ACL与loopback.io的麻烦 [英] ACL troubles with loopback.io

查看:62
本文介绍了ACL与loopback.io的麻烦的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在评估loopback.io以开发新项目的API部分,并且在设置正确的ACL条目时遇到问题.

I'm currently evaluating loopback.io for developing the API portion of a new project, and I'm having problems with setting the correct ACL entries.

我希望完成的工作得到了一个auth令牌,GET端点应该只返回用户拥有的对象.例如,对/Shows?access_token = xxxxxx的请求应仅返回用户拥有的对象.

What I wish to accomplish is given an auth token, the GET endpoints should only return objects owned by the user. For example, a request to /Shows?access_token=xxxxxx should return only objects owned by the user.

下面是我的shows.json文件,我的用户模型名为Podcaster.任何帮助将不胜感激.

Below is my shows.json file, and my User model is named Podcaster. Any help would be appreciated.

{
  "name": "Show",
  "base": "PersistedModel",
  "idInjection": true,
  "options": {
    "validateUpsert": true
  },
  "properties": {
    "title": {
      "type": "string",
      "required": true
    },
    "description": {
      "type": "string"
    }
  },
  "validations": [],
  "relations": {
    "episodes": {
      "type": "hasMany",
      "model": "Episode",
      "foreignKey": ""
    },
    "podcaster": {
      "type": "belongsTo",
      "model": "Podcaster",
      "foreignKey": ""
    }
  },
  "acls": [
    {
      "accessType": "WRITE",
      "principalType": "ROLE",
      "principalId": "$authenticated",
      "permission": "ALLOW",
      "property": "create"
    },
    {
      "accessType": "*",
      "principalType": "ROLE",
      "principalId": "$owner",
      "permission": "ALLOW"
    },
    {
      "accessType": "*",
      "principalType": "ROLE",
      "principalId": "$everyone",
      "permission": "DENY"
    }
  ],
  "methods": {}
}

推荐答案

它与ACL无关.

您想要更改方法的业务逻辑.因此,最佳做法是创建一种新方法来获取当前用户拥有的节目.

You want to change the business logic of the method. So the best practice is that you create a new method for getting shows owning by current user.

如果要使用当前的owner ACI,则需要在usershow之间创建关系,并在show模型中设置ownerId.

If you want to work your current owner ACl, you need to create a relation between user and show, and set ownerId in the show model.

  {
      "name": "Show",
      "base": "PersistedModel",
      "idInjection": true,
      "options": {
        "validateUpsert": true
      },
      "properties": {
        "title": {
          "type": "string",
          "required": true
        },
        "description": {
          "type": "string"
        },
        "description": {
          "type": "string"
        }
        "ownerId": {
          "type": "object"
        }

      },
      "validations": [],
      "relations": {
        "owner": {
          "type": "belongsTo",
          "model": "user",
          "foreignKey": "ownerId"
        },
....

这篇关于ACL与loopback.io的麻烦的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆