-
Notifications
You must be signed in to change notification settings - Fork 1
Policies
tombert256 edited this page Jan 11, 2014
·
2 revisions
Policies the permissions-system in Frameworkey.
To define a custom policy, create a new JS file in policies. For example, and isAuthenticated policy might look something like:
module.exports = function (scope, callback){
if ((typeof scope !== "undefined" && scope !== null ? (_ref = scope.session) != null ? _ref.userId : void 0 : void 0) != null) {
db.User.find(scope.session.userId).success(function(user){
scope.user = user
callback(null, true);
})
} else {
callback(null, false);
}
}
While you are writing the word callback, If you use the yield keyword in conjunction with an NPM like Q or yil, you'll never have to actually define it.
The scope variable in this context is equivalent to the this keyword in your controllers.
Once you have written your policy, you can attach it to a controller in config/policies.js.
The file should look something like:
module.exports = {
'User': {
'*': ['auth'],
'find':['all']
}
}
If you would like your policy to be attached to all but specifically-defined actions, simply use '*' as your action.