堆栈内存溢出
  繁体   English   中英

用户授权不适用于Mean.JS

[英]User Authorization not working for Mean.JS

 原文  2016-07-19 13:23:02       javascript/ acl/ mean/ meanjs

问题描述

我正在使用mean.js允许注册用户访问内容。 有点工作。 我可以将isAllowed更改为!isAllowed以使人们看到内容。 问题是用户登录时未授权内容。文章示例运行正常。 但是,当我创建自己的版块时,登录的用户将无法访问页面!

因此,基本上,如果我登录,则收到消息:如果我尝试进入localhost:3000 / requestoffwork,则“用户未被授权”

如果我登录并且将isAllowed更改为!isAllowed,则可以访问它 

'use strict';

/**
 * Module dependencies.
 */
var acl = require('acl');

// Using the memory backend
acl = new acl(new acl.memoryBackend());

/**
 * Invoke Articles Permissions
 */
exports.invokeRolesPolicies = function () {
  acl.allow([{
    roles: ['admin'],
    allows: [{
      resources: '/api/articles',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: '*'
    }]
  }, {
    roles: ['user'],
    allows: [{
      resources: '/requestoffwork',
      permissions: '*'
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }, {
    roles: ['guest'],
    allows: [{
      resources: '/api/articles',
      permissions: ['get']
    }, {
      resources: '/api/articles/:articleId',
      permissions: ['get']
    }]
  }]);
};

/**
 * Check If Articles Policy Allows
 */
exports.isAllowed = function (req, res, next) {
  var roles = (req.user) ? req.user.roles : ['guest'];

  // If an article is being processed and the current user created it then allow any manipulation
  if (req.article && req.user && req.article.user.id === req.user.id) {
    return next();
  }

  // Check for user roles
  acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
    if (err) {
      // An authorization error occurred.
      return res.status(500).send('Unexpected authorization error');
    } else {
      if (isAllowed) {
        // Access granted! Invoke next middleware
        return next();
      } else {
        return res.status(403).json({
          message: 'User is not authorized'
        });
      }
    }
  });
};

这是路线 

app.route('/requestoffwork').all(managementPolicy.isAllowed)
    .get(management.list)
    .post(management.submit);

这是用户的数据 

{"_id":"5788fe46587a1c0b07a04078","displayName":"","provider":"local","__v":0,"created":"2016-07-15T15:16:22.625Z","roles":["user"],"profileImageURL":"modules/users/client/img/profile/default.png","email":"email@gmail.com","lastName":"","firstName":”"}

1 个解决方案

解决方案1
 2  2016-08-02 11:41:13

您是否已将权限添加到客户端路由资产?

modules/youModule/client/config/youModule.client.routes.js添加以下内容: 

  function routeConfig($stateProvider) {
    $stateProvider
      .state('yourState', {
        abstract: true,
        url: '/requestoffwork',
        template: '<ui-view/>',
        data: {
          roles: ['user'], //here you must specify the roles as well
          pageTitle: 'requestoffwork'
        }
      })
    }

希望这可以帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用MEAN.JS用户授权 Mean.js查询var无效 MEAN.JS和角度自举旋转木马不工作 MEAN.JS MissingSchemaError Mean.js身份验证 MEAN.js MongoDB查询中特定于用户的计算出的服装 Mean.js无法正常工作。 无法连接到MongoDB Yeoman Mean.js生成的自定义AngularJS指令不起作用 MEAN.js社交分享? mean.js 中没有添加文章按钮?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM