我想通过环回获取有关我的用户的一些信息。
为此,我创建了一个与 "accessToken"
模型相关的 "user"
模型,直到现在在 /user
上的 POST,在 上的 POST/user/login
和 /user/logout
上的 POST 正在运行。
我添加了 /common/models/user.json
{
"name": "user",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "accessToken",
"foreignKey": "userId"
}
},
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "logout"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW",
"property": "findById"
}
],
"methods": {}
}
当我在 /user/{id}
上执行 GET 操作时,我得到了:
{
"error": {
"statusCode": 401,
"name": "Error",
"message": "Autorisation requise",
"code": "AUTHORIZATION_REQUIRED",
"stack": "Error: Autorisation requise\n at..."
}
}
我想我对acl/relation不是很了解
最佳答案
这可能是因为您只允许 $owner
到 findById
:
To qualify a $owner, the target model needs to have a belongsTo relation to the User model (or a model that extends User) and property matching the foreign key of the target model instance. The check for $owner is performed only for a remote method that has ‘:id’ on the path, for example, GET /api/users/:id.
- 确保您提供的
accessToken
是您要查找的用户
的id
的所有者。 - 如果您不确定,请尝试替换:
"principalId": "$owner"
和"principalId": "$authenticated"
,然后您就会知道这是否是您的问题。
关于node.js - Loopback $owner 不适用于 findById,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47429898/