Created
March 15, 2013 14:30
-
-
Save kojilab/5170235 to your computer and use it in GitHub Desktop.
Sails's scaffold API is pretty sweet. However one may want to hide the User ID in the API. To do this, you can use a policy file to tie the model's user ID to the user ID in your session. Here's an example. Get Sails at https://github.com/balderdashy/sails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module.exports = function (req,res,ok) { | |
var requiresUserId = false; | |
// not all records may need the user ID so let's see what entity we're dealing with in the call | |
switch(req.params.entity) { | |
case 'project': | |
case 'task': | |
requiresUserId = true; | |
break; | |
} | |
if (requiresUserId) { | |
// check the session | |
if (!req.session.authenticated) { | |
return res.status(401).send('Not authorized'); | |
} | |
// just add user id to the request | |
req.query.userId = req.session.user.id; | |
} | |
return ok(); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment