Я следую этой статье о реализации авторизации в моем приложении. Пользователь с ролью администратора может выполнять определенные операции, которые другие пользователи не могут.
Но это не работает. Контроллеры доступны для всех типов пользователей.
Вот код
заранее спасибо
модель пользователя имеет свойство, называемое ролью
@property({
type: 'string',
})
role?: string;
authorizer.ts
import {AuthorizationContext, AuthorizationDecision, AuthorizationMetadata} from '@loopback/authorization';
import {securityId, UserProfile} from '@loopback/security';
import _ from 'lodash';
// Instance level authorizer
// Can be also registered as an authorizer, depends on users' need.
export async function basicAuthorization(
authorizationCtx: AuthorizationContext,
metadata: AuthorizationMetadata,
): Promise<AuthorizationDecision> {
//console.log(authorizationCtx.principals[0])
//console.log(authorizationCtx.roles)
// No access if authorization details are missing
let currentUser: UserProfile;
if (authorizationCtx.principals.length > 0) {
const user = _.pick(authorizationCtx.principals[0], [
'id',
'name',
'role', // propety role
]);
//console.log(user)
currentUser = {[securityId]: user.id, name: user.name, roles: user.role};
console.log(currentUser)
} else {
return AuthorizationDecision.DENY;
}
if (!currentUser.roles) {
return AuthorizationDecision.DENY;
}
// Authorize everything that does not have a allowedRoles property
if (!metadata.allowedRoles) {
return AuthorizationDecision.ALLOW;
}
let roleIsAllowed = false;
const role = currentUser.roles
// for (const role of currentUser.roles) {
if (metadata.allowedRoles!.includes(role)) {
roleIsAllowed = true;
// }
}
if (!roleIsAllowed) {
return AuthorizationDecision.DENY;
}
// Admin and support accounts bypass id verification
if (
currentUser.roles.includes('admin') ||
currentUser.roles.includes('support')
) {
return AuthorizationDecision.ALLOW;
}
/**
* Allow access only to model owners, using route as source of truth
*
* eg. @post('/users/{userId}/orders', ...) returns `userId` as args[0]
*/
if (currentUser[securityId] === authorizationCtx.invocationContext.args[0]) {
return AuthorizationDecision.ALLOW;
}
return AuthorizationDecision.DENY;
}
application.ts
//Other imports
import {MyAuthorizationProvider} from './services/try';
import {AuthorizationComponent, AuthorizationDecision, AuthorizationOptions, AuthorizationTags} from '@loopback/authorization';
constructor(options: ApplicationConfig = {}) {
super(options);
// other code
let app = new Application()
const data: AuthorizationOptions = {
precedence: AuthorizationDecision.DENY,
defaultDecision: AuthorizationDecision.DENY,
};
const binding = app.component(AuthorizationComponent);
app.configure(binding.key).to(data);
app
.bind('authorizationProviders.my-authorizer-provider')
.toProvider(MyAuthorizationProvider)
.tag(AuthorizationTags.AUTHORIZER);
}
user.controller.ts
@get('/users/count', {
responses: {
'200': {
description: 'User model count',
content: {'application/json': {schema: CountSchema}},
},
},
})
@authenticate('jwt')
@authorize({allowedRoles: ['admin']})
async count(
@param.where(User) where?: Where<User>,
): Promise<Count> {
return this.userRepository.count(where);
}