Reputation: 589
I'm having trouble with policies/routes in Sails 0.9.16. Whatever I do, the /user path remains unprotected. Clearly I am doing something incorrectly.
I have the following routes:
'/': {
view: 'home/index'
},
'get /login': {
view: 'login'
},
'post /login': {
controller: 'UserController',
action: 'login'
},
And the following policies:
module.exports.policies = {
'*' : false,
user : {
'*': 'isAuthenticated'
},
login : {
'*' :true
},
}
From the routes and policies you can see that I want to have /login route unprotected, and the /user/* path protected. My isAuthenticated.js is the stock created with a new sails project.
The UserController correctly matches the password and sets req.session.authenticated = true.
I'm lost as to how to sort this out?
Upvotes: 0
Views: 821
Reputation: 1458
As of Sails 0.11 policies can be applied to custom routes:
'/foo': {policy: 'myPolicy'}
Blueprint route with policy:
'/foo': [{policy: 'myPolicy'}, {blueprint: 'find', model: 'user'}]
View route with policy:
'/foo': [{policy: 'myPolicy'}, {view: 'foobar'}]
Upvotes: 0
Reputation: 9045
AFAIK, Sails' policies are being applied per controller/action, not per route. Also, check here for the proper structure. So, your config/policies.js
should become something like:
module.exports.policies = {
UserController: {
'*': 'isAuthenticated',
login: true
}
}
Upvotes: 5