[英]Meanjs Forbidden Error
I am a new bee in AngularJs,below is the policy code created by Meanjs yo generator ,for learning purpose have created a library management system ,The problem what i am facing is when i am testing my server code ie the API through browser URL...I am getting the result for http://localhost:3000/api/searchbooks/bookname/davincicode
as JSON
Object我是 AngularJs 中的新蜜蜂,下面是 Meanjs yo 生成器创建的策略代码,出于学习目的,我创建了一个库管理系统,我面临的问题是当我通过浏览器 URL 测试我的服务器代码时,即 API。 ..我得到了http://localhost:3000/api/searchbooks/bookname/davincicode
作为JSON
对象的结果
but for below url it's giving me {message: 'User is not authorized'}
但是对于下面的网址,它给了我{message: 'User is not authorized'}
http://localhost:3000/api/searchbooks/bookname/davincicode/bookName
exports.invokeRolesPolicies = function () {
acl.allow([
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName',
permissions: ['get']
}]
},
{
roles: ['user'],
allows: [{
resources: '/api/searchbooks/bookname',
permissions: ['get']
}, {
resources: '/api/searchbooks/bookname/:searchbookName/:action',
permissions: ['get']
}]
}
])};
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an Searchbook is being processed and the current user created it then allow any manipulation
if (req.searchbook && req.user && req.searchbook.user && req.searchbook.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
I checked my role it's going as user
only ,unable to find so specific question elsewhere pls help or provide some pointers.我检查了我的角色,它只能作为user
使用,无法在其他地方找到如此具体的问题,请帮助或提供一些指示。
I have got the issue made mistake in routing part : app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed) .get(searchbooks.read)
我在路由部分遇到了问题: app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed) .get(searchbooks.read)
Here in policy url its action
and i have to give actionValue
as the parameter name.在策略 url 中它的action
,我必须将actionValue
作为参数名称。
so passing incorrect parameter name was an issue..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.