Question

我试图执行此请求：

PUT /api/cars/564d8e792583afef310affe3/categories/rel/suv-idcat

如果我以管理员身份登录，则此工作正常，但如果我以其他角色身份登录，则会收到401响应。

我的汽车型号具有以下ACL：

...
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__create__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__updateById__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW",
  "property": "__destroyById__categories"
}
...

现在，如果我为特定角色添加相同的ACL规则：

{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__create__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__updateById__categories"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "StoreAdmin",
  "permission": "ALLOW",
  "property": "__destroyById__categories"
}
...

如果我点击以StoreAdmin用户身份登录的端点，则会收到401错误响应。

P.S。我已经看过这个：https://docs.strongloop.com/display/public/LB/Accessing+related+models，但没有＆＃34; hasAndBelongsTo＆＃34;关系

Answer 1

我会自己回答。事实证明，对于hasManyAndBelongsTo关系，方法名称与documentation关于hasMany关系中所述的方法名称不同。事实上，它甚至没有记录。

通过在调试模式下运行应用程序：DEBUG=loopback:security:*我发现真正的方法名称为__link__categories。

Strongloop - HasAndBelongsToMany总是返回401

1 个答案: