Sails-beforeCreate-Policy

beforeCreate.js

/**
 * beforeCreate
 *
 * @module      :: Policy
 * @description :: Simple policy to inject the user creating a record into the records values.
 *                 Assumes req.user && req.user.id to be set when a user is logged in.
 * @docs        :: http://sailsjs.org/#!documentation/policies
 *
 */

var actionUtil = require( 'sails/lib/hooks/blueprints/actionUtil' );

module.exports = function ( req, res, next ) {

  var blueprint = req.options.action;

  if ( blueprint === 'create' ) {
    var Model = actionUtil.parseModel( req );
    if ( req.user && req.user.id ) {
      sails.log.debug( 'Policy beforeCreate: Injecting req.user.id into "' + Model.identity + '" parameters.' );
      req.body[ Model.identity ].user = req.user.id;
    } else {
      // exception for creating new users, otherwise any creative act needs a logged in user
      if ( Model.identity !== 'user' ) return res.forbidden( "Create blueprint needs an authenticated user!" );
    }
  }

  next();

};

This policy injects the ID of the user creating a model records into that records data. This way it's a lot easier to define a user attribute on a model and make sure that only registered + logged in users can create new records of this model.

After installing this policy in api/policies/beforeCreate.js you need to set it up in config/policies.js to be used on the Controllers create action like this:

module.exports.policies = {
  // ...
  PostController : {
    create: 'beforeCreate'
  }
}

If you think this is interesting for your project, please also take a look at this Feature Request and see if that would help you apply this Policy.