Sails.js - protect blueprint associations using policies

Question

In order to create a many-to-many association between models, I use the blueprints to access something like:

/api/item/1/tags/2

How can I protect this action using policies?

This action doesn't seem to fit any of the find/create/update/destroy policies.

score 5 · Accepted Answer · answered Dec 21 '14 at 07:37

5

There's no need for custom routing here; the blueprint you're referring to is called populate, so it can be protected in your config/policies.js with:

ItemController: {

  populate: 'somePolicy'

}

answered Dec 21 '14 at 07:37

sgress454

24,870
4
74
92

josebaseba · Answer 2 · 2014-12-21T10:44:07.900

1

check this:

module.exports.routes = {

  //Set blueprints
  'GET /findAllUsers': {model: 'user', blueprint: 'find'},
  'GET /user/findAll': {blueprint: 'find'}
  'GET /user/findAll': {blueprint: 'find', model: 'pet'}
  // Set policies in routes
  '/foo': {policy: 'myPolicy'}
  // Mix of blueprints and policies
  'GET /mix-of-both': [
     {policy: 'isLoggued'},
     {blueprint: 'find', model: 'tag'}
   ]
}

Check the official docs: http://sailsjs.org/#/documentation/concepts/Routes/RouteTargetSyntax.html

I hope it helps!

edited Dec 21 '14 at 10:44

answered Dec 16 '14 at 14:53

josebaseba

101
4

Note that policy configs should always come *before* controller configs. So your `/mix-of-both` config should have the order reversed, and your `/foo` config should have a controller or blueprint config chained to it. The idea is that the policy is run, and then if it passes, some other business logic is run. – sgress454 Dec 21 '14 at 07:38
Ups! You're right about the order, it's fixed now. Thanks :) – josebaseba Dec 21 '14 at 10:45

Sails.js - protect blueprint associations using policies

2 Answers2