-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathpolicies.js
More file actions
83 lines (69 loc) · 2.63 KB
/
Copy pathpolicies.js
File metadata and controls
83 lines (69 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/**
* Policy mappings (ACL)
*
* Policies are simply Express middleware functions which run **before** your controllers.
* You can apply one or more policies to a given controller, or protect just one of its actions.
*
* Any policy file (e.g. `authenticated.js`) can be dropped into the `/policies` folder,
* at which point it can be accessed below by its filename, minus the extension, (e.g. `authenticated`)
*
* For more information on policies, check out:
* http://sailsjs.org/#documentation
*/
module.exports.policies = {
// Default policy for all controllers and actions
// (`true` allows public access)
'*': true
/*
// Here's an example of adding some policies to a controller
RabbitController: {
// Apply the `false` policy as the default for all of RabbitController's actions
// (`false` prevents all access, which ensures that nothing bad happens to our rabbits)
'*': false,
// For the action `nurture`, apply the 'isRabbitMother' policy
// (this overrides `false` above)
nurture : 'isRabbitMother',
// Apply the `isNiceToAnimals` AND `hasRabbitFood` policies
// before letting any users feed our rabbits
feed : ['isNiceToAnimals', 'hasRabbitFood']
}
*/
};
/**
* Here's what the `isNiceToAnimals` policy from above might look like:
* (this file would be located at `policies/isNiceToAnimals.js`)
*
* We'll make some educated guesses about whether our system will
* consider this user someone who is nice to animals.
*
* Besides protecting rabbits (while a noble cause, no doubt),
* here are a few other example use cases for policies:
*
* + cookie-based authentication
* + role-based access control
* + limiting file uploads based on MB quotas
* + OAuth
* + BasicAuth
* + or any other kind of authentication scheme you can imagine
*
*/
/*
module.exports = function isNiceToAnimals (req, res, next) {
// `req.session` contains a set of data specific to the user making this request.
// It's kind of like our app's "memory" of the current user.
// If our user has a history of animal cruelty, not only will we
// prevent her from going even one step further (`return`),
// we'll go ahead and redirect her to PETA (`res.redirect`).
if ( req.session.user.hasHistoryOfAnimalCruelty ) {
return res.redirect('http://PETA.org');
}
// If the user has been seen frowning at puppies, we have to assume that
// they might end up being mean to them, so we'll
if ( req.session.user.frownsAtPuppies ) {
return res.redirect('http://www.dailypuppy.com/');
}
// Finally, if the user has a clean record, we'll call the `next()` function
// to let them through to the next policy or our controller
next();
};
*/