節點ACL的Mongodb后端始終返回False
[英]Mongodb Backend for Node ACL Always Returning False
問題描述
我目前正在嘗試實現在Mean.JS(v0.4.2)應用程序中找到的Node ACL模塊: https ://www.npmjs.com/package/acl。
默認情況下,Mean.JS使用“ memoryBackend”,該功能對大多數情況都適用,但是我想使用戶角色/權限可以從瀏覽器動態設置。
我正在數據庫中獲取ACL定義的列表,這些列表似乎是正確的,但是在嘗試回讀權限時
我首先在應用程序中包含“ acl”模塊,打開與數據庫的連接,然后定義我的角色/訪問權限。
// https://www.npmjs.com/package/acl
var acl = require('acl');
var ACL_PREFIX = 'acl_';
var _ACL = new acl(new acl.mongodbBackend(mongoose.connection.db, ACL_PREFIX));
// Some Sample ACL Definitions
var default_acl = [
{
role: 'technician',
resources: ['workorders'],
permissions: ['view']
},
{
role: 'sales',
resources: ['workorders'],
permissions: ['add', 'edit', 'view', 'delete'],
},
{
role: 'superadmin',
resources: ['workorders'],
permissions: ['*']
}
];
現在,通過遍歷不同的ACL項來添加它們。 (我也嘗試過一次全部添加)
// Iterate Over each ACL Entry, I've also tried adding them all at once, eg: _ACL.allow(default_acl)
async.forEachSeries(default_acl, function (aclEntry, nextEntry) {
console.log("Giving the '%s' role access to %s [%s]",
aclEntry.role, aclEntry.resources.join(', '), aclEntry.permissions.join(', ')
);
// Next Entry is the Callback to next item in the default_acl list.
_ACL.allow(aclEntry.role, aclEntry.resources, aclEntry.permissions, nextEntry)
}, function (doneDefiningACL) {
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
// Check Each role with 'allowedPermissions'
_ACL.allowedPermissions(currentRole, 'workorders', function (err, permissions) {
if(err) {
console.log("ERROR: %s", err);
}
console.log("\n-> Current Role: %s \n-> Permissions: %s\n",
currentRole, util.inspect(permissions)
);
async.forEachSeries(['add', 'edit', 'view', 'delete'], function (action, nextAction) {
// Check Each Role with '.isAllowed'
_ACL.isAllowed(currentRole, 'workorders', action, function (err, canAccess) {
console.log("--> %s can '%s' workorders: %s", currentRole, action, util.inspect(canAccess));
nextAction();
});
}, function (doneCheckingAllActions) {
nextRole();
});
});
}, function (doneAllRoles) {
console.log("\n\nDone Generating ACL");
});
});
運行時將產生以下輸出:
Giving the 'technician' role access to workorders [view]
Giving the 'sales' role access to workorders [add, edit, view, delete]
Giving the 'superadmin' role access to workorders [*]
-> Current Role: technician
-> Permissions: { workorders: [] }
--> technician can 'add' workorders: false
--> technician can 'edit' workorders: false
--> technician can 'view' workorders: false
--> technician can 'delete' workorders: false
-> Current Role: sales
-> Permissions: { workorders: [] }
--> sales can 'add' workorders: false
--> sales can 'edit' workorders: false
--> sales can 'view' workorders: false
--> sales can 'delete' workorders: false
-> Current Role: superadmin
-> Permissions: { workorders: [] }
--> superadmin can 'add' workorders: false
--> superadmin can 'edit' workorders: false
--> superadmin can 'view' workorders: false
--> superadmin can 'delete' workorders: false
Done Generating ACL
如果我去看一下MongoDB數據庫,可以看到已經生成了3個集合:
// acl_meta collection:
> db.acl_meta.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e2"), "key" : "roles", "technician" : true, "sales" : true, "superadmin" : true }
// acl_resources collection:
> db.acl_resources.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e4"), "key" : "technician", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e6"), "key" : "sales", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e8"), "key" : "superadmin", "workorders" : true }
// acl_allows_workorders collection:
> db.acl_allows_workorders.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e3"), "key" : "technician", "view" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e5"), "key" : "sales", "add" : true, "edit" : true, "view" : true, "delete" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e7"), "key" : "superadmin", "*" : true }
這些似乎已經正確構建,但是無論什么角色或正在檢查操作,權限仍然返回false。
更新 .whatResources()函數似乎正在返回給定角色可以正確訪問的資源,但是.isAllowed()和.allowedPermisions()函數為何不起作用仍然是一個謎。
例如:
console.log("\n\nChecking What Resources Each Role Has Access To...");
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
_ACL.whatResources(currentRole, function (err, resources) {
if(err) {
console.log("ERROR: %s", err);
} else {
console.log("\n-> %s's Have Access to The Following Resources: \n%s", currentRole, util.inspect(resources) );
nextRole();
}
});
}, function (doneCheckingWhatPermissionsEachRoleHas) {
console.log("\n\nDone Testing ACL");
});
將輸出以下輸出:
Checking What Resources Each Role Has Access To...
-> technician's Have Access to The Following Resources:
{ workorders: [ 'view' ] }
-> sales's Have Access to The Following Resources:
{ workorders: [ 'add', 'edit', 'view', 'delete' ] }
-> superadmin's Have Access to The Following Resources:
{ workorders: [ '*' ] }
Done Testing ACL
我想使用'isAllowed'和'allowedPermissions'使它工作,因為要將其更改為使用'whatResources',需要從MeanJS中的原始“ memoryBackend”實現中重構所有ACL策略配置。
有什么建議么?
1 個解決方案
解決方案1
0 2016-10-10 07:57:35
在您的代碼中,我沒有看到您使用函數addUserRoles(userId,roleId,function(err))。 也許是原因導致返回false。 我一直都一樣,你可以在這里閱讀
希望對你有幫助。
Node-acl 方法“isAllowed”總是意外返回 false
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.