I am keeping this as a reference to https://github.com/balderdashy/sails/issues/352
Working with SailsJS v0.10-rc5: I am trying to keep the magic of blueprint controllers while at the same time protecting some model attributes from being changed by users on the default routes.
I.e.: prevent access to the
is_admin attribute on regular CRUD routes and implement a
promote action or something similar on the UserController which makes the neccessary checks.
In order to do this, I came up with the following policy in combination with a small addition to the model definitions:
// file: api/policies/protectedAttributes.js /**