-
Notifications
You must be signed in to change notification settings - Fork 1
Policies
tombert256 edited this page Jan 11, 2014
·
2 revisions
Policies the permissions-system in Frameworkey.
To define a custom policy, create a new JS file in policies
. For example, and isAuthenticated
policy might look something like:
module.exports = function (scope, callback){
if ((typeof scope !== "undefined" && scope !== null ? (_ref = scope.session) != null ? _ref.userId : void 0 : void 0) != null) {
db.User.find(scope.session.userId).success(function(user){
scope.user = user
callback(null, true);
})
} else {
callback(null, false);
}
}
While you are writing the word callback, If you use the yield keyword in conjunction with an NPM like Q
or yil
, you'll never have to actually define it.
scope
in this context is equivalent to the this
keyword in your controllers.
Once you have written your policy, you can attach it to a controller in config/policies.js
.
The file should look something like:
module.exports = {
'User': {
'*': ['auth'],
'find':['all']
}
}
If you would like your policy to be attached to all but specifically-defined actions, simply use '*'
as your action.