Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SailsJS Policy based route with a view

Tags:

sails.js

I'm trying to use the routes.js to define a route to '/account'.

I want whoever is trying to access that path to go through the UserController and the checkLogin action and if the security check passes, then the user should be rendered with the defined view which is home/account

Here is my code:

routes.js:

'/account': {
    controller: 'UserController',
    action: 'checkLogin',
    view: 'home/account'
  }

policies.js:

UserController: {
    '*': 'isAuthenticated',
    'login': true,
    'checkLogin': true
  }

It let's me view /account without going through the isAuthenticated policy check for some reason.

like image 839
Or Weinberger Avatar asked Jan 23 '14 08:01

Or Weinberger

3 Answers

There looks to be a little confusion here as to how policies, controllers and views work. As @bredikhin notes above, your controller will never be called because the route is being bound to a view. It's also important to note that policies cannot be bound to views, only to controllers. The correct setup should be something like:

In config/routes.js:

'/account': 'UserController.account'

In config/policies.js:

UserController: {
  '*': 'isAuthenticated' // will run on all UserController actions
  // or
  'account': 'isAuthenticated' // will run just on account action
}

In api/policies/isAuthenticated.js:

    module.exports = function(req, res, next) {

     // Your auth code here, returning next() if auth passes, otherwise
     // res.forbidden(), or throw error, or redirect, etc.

    }

In api/controllers/UserController.js:

module.exports = {

  account: function(req, res) {

     res.view('home/account');

  }
}
like image 179
sgress454 Avatar answered Nov 06 '22 23:11

sgress454

To put it short: either controller/action-style or view-style routing should be used within the same route in routes.js, not both simultaneously.

According to the router's source code, once there is a view property in a route object, binding stops, so basically Sails never knows to which controller your /account path should be routed, which means that your UserController-specific policy config never fires.

So, just remove the view property from the route, you can always specify the view path (if you want a non-standard one) with explicit rendering from within your action.

like image 31
bredikhin Avatar answered Nov 06 '22 23:11

bredikhin

For statics work with policies, you can set your route with controller and action:

'GET /login': 'AuthController.index',

And set view/layout in your controller:

index: function (req, res) {
    res.view('auth/login', { layout: 'path/layout' } );
},
like image 1
Liko Avatar answered Nov 06 '22 21:11

Liko
Sign in to Comment

Related questions

How use .less files in sails.js?
Sails.js + Passport.js getting current logged in user
Sails js using models outside web server
How can I wrap each API response into a standard reply object in SailsJS?
Sails.js API documentation
Is there a good MSSQL / SQL Server adapter for sails.js?
Is it possible to disable blueprint in sails
Waterline associations, change foreign key?
SailsJS - using sails.io.js with JWT
How should a node.js stack for a high demand application be setup?
MongoError: topology was destroyed sailsjs
sails.js + passport.js : managing sessions
Sails.JS File uploads using skipper, accessing original file name and dynamic upload path
"email" validation rule crash sails server - Mongo with Sails.js
Run sails.js on a specific IP address during development
How to deploy node.js application in AWS
Handling database environment configuration in Sails.js
sailsjs beforeCreate is not triggered
Sailsjs: Difference between `req.body` and `req.params.all()`
How do I use search sails.js models using REST without Shortcuts blueprint?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!