so you'd do something like:
var isAllowedTo = require('../api/policies/isAllowedTo');
module.exports = {
UserController: {
create: isAllowedTo('createUser')
}
}
Where your isAllowedTo policy is a closure function which returns another function:
module.exports = function isAllowedTo ( permissionName ) {
return function (req, res, next) {
// do the check in here, e.g.
if (!req.session.user) return res.forbidden();
Permission.count({
user: req.session.user.id,
type: permissionName
}).exec(function (err, numPermissions) {
if (err) return res.serverError(err);
if (numPermissions === 0) return res.forbidden();
return next();
});
}
}