我目前正试图实现在这里找到的节点ACL模块:https://www.npmjs.com/package/acl在Mean.JS (v0.4.2)应用程序。
默认情况下,Mean.JS使用'memoryBackend',这对大多数事情都很好,但是我想让用户角色/权限从浏览器动态设置。
我在数据库中得到ACL定义的列表,其中出现是正确的,但当试图读回权限
时我首先在我的应用程序中包含'acl'模块,打开到数据库的连接,并定义我的角色/访问权限。
// https://www.npmjs.com/package/acl
var acl = require('acl');
var ACL_PREFIX = 'acl_';
var _ACL = new acl(new acl.mongodbBackend(mongoose.connection.db, ACL_PREFIX));
// Some Sample ACL Definitions
var default_acl = [
{
role: 'technician',
resources: ['workorders'],
permissions: ['view']
},
{
role: 'sales',
resources: ['workorders'],
permissions: ['add', 'edit', 'view', 'delete'],
},
{
role: 'superadmin',
resources: ['workorders'],
permissions: ['*']
}
];
我现在通过遍历不同的ACL项来添加它们。(我也试过一次添加它们)
// Iterate Over each ACL Entry, I've also tried adding them all at once, eg: _ACL.allow(default_acl)
async.forEachSeries(default_acl, function (aclEntry, nextEntry) {
console.log("Giving the '%s' role access to %s [%s]",
aclEntry.role, aclEntry.resources.join(', '), aclEntry.permissions.join(', ')
);
// Next Entry is the Callback to next item in the default_acl list.
_ACL.allow(aclEntry.role, aclEntry.resources, aclEntry.permissions, nextEntry)
}, function (doneDefiningACL) {
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
// Check Each role with 'allowedPermissions'
_ACL.allowedPermissions(currentRole, 'workorders', function (err, permissions) {
if(err) {
console.log("ERROR: %s", err);
}
console.log("n-> Current Role: %s n-> Permissions: %sn",
currentRole, util.inspect(permissions)
);
async.forEachSeries(['add', 'edit', 'view', 'delete'], function (action, nextAction) {
// Check Each Role with '.isAllowed'
_ACL.isAllowed(currentRole, 'workorders', action, function (err, canAccess) {
console.log("--> %s can '%s' workorders: %s", currentRole, action, util.inspect(canAccess));
nextAction();
});
}, function (doneCheckingAllActions) {
nextRole();
});
});
}, function (doneAllRoles) {
console.log("nnDone Generating ACL");
});
});
运行时会产生以下输出:
Giving the 'technician' role access to workorders [view]
Giving the 'sales' role access to workorders [add, edit, view, delete]
Giving the 'superadmin' role access to workorders [*]
-> Current Role: technician
-> Permissions: { workorders: [] }
--> technician can 'add' workorders: false
--> technician can 'edit' workorders: false
--> technician can 'view' workorders: false
--> technician can 'delete' workorders: false
-> Current Role: sales
-> Permissions: { workorders: [] }
--> sales can 'add' workorders: false
--> sales can 'edit' workorders: false
--> sales can 'view' workorders: false
--> sales can 'delete' workorders: false
-> Current Role: superadmin
-> Permissions: { workorders: [] }
--> superadmin can 'add' workorders: false
--> superadmin can 'edit' workorders: false
--> superadmin can 'view' workorders: false
--> superadmin can 'delete' workorders: false
Done Generating ACL
如果我去看看MongoDB数据库,我可以看到我有3个已经生成的集合:
// acl_meta collection:
> db.acl_meta.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e2"), "key" : "roles", "technician" : true, "sales" : true, "superadmin" : true }
// acl_resources collection:
> db.acl_resources.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e4"), "key" : "technician", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e6"), "key" : "sales", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e8"), "key" : "superadmin", "workorders" : true }
// acl_allows_workorders collection:
> db.acl_allows_workorders.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e3"), "key" : "technician", "view" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e5"), "key" : "sales", "add" : true, "edit" : true, "view" : true, "delete" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e7"), "key" : "superadmin", "*" : true }
这些似乎已经正确构建,但是无论检查什么角色或操作,权限仍然返回false。
. whatresources()函数似乎返回了给定角色可以正确访问的资源,但是为什么. isallowed()和. allowedpermissions()函数不起作用仍然是一个谜。
例如: console.log("nnChecking What Resources Each Role Has Access To...");
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
_ACL.whatResources(currentRole, function (err, resources) {
if(err) {
console.log("ERROR: %s", err);
} else {
console.log("n-> %s's Have Access to The Following Resources: n%s", currentRole, util.inspect(resources) );
nextRole();
}
});
}, function (doneCheckingWhatPermissionsEachRoleHas) {
console.log("nnDone Testing ACL");
});
将打印以下输出:
Checking What Resources Each Role Has Access To...
-> technician's Have Access to The Following Resources:
{ workorders: [ 'view' ] }
-> sales's Have Access to The Following Resources:
{ workorders: [ 'add', 'edit', 'view', 'delete' ] }
-> superadmin's Have Access to The Following Resources:
{ workorders: [ '*' ] }
Done Testing ACL
我想得到这个工作使用'isAllowed'和'allowedPermissions',因为改变这到使用'whatResources'将需要重构所有的ACL策略配置从原来的'memoryBackend'实现在MeanJS。
有什么建议吗?
在你的代码中,我没有看到你使用函数addUserRoles(userId, roleId, function(err))。可能是cause返回false。我也一样,你可以在这里阅读