用户授权不适用于Mean.JS
[英]User Authorization not working for Mean.JS
问题描述
I'm using mean.js to let registered users access content. 
我正在使用mean.js允许注册用户访问内容。 It's sort of working. 有点工作。 I can change isAllowed to !isAllowed to let people see the content. 我可以将isAllowed更改为!isAllowed以使人们看到内容。 The problem is that content is not authorized when the user logs in. The articles example works fine. 问题是用户登录时未授权内容。文章示例运行正常。 But when I create my own section, logged in users can't access pages! 但是,当我创建自己的版块时,登录的用户将无法访问页面!
So basically if I log in, I get message: 'User is not authorized' if I try going to localhost:3000/requestoffwork 因此,基本上,如果我登录,则收到消息:如果我尝试进入localhost:3000 / requestoffwork,则“用户未被授权”
If I log in and change isAllowed to !isAllowed, I can access it 如果我登录并且将isAllowed更改为!isAllowed,则可以访问它
'use strict';
/**
* Module dependencies.
*/
var acl = require('acl');
// Using the memory backend
acl = new acl(new acl.memoryBackend());
/**
* Invoke Articles Permissions
*/
exports.invokeRolesPolicies = function () {
acl.allow([{
roles: ['admin'],
allows: [{
resources: '/api/articles',
permissions: '*'
}, {
resources: '/api/articles/:articleId',
permissions: '*'
}]
}, {
roles: ['user'],
allows: [{
resources: '/requestoffwork',
permissions: '*'
}, {
resources: '/api/articles/:articleId',
permissions: ['get']
}]
}, {
roles: ['guest'],
allows: [{
resources: '/api/articles',
permissions: ['get']
}, {
resources: '/api/articles/:articleId',
permissions: ['get']
}]
}]);
};
/**
* Check If Articles Policy Allows
*/
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an article is being processed and the current user created it then allow any manipulation
if (req.article && req.user && req.article.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred.
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
This is the route 这是路线
app.route('/requestoffwork').all(managementPolicy.isAllowed)
.get(management.list)
.post(management.submit);
And here's the data for the user 这是用户的数据
{"_id":"5788fe46587a1c0b07a04078","displayName":"","provider":"local","__v":0,"created":"2016-07-15T15:16:22.625Z","roles":["user"],"profileImageURL":"modules/users/client/img/profile/default.png","email":"email@gmail.com","lastName":"","firstName":”"}
1 个解决方案
解决方案1
2 2016-08-02 11:41:13
Did you add the permissions to the client side routes ass well ? 您是否已将权限添加到客户端路由资产?
In modules/youModule/client/config/youModule.client.routes.js add this: 在modules/youModule/client/config/youModule.client.routes.js添加以下内容:
function routeConfig($stateProvider) {
$stateProvider
.state('yourState', {
abstract: true,
url: '/requestoffwork',
template: '<ui-view/>',
data: {
roles: ['user'], //here you must specify the roles as well
pageTitle: 'requestoffwork'
}
})
}
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.