RSAdmin
RSAdmin

Reputation: 589

Sailsjs policies not taking effect

I'm having trouble with policies/routes in Sails 0.9.16. Whatever I do, the /user path remains unprotected. Clearly I am doing something incorrectly.

I have the following routes:

'/': {
    view: 'home/index'
},

'get /login': {
view: 'login'
},

'post /login': {
  controller: 'UserController',
  action: 'login'
},

And the following policies:

module.exports.policies = {
   '*'    : false,
   user   : {
   '*': 'isAuthenticated'
   },
   login  : {
   '*' :true 
   },
}

From the routes and policies you can see that I want to have /login route unprotected, and the /user/* path protected. My isAuthenticated.js is the stock created with a new sails project.

The UserController correctly matches the password and sets req.session.authenticated = true.

I'm lost as to how to sort this out?

Upvotes: 0

Views: 821

Answers (2)

Neopallium
Neopallium

Reputation: 1458

As of Sails 0.11 policies can be applied to custom routes:

'/foo': {policy: 'myPolicy'}

Blueprint route with policy:

'/foo': [{policy: 'myPolicy'}, {blueprint: 'find', model: 'user'}]

View route with policy:

'/foo': [{policy: 'myPolicy'}, {view: 'foobar'}]

Upvotes: 0

bredikhin
bredikhin

Reputation: 9045

AFAIK, Sails' policies are being applied per controller/action, not per route. Also, check here for the proper structure. So, your config/policies.js should become something like:

module.exports.policies = {
  UserController: {
    '*': 'isAuthenticated',
    login: true
  }
}

Upvotes: 5

Related Questions