0
我目前正試圖在Mean.JS(v0.4.2)應用程序中實現節點ACL模塊:https://www.npmjs.com/package/acl。Mongodb後端節點ACL總是返回假
默認情況下,Mean.JS使用'memoryBackend',它可以在大多數情況下正常工作,但是我希望從瀏覽器中動態設置用戶角色/權限。
我得到的數據庫中的ACL定義的列表,其中出現是正確的,但如果想要回讀權限
我第一次包括在我的應用程序中的「ACL」模塊,打開連接時到數據庫,並定義我的角色/訪問權限。
// https://www.npmjs.com/package/acl
var acl = require('acl');
var ACL_PREFIX = 'acl_';
var _ACL = new acl(new acl.mongodbBackend(mongoose.connection.db, ACL_PREFIX));
// Some Sample ACL Definitions
var default_acl = [
{
role: 'technician',
resources: ['workorders'],
permissions: ['view']
},
{
role: 'sales',
resources: ['workorders'],
permissions: ['add', 'edit', 'view', 'delete'],
},
{
role: 'superadmin',
resources: ['workorders'],
permissions: ['*']
}
];
我現在通過遍歷不同的ACL項目來添加它們。 (我也嘗試添加一次全部)
// Iterate Over each ACL Entry, I've also tried adding them all at once, eg: _ACL.allow(default_acl)
async.forEachSeries(default_acl, function (aclEntry, nextEntry) {
console.log("Giving the '%s' role access to %s [%s]",
aclEntry.role, aclEntry.resources.join(', '), aclEntry.permissions.join(', ')
);
// Next Entry is the Callback to next item in the default_acl list.
_ACL.allow(aclEntry.role, aclEntry.resources, aclEntry.permissions, nextEntry)
}, function (doneDefiningACL) {
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
// Check Each role with 'allowedPermissions'
_ACL.allowedPermissions(currentRole, 'workorders', function (err, permissions) {
if(err) {
console.log("ERROR: %s", err);
}
console.log("\n-> Current Role: %s \n-> Permissions: %s\n",
currentRole, util.inspect(permissions)
);
async.forEachSeries(['add', 'edit', 'view', 'delete'], function (action, nextAction) {
// Check Each Role with '.isAllowed'
_ACL.isAllowed(currentRole, 'workorders', action, function (err, canAccess) {
console.log("--> %s can '%s' workorders: %s", currentRole, action, util.inspect(canAccess));
nextAction();
});
}, function (doneCheckingAllActions) {
nextRole();
});
});
}, function (doneAllRoles) {
console.log("\n\nDone Generating ACL");
});
});
運行時,這將產生以下的輸出:
Giving the 'technician' role access to workorders [view]
Giving the 'sales' role access to workorders [add, edit, view, delete]
Giving the 'superadmin' role access to workorders [*]
-> Current Role: technician
-> Permissions: { workorders: [] }
--> technician can 'add' workorders: false
--> technician can 'edit' workorders: false
--> technician can 'view' workorders: false
--> technician can 'delete' workorders: false
-> Current Role: sales
-> Permissions: { workorders: [] }
--> sales can 'add' workorders: false
--> sales can 'edit' workorders: false
--> sales can 'view' workorders: false
--> sales can 'delete' workorders: false
-> Current Role: superadmin
-> Permissions: { workorders: [] }
--> superadmin can 'add' workorders: false
--> superadmin can 'edit' workorders: false
--> superadmin can 'view' workorders: false
--> superadmin can 'delete' workorders: false
Done Generating ACL
如果我去看看MongoDB的數據庫,我可以看到我有已生成的3個集:
// acl_meta collection:
> db.acl_meta.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e2"), "key" : "roles", "technician" : true, "sales" : true, "superadmin" : true }
// acl_resources collection:
> db.acl_resources.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e4"), "key" : "technician", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e6"), "key" : "sales", "workorders" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e8"), "key" : "superadmin", "workorders" : true }
// acl_allows_workorders collection:
> db.acl_allows_workorders.find();
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e3"), "key" : "technician", "view" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e5"), "key" : "sales", "add" : true, "edit" : true, "view" : true, "delete" : true }
{ "_id" : ObjectId("57bdc84df251c5ae69d7c4e7"), "key" : "superadmin", "*" : true }
這些似乎已經正確構建,但權限仍返回false不管正在檢查什麼樣的角色,或動作。
UPDATE 的.whatResources()函數似乎返回哪些資源給定角色能夠訪問正確的,但爲什麼.isAllowed()和.allowedPermisions()函數不工作仍是一個謎。
例如:
console.log("\n\nChecking What Resources Each Role Has Access To...");
async.forEachSeries(['technician', 'sales', 'superadmin'], function (currentRole, nextRole) {
_ACL.whatResources(currentRole, function (err, resources) {
if(err) {
console.log("ERROR: %s", err);
} else {
console.log("\n-> %s's Have Access to The Following Resources: \n%s", currentRole, util.inspect(resources));
nextRole();
}
});
}, function (doneCheckingWhatPermissionsEachRoleHas) {
console.log("\n\nDone Testing ACL");
});
將打印輸出如下:
Checking What Resources Each Role Has Access To...
-> technician's Have Access to The Following Resources:
{ workorders: [ 'view' ] }
-> sales's Have Access to The Following Resources:
{ workorders: [ 'add', 'edit', 'view', 'delete' ] }
-> superadmin's Have Access to The Following Resources:
{ workorders: [ '*' ] }
Done Testing ACL
我希望得到這個工作,使用 'isAllowed' 和 'allowedPermissions',以改變這種過度到使用'whatResources'將需要重構來自MeanJS原始'memoryBackend'實現的所有ACL策略配置。
有什麼建議嗎?