Applying policies to a controller
==================================
config/policies.js
module.exports.policies = {
UserController: {
// By default, require requests to come from a logged-in user
// (runs the policy in api/policies/isLoggedIn.js)
'*': 'isLoggedIn',
// Only allow admin users to delete other users
// (runs the policy in api/policies/isAdmin.js)
'delete': 'isAdmin',
// Allow anyone to access the login action, even if they're not logged in.
'login': true
}
};
Applying policies to actions
----------------------------
module.exports.policies = {
'user/*': 'isLoggedIn',
'user/delete': 'isAdmin',
'user/login': true
}
Sample policy
-------------
// policies/isLoggedIn.js
module.exports = async function (req, res, proceed) {
// If `req.me` is set, then we know that this request originated
// from a logged-in user. So we can safely proceed to the next policy--
// or, if this is the last policy, the relevant action.
// > For more about where `req.me` comes from, check out this app's
// > custom hook (`api/hooks/custom/index.js`).
if (req.me) {
return proceed();
}
//--•
// Otherwise, this request did not come from a logged-in user.
return res.forbidden();
};Thursday, 1 August 2019
Sails JS Policies
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment