SailsJS策略请求方法而不是路由
[英]SailsJS policy on request method rather than route
问题描述
Is there any way I can trigger a policy on a specific request method (eg DELETE ) rather than on specific routes? 
有什么方法可以触发特定请求方法(例如DELETE )而不是特定路由的策略吗?
I'd imagine something like this: 我想象这样的事情:
module.exports.policies = {
'DELETE *': 'isAdmin'
}
My goal here is to expose the blueprint api to admins only, so that I can keep it in production, as it's a very useful tool for allowing third party scripts to add extra functionality. 我的目标是仅向管理员公开蓝图api,以便我可以将其保留在生产中,因为它是一个非常有用的工具,允许第三方脚本添加额外的功能。
I'm on Sails 1.0 right now. 我现在正在使用Sails 1.0。
One way to do that might be to add the check for the request method to the actual admin policy, however that doesn't quite seem like the best solution to me. 一种方法可能是将请求方法的检查添加到实际的管理策略中,但这对我来说似乎不是最好的解决方案。
2 个解决方案
解决方案1
2 2018-04-04 21:27:08
You can override the blueprint for all models for a particular method. 您可以覆盖特定方法的所有模型的蓝图。 You can do this for DELETE by creating a file destroy.js in /api/blueprints/ and then adding your code for what you want to do when a DELETE comes through: 您可以通过在/ api / blueprints /中创建文件destroy.js然后在DELETE通过时添加您想要执行的操作的代码来为DELETE执行此操作:
module.exports = function(req,res, next) {
if(ACLService.hasPermission(req.user.acl, 'admin')) {
//Ok to allow delete here
} else {
return res.unauthorized();
}
};
This is how I've done it in the past, but looking at the docs for the just released SailsJS 1.0: 这就是我过去的做法,但是看看刚刚发布的SailsJS 1.0的文档:
https://sailsjs.com/documentation/reference/blueprint-api https://sailsjs.com/documentation/reference/blueprint-api
You may need to add this hook for overriding blueprints in 1.0 您可能需要添加此挂钩以覆盖1.0中的蓝图
https://www.npmjs.com/package/sails-hook-custom-blueprints https://www.npmjs.com/package/sails-hook-custom-blueprints
解决方案2
1 已采纳 2018-04-05 13:31:55
Here is one method that you can use, I am not claiming that it is the right way, but you can consider it: 这是您可以使用的一种方法,我并不是说它是正确的方法,但您可以考虑它:
You can write your own hook. 你可以写自己的钩子。 How to do this: https://sailsjs.com/documentation/concepts/extending-sails/hooks/project-hooks 怎么做: https : //sailsjs.com/documentation/concepts/extending-sails/hooks/project-hooks
Basically here is the solution with a hook: 基本上这里是带钩子的解决方案:
1 Create a hooks folder under your api folder. 1在api文件夹下创建一个hooks文件夹。
2 In the hooks folder create another folder - the name will be the name of your hook (say my-hook). 2在hooks文件夹中创建另一个文件夹 - 名称将是钩子的名称(比如my-hook)。
3 In api/hooks/my-hook create a file index.js and in it put the following code: 3在api / hooks / my-hook中创建一个文件index.js并在其中输入以下代码:
module.exports = function myHook(sails) {
return {
routes: {
before: {
'/*': function (req, res, next) {
if (req.method.toUpperCase() === 'DELETE') {
return sails.hooks.policies.middleware.isadmin(req, res, next); // note - your policy function name must be called here with all lowercase, otherwise it will not work.
}
return next();
}
}
}
};
};
Then in your isAdmin.js policy you can check if your user is an admin and if not: 然后在您的isAdmin.js政策中,您可以检查您的用户是否是管理员,如果不是:
return res.forbidden();
if it is admin: 如果是管理员:
return next();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.