Sailsjs policies

Question

I am having trouble figuring out sails policies, I follow the tutorial but still can't make it work.

In my policies.js file:

module.exports.policies = {
  '*':true,
  UsersController:{
    '*':false,
    signIn: 'skipAuthenticated'
  }
}

And in my authenticated.js file:

module.exports = function skipAuthenticated(req, res, ok){
  console.log("testing");
  if (req.session.authenticated){
    console.log("testing");
    return ok();
  }
  else {
    return res.send("You are not permitted to perform this action.", 403);
  }
}

But the policy does not trigger. Any help would be really appreciated.

Sabbir · Answer 1 · 2014-09-21T23:55:52.437

3

Suppose you have ProductsController and LoginController.

In policies.js :

module.exports.policies = {


    '*': true,
    login: {
        '*': true
    },
    products: {
        '*': 'isAuth',
        feed: true
    }

}

In Above Example:

Actions inside "login" controller can be accessed by any one. However, in products controller any other actions except for "feed" need to pass the "isAuth" policy.

edited Sep 21 '14 at 23:55

answered Jan 18 '14 at 00:44

Sabbir

359
2
10

score 2 · Accepted Answer · answered Dec 23 '13 at 13:16

If you take a look at the section entitled How do I protect my controllers with policies? it describes that the policy name matches the name of the file in api/policies. So your problem is that the actual policy name is "authenticated" (you said authenticated.js) and the policy name you're trying to use in your ACL is "skipAuthenticated."

So you can either change the policy file name to skipAuthenticated.js or you can change your ACL to reflect the actual policy name.

http://sailsjs.org/#!documentation/policies

You can apply one or more policies to a given controller or action. Any file in your /policies folder (e.g. authenticated.js) is referable in your ACL (config/policies.js) by its filename minus the extension, (e.g. 'authenticated').

https://sailsjs.com/documentation/concepts/policies @QueueHammer OP you might want to update the link — TheLebDev, Jul 31 '19 at 12:36

score 1 · Answer 3 · answered Jan 18 '14 at 00:48

1

Check out my completed gist. It should work with Sails 0.98 using passportjs and mysql https://gist.github.com/anhnt/8297229

answered Jan 18 '14 at 00:48

anhnt

729
1
10
18

score 0 · Answer 4 · answered Oct 08 '13 at 10:03

0

i'm guessing the filename is wrong try renaming authenticated.js to skipAuthenticated.js if that doesn't help remove the camelcase name... i had some issues with camelcase but can't remember if it was with policies

answered Oct 08 '13 at 10:03

snyx

1,104
8
8

Its definitely possible – Carson Wright Oct 08 '13 at 16:48

Sailsjs policies

4 Answers4