问题
I'm reading Access control concepts of Loopback (https://docs.strongloop.com/display/public/LB/Authentication%2C+authorization%2C+and+permissions) and I don't understand how happened that Principal
is not a model, but Role
, RoleMapping
, ACL
are models with a full set of REST API methods and are listed in model-config.json
? When I tried to include Principal
in model-config.json
along with Role
, RoleMapping
and ACL
I got error:
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false
},
"Role": {
"dataSource": "db",
"public": false
},
"Principal": {
"dataSource": "db",
"public": true
},
Error:
throw new Error('Model not found: ' + modelName);
^
Error: Model not found: Principal
Where is logic here? Principal
is in one line with others but isn't a model. Why?
回答1:
Let's first make it clear, what a principal is?
As per the documentation, Principal is an entity that can be identified or authenticated. It represents identities of a request to protected resources. For example: an user
instance can be authenticated to execute a create
request. Therefore, that user
instance can be a principal.
If we can use user
, application
or role
in place of principal, it doesn't make sense to make another model in core loopback.
But if you see Class Principal as per the documentation,
This class represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id. This class have three attributes: type, id and name. This type
field specifies which model is being used for principal. principal
class instance can be created in many ways. For example, for role
model instance as in
role.principals.create({
principalType: app.models.RoleMapping.USER,
principalId: admin.id
}, function(err, principal) {
if (err) {
throw err;
} else {
next();
}
});
Here, we created new principal
instance for a role
instance. Now this principal can be used to authenticate a request. Also, notice principalType
is used to define which model is being used to create a principal.
Note:
I hope, now, it make sense that principal
uses other model instances that can be uniquely identified and thus, can be used to authenticate requests to protected resources like a create
rest endpoint.
Now the error you received is because there is no model defined as Principal
. And while bootstrapping the app, it didn't found the Principal
model in either Loopback core models or generated model for our app so it threw the error
throw new Error('Model not found: ' + modelName);
^
Error: Model not found: Principal
来源:https://stackoverflow.com/questions/33541933/why-principal-is-not-a-model-but-role-rolemapping-acl-are-suddenly-models