loopback __get__plural AUTHORIZATION_REQUIRED
loopback __get__plural AUTHORIZATION_REQUIRED
提问于 2016-09-26 08:25:22
Strongloop Loopback:
无法让__get__plural在与我的用户表的hasMany关系上工作。AUTHORIZATION_REQUIRED失败。
版本2.27.0
"relations": {
"transactions": {
"type": "hasMany",
"model": "transaction",
"foreignKey": "userId"
},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "__get__transactions"
},下面是跟踪信息:
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +1ms
loopback:security:access-context principals: [] +1ms
loopback:security:access-context modelName usr +1ms
loopback:security:access-context modelId 57e75c6f1bc42b97d177db78 +0ms
loopback:security:access-context property __findById__transactions +0ms
loopback:security:access-context method __findById__transactions +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "$anonymous" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() null +0ms
loopback:security:access-context isAuthenticated() false +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): $everyone +0ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: [] +0ms
loopback:security:access-context modelName usr +1ms
loopback:security:access-context modelId 57e75c6f1bc42b97d177db78 +0ms
loopback:security:access-context property __findById__transactions +0ms
loopback:security:access-context method __findById__transactions +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "$anonymous" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() null +0ms
loopback:security:access-context isAuthenticated() false +0ms
loopback:security:role Custom resolver found for role $everyone +0ms
loopback:security:role isInRole(): $owner +0ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: [] +0ms
loopback:security:access-context modelName usr +0ms
loopback:security:access-context modelId 57e75c6f1bc42b97d177db78 +1ms
loopback:security:access-context property __findById__transactions +0ms
loopback:security:access-context method __findById__transactions +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "$anonymous" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() null +0ms
loopback:security:access-context isAuthenticated() false +0ms
loopback:security:role Custom resolver found for role $owner +0ms
loopback:security:role isOwner(): usr 57e75c6f1bc42b97d177db78 userId: null +0ms
loopback:security:role isInRole(): admin +0ms
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: [] +0ms
loopback:security:access-context modelName usr +0ms
loopback:security:access-context modelId 57e75c6f1bc42b97d177db78 +0ms
loopback:security:access-context property __findById__transactions +1ms
loopback:security:access-context method __findById__transactions +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "$anonymous" +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() null +0ms
loopback:security:access-context isAuthenticated() false +0ms
loopback:security:role isInRole() returns: false +0ms
loopback:security:acl The following ACLs were searched: +2ms
loopback:security:acl ---ACL--- +1ms
loopback:security:acl model usr +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---ACL--- +0ms
loopback:security:acl model usr +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +0ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model usr +0ms
loopback:security:access-context property __findById__transactions +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context permission DENY +0ms
loopback:security:access-context isWildcard() false +0ms
loopback:security:access-context isAllowed() false +0ms回答 2
Stack Overflow用户
回答已采纳
发布于 2016-09-29 06:59:19
复数ACL中缺少此问题:
"principalType":“角色”
Stack Overflow用户
发布于 2016-09-27 22:18:12
ACL日志显示环回正在评估属性__findById__transactions的访问请求。
但是,在您的acls定义中,您允许访问属性__get__transactions。因此,将__get__transactions替换为__findById__transactions。
IMHO,远程方法的名称有时可能很棘手,而且相当不一致。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39693147
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号