在 RavenDB 中使用 IsOperationAllowedOnDocument 返回 InvalidSystemOperation 异常
我是 RavenDB 新手,需要文档级别授权方面的帮助。当我使用 Advanced.IsOperationAllowedOnDocument 时,我收到以下异常:
TestRavenDB.TestSuite.CanAssignRoleToUser: 系统.InvalidOperationException:
无法弄清楚该怎么做
您的请求与 Raven 知道要做的任何事情都不匹配,抱歉...
----> System.Net.WebException:远程服务器返回错误:(400) 错误请求。
我的代码是:
string operation = "Workflow/ApproveVacation";
string geddyUser = "Authorization/Users/glee";
var workflow = WorkflowMother.SpawnWorkflow();
var docStore = GetDocStore();
TruncateWorkflowDocuments(docStore);
using(var s = docStore.OpenSession())
{
s.Store(new AuthorizationUser()
{
Name = "Geddy Lee",
Id = geddyUser,
Roles = { "Authorization/Roles/BandLeader" }
});
s.Store(workflow);
s.SetAuthorizationFor(workflow, new DocumentAuthorization
{
Permissions =
{
new DocumentPermission
{
Allow = true,
Operation = operation,
Role = "Authorization/Roles/BandLeader"
}
}
});
s.SaveChanges();
}
using(var s = docStore.OpenSession())
{
var operationResults = s.Advanced.IsOperationAllowedOnDocument(geddyUser, operation, workflow.Id);
Assert.IsTrue(operationResults.IsAllowed);
}
似乎正在使用“Workflow/ApproveVacation”作为 HTTP 命令(如 POST 或 GET)发出 http 请求。我是否误解了 IsOperationAllowedOnDocument 的使用?
编辑
我查看了文档的元数据,并添加了权限:
"Permissions": [
{
"Operation": "Workflow/ApproveVacation",
"User": null,
"Role": "Authorization/Roles/BandLeader",
"Allow": true,
"Priority": 0
}
编辑 2
查看代码,我发现了 DocumentSession 类上的 GetAuthorizationFor 方法。它返回一个 DocumentPermission 对象,其中包含文档的权限,其中包括有关操作的信息。我想我可以使用这个,但我仍然对 IsOperationAllowedOnDocument 方法的目的感到困惑。
编辑3
使用curl,我尝试向我的Raven 服务器发出不同的请求。使用此行会产生 400 错误:
curl http://bho-vm36:8080/authorization/IsAllowed/Authorization/Users/glee?operation=Workflow/ApproveVacation&id=workflows/15361 -v
没有“端点”来处理此请求。在不逐句查看源代码的情况下,我假设这就是代码为我创建的请求。
I am new to RavenDB and need assistance with authorization at the document level. I receive the following exception when I use the Advanced.IsOperationAllowedOnDocument:
TestRavenDB.TestSuite.CanAssignRoleToUser:
System.InvalidOperationException :
Could not figure out what to do
Your request didn't match anything that Raven knows to do, sorry...
----> System.Net.WebException : The remote server returned an error: (400) Bad Request.
My code is:
string operation = "Workflow/ApproveVacation";
string geddyUser = "Authorization/Users/glee";
var workflow = WorkflowMother.SpawnWorkflow();
var docStore = GetDocStore();
TruncateWorkflowDocuments(docStore);
using(var s = docStore.OpenSession())
{
s.Store(new AuthorizationUser()
{
Name = "Geddy Lee",
Id = geddyUser,
Roles = { "Authorization/Roles/BandLeader" }
});
s.Store(workflow);
s.SetAuthorizationFor(workflow, new DocumentAuthorization
{
Permissions =
{
new DocumentPermission
{
Allow = true,
Operation = operation,
Role = "Authorization/Roles/BandLeader"
}
}
});
s.SaveChanges();
}
using(var s = docStore.OpenSession())
{
var operationResults = s.Advanced.IsOperationAllowedOnDocument(geddyUser, operation, workflow.Id);
Assert.IsTrue(operationResults.IsAllowed);
}
It seems that an http request is being made using the "Workflow/ApproveVacation" as an http command like POST or GET. Am I misinterpreting the using of IsOperationAllowedOnDocument?
Edit
I looked at the metadata for the document and the permission have been added:
"Permissions": [
{
"Operation": "Workflow/ApproveVacation",
"User": null,
"Role": "Authorization/Roles/BandLeader",
"Allow": true,
"Priority": 0
}
Edit 2
Looking at the code I discovered the method GetAuthorizationFor method on the DocumentSession class. It returns a DocumentPermission object that contains the permissions for the document which includes info on the operation. I guess I can use this but I am still confused by the purpose of the IsOperationAllowedOnDocument method.
Edit 3
Using curl I experimented fired off different requests to my Raven server. Using this line yielded the 400 error:
curl http://bho-vm36:8080/authorization/IsAllowed/Authorization/Users/glee?operation=Workflow/ApproveVacation&id=workflows/15361 -v
There is no "endpoint" to process this request. Without stepping through the source I am assuming that this is what the code is creating for me as the request.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Ayende 让我沿着正确的轨道思考。服务器上未安装授权包,因此错误消息指出“授权”未知(400 错误请求)。搞乱curl并向Raven服务器发送http请求可以帮助我找到方向。服务器控制台应用程序返回的消息是我开始“手动”创建请求的地方。
解决步骤:
编辑Raven.Server.exe.config并添加密钥
在 Server 目录中创建名为 Plugins 的文件夹
将Raven.Bundles.Authorization.dll复制到插件
有关授权的文档位于此处。
Ayende got me thinking along the right track. The Authorization bundle was not installed on the server, hence the error message stating that "authorization" was unknown (400 Bad Request). Messing with curl and sending http requests to the Raven server help me get oriented. The messages returned by the server console app was where I started for creating the requests "by hand".
Steps for solution:
Edit the Raven.Server.exe.config and add the key
<add key="Raven/Plugins" value="~\Plugins"/>Create folder named Plugins in Server directory
Copy Raven.Bundles.Authorization.dll to plugins
Doc regarding Authorization is here.