stackoom
  简体   繁体   中英

User Authorization not working for Mean.JS

 原文  2016-07-19 13:23:02       javascript/ acl/ mean/ meanjs

Question

I'm using mean.js to let registered users access content. It's sort of working. I can change isAllowed to !isAllowed to let people see the content. The problem is that content is not authorized when the user logs in. The articles example works fine. But when I create my own section, logged in users can't access pages!

So basically if I log in, I get message: 'User is not authorized' if I try going to localhost:3000/requestoffwork

If I log in and change isAllowed to !isAllowed, I can access it 

'use strict';

/**
 * Module dependencies.
 */
var acl = require('acl');

// Using the memory backend
acl = new acl(new acl.memoryBackend());

/**
 * Invoke Articles Permissions
 */
exports.invokeRolesPolicies = function () {
  acl.allow([{
    roles: ['admin'],
    allows: [{
      resources: '/api/articles',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: '*'
    }]
  }, {
    roles: ['user'],
    allows: [{
      resources: '/requestoffwork',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }, {
    roles: ['guest'],
    allows: [{
      resources: '/api/articles',
      permissions: ['get']
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }]);
};

/**
 * Check If Articles Policy Allows
 */
exports.isAllowed = function (req, res, next) {
  var roles = (req.user) ? req.user.roles : ['guest'];

  // If an article is being processed and the current user created it then allow any manipulation
  if (req.article && req.user && req.article.user.id === req.user.id) {
    return next();
  }

  // Check for user roles
  acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
    if (err) {
      // An authorization error occurred.
      return res.status(500).send('Unexpected authorization error');
    } else {
      if (isAllowed) {
        // Access granted! Invoke next middleware
        return next();
      } else {
        return res.status(403).json({
          message: 'User is not authorized'
        });
      }
    }
  });
};

This is the route 

app.route('/requestoffwork').all(managementPolicy.isAllowed)
    .get(management.list)
    .post(management.submit);

And here's the data for the user 

{"_id":"5788fe46587a1c0b07a04078","displayName":"","provider":"local","__v":0,"created":"2016-07-15T15:16:22.625Z","roles":["user"],"profileImageURL":"modules/users/client/img/profile/default.png","email":"email@gmail.com","lastName":"","firstName":”"}

1 answers

solution1
 2  2016-08-02 11:41:13

Did you add the permissions to the client side routes ass well ?

In modules/youModule/client/config/youModule.client.routes.js add this: 

  function routeConfig($stateProvider) {
    $stateProvider
      .state('yourState', {
        abstract: true,
        url: '/requestoffwork',
        template: '<ui-view/>',
        data: {
          roles: ['user'], //here you must specify the roles as well
          pageTitle: 'requestoffwork'
        }
      })
    }

Hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Working with MEAN.JS users authorization Mean.js Query var not working MEAN.JS and angular bootstrap carousel not working MEAN.JS MissingSchemaError Mean.js authentication User specific calculated attibute in MEAN.js MongoDB query Mean.js not working. Could not connect to MongoDB Yeoman Mean.js generated custom AngularJS directive not working MEAN.js Social Sharing? No add article button in mean.js?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM