you can specify either a string or a function on the right hand side in your config/policies.js file - see http://blog.thesparktree.com/post/77311774912/creating-a-sails-application-using-passport

closure-policy-example.md

so you'd do something like:

var isAllowedTo = require('../api/policies/isAllowedTo');
module.exports = {
  UserController: {
    create: isAllowedTo('createUser')
  }
}

Where your isAllowedTo policy is a closure function which returns another function:

module.exports = function isAllowedTo ( permissionName ) {
  return function (req, res, next) {
    // do the check in here, e.g.
    if (!req.session.user) return res.forbidden();
    Permission.count({
      user: req.session.user.id,
      type: permissionName
    }).exec(function (err, numPermissions) {
      if (err) return res.serverError(err);
      if (numPermissions === 0) return res.forbidden();
      return next();
    });
  }
}