Ronen Teva
Reputation: 1427
Sails.js - protect blueprint associations using policies
In order to create a many-to-many association between models, I use the blueprints to access something like:
/api/item/1/tags/2
How can I protect this action using policies?
This action doesn't seem to fit any of the find/create/update/destroy policies.
Upvotes: 0
Views: 1023
Answers (2)
josebaseba
Reputation: 101
check this:
module.exports.routes = {
//Set blueprints
'GET /findAllUsers': {model: 'user', blueprint: 'find'},
'GET /user/findAll': {blueprint: 'find'}
'GET /user/findAll': {blueprint: 'find', model: 'pet'}
// Set policies in routes
'/foo': {policy: 'myPolicy'}
// Mix of blueprints and policies
'GET /mix-of-both': [
{policy: 'isLoggued'},
{blueprint: 'find', model: 'tag'}
]
}
Check the official docs: http://sailsjs.org/#/documentation/concepts/Routes/RouteTargetSyntax.html
I hope it helps!
Upvotes: 1
sgress454
Reputation: 24948
There's no need for custom routing here; the blueprint you're referring to is called populate, so it can be protected in your config/policies.js with:
ItemController: {
populate: 'somePolicy'
}
Upvotes: 5
Related Questions
- How to extend the functionality of blueprints in Sails.js without overriding the whole blueprint?
- How can I filter Sails.js blueprint queries using a policy?
- SailsJS association
- Sails policies - search through associations
- Populated association fields on find route with blueprint option ON
- How to secure blueprint access in Sails.js
- SailsJS - Blueprint associations "add to"
- sails.js data access restriction per model
- Sails.JS association validation
- Sails: How to only authorize creation of a blueprint model