms 
    loopback:security:acl with score: +0ms 7495 
    loopback:security:acl ---Resolved--- +0ms 
    loopback:security:access-context ---AccessRequest--- +0ms 
    loopback:security:access-context model Account +0ms 
    loopback:security:access-context property __create__favorites +0ms 
    loopback:security:access-context accessType WRITE +0ms 
    loopback:security:access-context permission DENY +1ms 
    loopback:security:access-context isWildcard() false +0ms 
    loopback:security:access-context isAllowed() false +0ms 

Vielen Dank!

Answer 1

Verstanden! Muß den Zugriff für bestimmte Eigenschaften einstellen, da standardmäßig der Zugriff verweigert wird.

{ 
     "accessType": "EXECUTE", 
     "principalType": "ROLE", 
     "principalId": "$owner", 
     "permission": "ALLOW", 
     "property": "__create__favorites" 
    }, 
    { 
     "accessType": "EXECUTE", 
     "principalType": "ROLE", 
     "principalId": "$owner", 
     "permission": "ALLOW", 
     "property": "__get__favorites" 
    }