Clever Geek Handbook

How to create route based security policy in Sails js?

I have a Sails js application for 3 user groups, site admin, private user and public user.

Now url template looks like below for Admin,

'get /admin/foo': 'fooController.viewAll',
'post /admin/foo': 'fooController.add',
'put /admin/foo/:fooID': 'fooController.edit',

Url template for authenticated user,

'get /businesses/foo': 'fooController.viewAll',
'post /businesses/foo': 'fooController.add',
'put /businesses/foo/:fooID': 'fooController.edit',

Url template for public user,

'get /public/foo': 'fooController.viewAll',

I want to have a url pattern based user authentication policy, if the url is like / admin, does it check that the user is an admin? else if / business checks if the user is our existing user or not.

+3


source to share


1 answer


The request object has a field named originalUrl

. You can access it in your policy and decide depending on the url. The policy will look like this. [I am assuming you know how to define the policy and add it to the configuration.]



module.exports = function(req, res, next) {
        var originalUrl = req.originalUrl;
        var tokenizedOriginalUrl = originalUrl.split('/');
        if(tokenizedOriginalUrl[0] == 'admin'){
            // do something
            next(null);
        }
        else if(tokenizedOriginalUrl[0] == 'business'){
            // do something
            next(null);
        }
        else if(tokenizedOriginalUrl[0] == 'public'){
            // do something
            next(null);
        }
        else{
            next("Access prohibited.");
        }
};
+2


source






More articles:


All Articles